WIP: Passwordless

example/example/auth.py

@@ -28,3 +28,7 @@ def create_session(request,username):
 def logoutView(request):
     logout(request)
     return  render(request,"logout.html",{})
+
+def register(request):
+    if request.method == "GET":
+        return

example/example/templates/login.html

@@ -17,7 +17,6 @@
 
   <!-- Custom styles for this template-->
   <link href="{% static 'css/sb-admin.css'%}" rel="stylesheet">
-
 </head>
 
 <body class="bg-dark">
@@ -29,7 +28,6 @@
           {% if invalid %}
               <div class="alert alert-danger">Invalid Username or password</div>
           {% endif %}
-        <form action="{% url 'login' %}" method="post">
             {% csrf_token %}
           <div class="form-group">
             <div class="form-label-group">
@@ -37,14 +35,9 @@
               <label for="inputUsername">Username</label>
             </div>
           </div>
-          <div class="form-group">
-            <div class="form-label-group">
-              <input type="password" id="inputPassword"  name="password" class="form-control" placeholder="Password" required="required">
-              <label for="inputPassword">Password</label>
-            </div>
-          </div>
 
-          <button class="btn btn-primary btn-block" type="submit">Login</button>
+
+          <button class="btn btn-primary btn-block" type="button" onclick="authen()">Login</button>
         </form>
       </div>
     </div>
@@ -56,7 +49,7 @@
 
   <!-- Core plugin JavaScript-->
   <script src="{% static 'vendor/jquery-easing/jquery.easing.min.js'%}"></script>
-
+{% include 'FIDO2/login.html' %}
 </body>
 
 </html>

mfa/FIDO2.py

@@ -80,6 +80,7 @@ def start(request):
     """Start Registeration a new FIDO Token"""
     context = csrf(request)
     context.update(get_redirect_url())
+    context["mfa_invoke"] = True
     return render(request, "FIDO2/Add.html", context)
 
 
@@ -97,8 +98,8 @@ def auth(request):
 
 def authenticate_begin(request):
     server = getServer()
-    credentials = getUserCredentials(request.session.get("base_username", request.user.username))
+    #credentials = getUserCredentials(request.session.get("base_username", request.user.username))
-    auth_data, state = server.authenticate_begin(credentials)
+    auth_data, state = server.authenticate_begin()
     request.session['fido_state'] = state
     return HttpResponse(cbor.encode(auth_data), content_type = "application/octet-stream")
 
@@ -107,7 +108,7 @@ def authenticate_begin(request):
 def authenticate_complete(request):
     try:
         credentials = []
-        username = request.session.get("base_username", request.user.username)
+        username = request.session.get("base_username", request.POST.get("username",request.user.username))
         server = getServer()
         credentials = getUserCredentials(username)
         data = cbor.decode(request.body)

mfa/templates/FIDO2/fido2_auth.html

@@ -0,0 +1,71 @@
+{%  load static %}
+<script type="application/javascript" src="{% static 'mfa/js/cbor.js' %}"></script>
+<script type="application/javascript" src="{% static 'mfa/js/ua-parser.min.js' %}"></script>
+
+<script type="text/javascript">
+        function authen()
+        {
+                         fetch('{% url 'fido2_begin_auth' %}', {
+      method: 'GET',
+    }).then(function(response) {
+      if(response.ok) return response.arrayBuffer();
+      throw new Error('No credential available to authenticate!');
+    }).then(CBOR.decode).then(function(options) {
+        console.log(options)
+      return navigator.credentials.get(options);
+    }).then(function(assertion) {
+        res=CBOR.encode({
+          "credentialId": new Uint8Array(assertion.rawId),
+          "authenticatorData": new Uint8Array(assertion.response.authenticatorData),
+          "clientDataJSON": new Uint8Array(assertion.response.clientDataJSON),
+          "signature": new Uint8Array(assertion.response.signature)
+        });
+
+      return fetch('{% url 'fido2_complete_auth' %}', {
+
+        method: 'POST',
+        headers: {'Content-Type': 'application/cbor'},
+        body:res,
+
+      }).then(function (response) {if (response.ok) return res = response.json()}).then(function (res) {
+          if (res.status=="OK")
+          {
+              $("#msgdiv").addClass("alert alert-success").removeClass("alert-danger")
+             $("#msgdiv").html("Verified....please wait")
+          {%  if mode == "auth" %}
+          window.location.href=res.redirect;
+          {% elif mode == "recheck" %}
+              mfa_success_function();
+          {% endif %}
+          }
+          else {
+              $("#msgdiv").addClass("alert alert-danger").removeClass("alert-success")
+                $("#msgdiv").html("Verification Failed as " + res.message + ", <a href='javascript:void(0)' onclick='authen())'> try again</a> or <a href='javascript:void(0)' onclick='history.back()'> Go Back</a>")
+
+              {%  if mode == "auth" %}
+
+              {% elif mode == "recheck" %}
+
+                mfa_failed_function();
+              {% endif %}
+          }
+      })
+
+                 })
+
+        }
+    $(document).ready(function () {
+        if (location.protocol != 'https:') {
+            $("#main_paragraph").addClass("alert alert-danger")
+            $("#main_paragraph").html("FIDO2 must work under secure context")
+        } else {
+            {% if mfa_invoke %}
+            ua=new UAParser().getResult()
+            if (ua.browser.name == "Safari")
+                $("#res").html("<button class='btn btn-success' onclick='authen()'>Authenticate...</button>")
+            else
+                authen()
+            {% endif %}
+        }
+    });
+</script>

