Skip to content

Commit

Permalink
Update webauthn to 2.1
Browse files Browse the repository at this point in the history
  • Loading branch information
Sasha Romijn committed Apr 8, 2024
1 parent fc36d75 commit 20b771e
Show file tree
Hide file tree
Showing 3 changed files with 14 additions and 13 deletions.
12 changes: 7 additions & 5 deletions irrd/webui/auth/endpoints_mfa.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,12 +12,14 @@
from starlette.responses import JSONResponse, RedirectResponse, Response
from starlette_wtf import StarletteForm, csrf_protect
from webauthn import base64url_to_bytes
from webauthn.helpers import (
parse_authentication_credential_json,
parse_registration_credential_json,
)
from webauthn.helpers.structs import (
AttestationConveyancePreference,
AuthenticationCredential,
AuthenticatorSelectionCriteria,
PublicKeyCredentialDescriptor,
RegistrationCredential,
UserVerificationRequirement,
)
from wtforms_bootstrap5 import RendererContext
Expand Down Expand Up @@ -178,7 +180,7 @@ async def webauthn_verify_authentication_response(
wn_origin, wn_rpid = get_webauthn_origin_rpid()
try:
expected_challenge = base64.b64decode(request.session[WN_CHALLENGE_SESSION_KEY])
credential = AuthenticationCredential.model_validate_json(await request.body())
credential = parse_authentication_credential_json(await request.json())
query = session_provider.session.query(AuthWebAuthn).filter_by(
user=request.auth.user, credential_id=credential.raw_id
)
Expand Down Expand Up @@ -226,7 +228,7 @@ async def webauthn_register(request: Request) -> Response:
rp_id=wn_rpid,
# An assigned random identifier;
# never anything user-identifying like an email address
user_id=str(request.auth.user.pk),
user_id=request.auth.user.pk.bytes,
# A user-visible hint of which account this credential belongs to
user_name=request.auth.user.email,
authenticator_selection=AuthenticatorSelectionCriteria(
Expand Down Expand Up @@ -256,7 +258,7 @@ async def webauthn_verify_registration_response(
try:
expected_challenge = base64.b64decode(request.session[WN_CHALLENGE_SESSION_KEY])
body = await request.json()
credential = RegistrationCredential.model_validate_json(body["registration_response"])
credential = parse_registration_credential_json(body["registration_response"])
verification = webauthn.verify_registration_response(
credential=credential,
expected_challenge=expected_challenge,
Expand Down
13 changes: 6 additions & 7 deletions poetry.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion pyproject.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,7 @@ python-multipart = "0.0.9"
imia = "0.5.3"
starlette-wtf = "0.4.3"
limits = "3.10.1"
webauthn = "1.11.1"
webauthn = "2.1.0"
pyotp = "2.9.0"
click = "8.1.7"
zxcvbn = "4.4.28"
Expand Down

0 comments on commit 20b771e

Please sign in to comment.