Skip to content

Commit

Permalink
Better Error Handling
Browse files Browse the repository at this point in the history
  • Loading branch information
@mkalioby
mkalioby committed Oct 18, 2019
1 parent 3ac3e10 commit 7800962
Show file tree
Hide file tree
Showing 4 changed files with 58 additions and 55 deletions.
104 changes: 55 additions & 49 deletions mfa/FIDO2.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@
from .models import *
from fido2.utils import websafe_decode,websafe_encode
from fido2.ctap2 import AttestedCredentialData
from .views import login
from .views import login,reset_cookie
import datetime
from django.utils import timezone

Expand Down Expand Up @@ -87,54 +87,60 @@ def authenticate_begin(request):

@csrf_exempt
def authenticate_complete(request):
credentials = []
username=request.session.get("base_username",request.user.username)
server=getServer()
credentials=getUserCredentials(username)
data = cbor.decode(request.body)
credential_id = data['credentialId']
client_data = ClientData(data['clientDataJSON'])
auth_data = AuthenticatorData(data['authenticatorData'])
signature = data['signature']
try:
cred = server.authenticate_complete(
request.session.pop('fido_state'),
credentials,
credential_id,
client_data,
auth_data,
signature
)
except ValueError:
return HttpResponse(simplejson.dumps({'status': "ERR", "message": "Wrong challenge received, make sure that this is your security and try again."}),
content_type = "application/json")
except Exception as excep:
credentials = []
username=request.session.get("base_username",request.user.username)
server=getServer()
credentials=getUserCredentials(username)
data = cbor.decode(request.body)
credential_id = data['credentialId']
client_data = ClientData(data['clientDataJSON'])
auth_data = AuthenticatorData(data['authenticatorData'])
signature = data['signature']
try:
from raven.contrib.django.raven_compat.models import client
client.captureException()
except:
pass
return HttpResponse(simplejson.dumps({'status': "ERR",
"message": "Err: " + excep.message}),
content_type = "application/json")
cred = server.authenticate_complete(
request.session.pop('fido_state'),
credentials,
credential_id,
client_data,
auth_data,
signature
)
except ValueError:
return HttpResponse(simplejson.dumps({'status': "ERR", "message": "Wrong challenge received, make sure that this is your security and try again."}),
content_type = "application/json")
except Exception as excep:
try:
from raven.contrib.django.raven_compat.models import client
client.captureException()
except:
pass
return HttpResponse(simplejson.dumps({'status': "ERR",
"message": excep.message}),
content_type = "application/json")

if request.session.get("mfa_recheck",False):
import time
request.session["mfa"]["rechecked_at"]=time.time()
return HttpResponse(simplejson.dumps({'status': "OK"}),
content_type="application/json")
else:
import random
keys = User_Keys.objects.filter(username=username, key_type="FIDO2", enabled=1)
for k in keys:
if AttestedCredentialData(websafe_decode(k.properties["device"])).credential_id == cred.credential_id:
k.last_used = timezone.now()
k.save()
mfa = {"verified": True, "method": "FIDO2",'id':k.id}
if getattr(settings, "MFA_RECHECK", False):
mfa["next_check"] = int((datetime.datetime.now()+ datetime.timedelta(
seconds=random.randint(settings.MFA_RECHECK_MIN, settings.MFA_RECHECK_MAX))).strftime("%s"))
request.session["mfa"] = mfa
res=login(request)
return HttpResponse(simplejson.dumps({'status':"OK","redirect":res["location"]}),content_type="application/json")
return HttpResponse(simplejson.dumps({'status': "ERR","message":"Unknown error happened"}),content_type="application/json")
if request.session.get("mfa_recheck",False):
import time
request.session["mfa"]["rechecked_at"]=time.time()
return HttpResponse(simplejson.dumps({'status': "OK"}),
content_type="application/json")
else:
import random
keys = User_Keys.objects.filter(username=username, key_type="FIDO2", enabled=1)
for k in keys:
if AttestedCredentialData(websafe_decode(k.properties["device"])).credential_id == cred.credential_id:
k.last_used = timezone.now()
k.save()
mfa = {"verified": True, "method": "FIDO2",'id':k.id}
if getattr(settings, "MFA_RECHECK", False):
mfa["next_check"] = int((datetime.datetime.now()+ datetime.timedelta(
seconds=random.randint(settings.MFA_RECHECK_MIN, settings.MFA_RECHECK_MAX))).strftime("%s"))
request.session["mfa"] = mfa
if not request.user.is_authenticated():
res=login(request)
if not "location" in res: return reset_cookie(request)
return HttpResponse(simplejson.dumps({'status':"OK","redirect":res["location"]}),content_type="application/json")
return HttpResponse(simplejson.dumps({'status': "OK"}),
content_type = "application/json")
except Exception as exp:
return HttpResponse(simplejson.dumps({'status': "ERR","message":exp.message}),content_type="application/json")
2 changes: 1 addition & 1 deletion mfa/templates/FIDO2/recheck.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -82,7 +82,7 @@
}
else {
$("#msgdiv").addClass("alert alert-danger").removeClass("alert-success")
$("#res").html("<div class='alert alert-danger'>Verification Failed as " + res["message"] + ", <a href='javascript:void(0)' onclick='authen())'> try again or <a href='javascript:void(0)' onclick='history.back()'> Go Back</a></div>")
$("#msgdiv").html("Verification Failed as " + res.message + ", <a href='javascript:void(0)' onclick='authen())'> try again</a> or <a href='javascript:void(0)' onclick='history.back()'> Go Back</a>")

{% if mode == "auth" %}

Expand Down
5 changes: 1 addition & 4 deletions mfa/urls.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,10 +27,7 @@
url(r'fido2/complete_auth', FIDO2.authenticate_complete, name="fido2_complete_auth"),
url(r'fido2/begin_reg', FIDO2.begin_registeration, name="fido2_begin_reg"),
url(r'fido2/complete_reg', FIDO2.complete_reg, name="fido2_complete_reg"),
url(r'u2f/bind', U2F.bind, name="bind_u2f"),
url(r'u2f/auth', U2F.auth, name="u2f_auth"),
url(r'u2f/process_recheck', U2F.process_recheck, name="u2f_recheck"),
url(r'u2f/verify', U2F.verify, name="u2f_verify"),
url(r'fido2/recheck', FIDO2.recheck, name="fido2_recheck"),


url(r'td/$', TrustedDevice.start, name="start_td"),
Expand Down
2 changes: 1 addition & 1 deletion setup.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@

setup(
name='django-mfa2',
version='1.7.5',
version='1.7.11',
description='Allows user to add 2FA to their accounts',
long_description=open("README.md").read(),
long_description_content_type="text/markdown",
Expand Down

0 comments on commit 7800962

Please sign in to comment.