mfa/templates/FIDO2/login.html

@@ -0,0 +1 @@
+{% include 'FIDO2/fido2_auth.html' %}

mfa/templates/FIDO2/recheck.html

@@ -1,6 +1,4 @@
-{%  load static %}
+
-<script type="application/javascript" src="{% static 'mfa/js/cbor.js' %}"></script>
-<script type="application/javascript" src="{% static 'mfa/js/ua-parser.min.js' %}"></script>
 <div class="row">
 
 <div class="col-sm-10 col-sm-offset-1 col-xs-12 col-md-10 col-md-offset-1 col-lg-8 col-lg-offset-2">
@@ -47,71 +45,4 @@
 </div>
 </div>
 
-    <script type="text/javascript">
+{% include 'FIDO2/fido2_auth.html' %}
-        function authen()
-        {
-                         fetch('{% url 'fido2_begin_auth' %}', {
-      method: 'GET',
-    }).then(function(response) {
-      if(response.ok) return response.arrayBuffer();
-      throw new Error('No credential available to authenticate!');
-    }).then(CBOR.decode).then(function(options) {
-        console.log(options)
-      return navigator.credentials.get(options);
-    }).then(function(assertion) {
-        res=CBOR.encode({
-          "credentialId": new Uint8Array(assertion.rawId),
-          "authenticatorData": new Uint8Array(assertion.response.authenticatorData),
-          "clientDataJSON": new Uint8Array(assertion.response.clientDataJSON),
-          "signature": new Uint8Array(assertion.response.signature)
-        });
-
-      return fetch('{% url 'fido2_complete_auth' %}', {
-
-        method: 'POST',
-        headers: {'Content-Type': 'application/cbor'},
-        body:res,
-
-      }).then(function (response) {if (response.ok) return res = response.json()}).then(function (res) {
-          if (res.status=="OK")
-          {
-              $("#msgdiv").addClass("alert alert-success").removeClass("alert-danger")
-             $("#msgdiv").html("Verified....please wait")
-          {%  if mode == "auth" %}
-          window.location.href=res.redirect;
-          {% elif mode == "recheck" %}
-              mfa_success_function();
-          {% endif %}
-          }
-          else {
-              $("#msgdiv").addClass("alert alert-danger").removeClass("alert-success")
-                $("#msgdiv").html("Verification Failed as " + res.message + ", <a href='javascript:void(0)' onclick='authen())'> try again</a> or <a href='javascript:void(0)' onclick='history.back()'> Go Back</a>")
-
-              {%  if mode == "auth" %}
-
-              {% elif mode == "recheck" %}
-
-                mfa_failed_function();
-              {% endif %}
-          }
-      })
-
-                 })
-
-        }
-    $(document).ready(function () {
-        if (location.protocol != 'https:') {
-            $("#main_paragraph").addClass("alert alert-danger")
-            $("#main_paragraph").html("FIDO2 must work under secure context")
-        } else {
-            ua=new UAParser().getResult()
-            if (ua.browser.name == "Safari")
-                $("#res").html("<button class='btn btn-success' onclick='authen()'>Authenticate...</button>")
-            else
-                authen()
-        }
-    });
-
-
-
-    </script>

setup.py

@@ -4,7 +4,7 @@ from setuptools import find_packages, setup
 
 setup(
     name='django-mfa2',
-    version='2.2.0b1',
+    version='2.2.0b2    ',
     description='Allows user to add 2FA to their accounts',
     long_description=open("README.md").read(),
     long_description_content_type="text/markdown",