stages/authenticator_*: fix device.confirmed being set incorrectly

closes #2330

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2022-03-10 00:19:49 +01:00
parent c1e4d78672
commit 0dfecc6ae2
4 changed files with 7 additions and 4 deletions

View File

@ -61,7 +61,7 @@ class StaticDeviceViewSet(
): ):
"""Viewset for static authenticator devices""" """Viewset for static authenticator devices"""
queryset = StaticDevice.objects.all() queryset = StaticDevice.objects.filter(confirmed=True)
serializer_class = StaticDeviceSerializer serializer_class = StaticDeviceSerializer
permission_classes = [OwnerPermissions] permission_classes = [OwnerPermissions]
filter_backends = [OwnerFilter, DjangoFilterBackend, OrderingFilter, SearchFilter] filter_backends = [OwnerFilter, DjangoFilterBackend, OrderingFilter, SearchFilter]

View File

@ -55,7 +55,7 @@ class AuthenticatorStaticStageView(ChallengeStageView):
stage: AuthenticatorStaticStage = self.executor.current_stage stage: AuthenticatorStaticStage = self.executor.current_stage
if SESSION_STATIC_DEVICE not in self.request.session: if SESSION_STATIC_DEVICE not in self.request.session:
device = StaticDevice(user=user, confirmed=True, name="Static Token") device = StaticDevice(user=user, confirmed=False, name="Static Token")
tokens = [] tokens = []
for _ in range(0, stage.token_count): for _ in range(0, stage.token_count):
tokens.append(StaticToken(device=device, token=StaticToken.random_token())) tokens.append(StaticToken(device=device, token=StaticToken.random_token()))
@ -66,6 +66,7 @@ class AuthenticatorStaticStageView(ChallengeStageView):
def challenge_valid(self, response: ChallengeResponse) -> HttpResponse: def challenge_valid(self, response: ChallengeResponse) -> HttpResponse:
"""Verify OTP Token""" """Verify OTP Token"""
device: StaticDevice = self.request.session[SESSION_STATIC_DEVICE] device: StaticDevice = self.request.session[SESSION_STATIC_DEVICE]
device.confirmed = True
device.save() device.save()
for token in self.request.session[SESSION_STATIC_TOKENS]: for token in self.request.session[SESSION_STATIC_TOKENS]:
token.save() token.save()

View File

@ -54,7 +54,7 @@ class TOTPDeviceViewSet(
): ):
"""Viewset for totp authenticator devices""" """Viewset for totp authenticator devices"""
queryset = TOTPDevice.objects.all() queryset = TOTPDevice.objects.filter(confirmed=True)
serializer_class = TOTPDeviceSerializer serializer_class = TOTPDeviceSerializer
permission_classes = [OwnerPermissions] permission_classes = [OwnerPermissions]
filter_backends = [OwnerFilter, DjangoFilterBackend, OrderingFilter, SearchFilter] filter_backends = [OwnerFilter, DjangoFilterBackend, OrderingFilter, SearchFilter]

View File

@ -42,6 +42,7 @@ class AuthenticatorTOTPChallengeResponse(ChallengeResponse):
"""Validate totp code""" """Validate totp code"""
if self.device is not None: if self.device is not None:
if not self.device.verify_token(code): if not self.device.verify_token(code):
self.device.confirmed = False
raise ValidationError(_("Code does not match")) raise ValidationError(_("Code does not match"))
return code return code
@ -82,7 +83,7 @@ class AuthenticatorTOTPStageView(ChallengeStageView):
if SESSION_TOTP_DEVICE not in self.request.session: if SESSION_TOTP_DEVICE not in self.request.session:
device = TOTPDevice( device = TOTPDevice(
user=user, confirmed=True, digits=stage.digits, name="TOTP Authenticator" user=user, confirmed=False, digits=stage.digits, name="TOTP Authenticator"
) )
self.request.session[SESSION_TOTP_DEVICE] = device self.request.session[SESSION_TOTP_DEVICE] = device
@ -91,6 +92,7 @@ class AuthenticatorTOTPStageView(ChallengeStageView):
def challenge_valid(self, response: ChallengeResponse) -> HttpResponse: def challenge_valid(self, response: ChallengeResponse) -> HttpResponse:
"""TOTP Token is validated by challenge""" """TOTP Token is validated by challenge"""
device: TOTPDevice = self.request.session[SESSION_TOTP_DEVICE] device: TOTPDevice = self.request.session[SESSION_TOTP_DEVICE]
device.confirmed = True
device.save() device.save()
del self.request.session[SESSION_TOTP_DEVICE] del self.request.session[SESSION_TOTP_DEVICE]
return self.executor.stage_ok() return self.executor.stage_ok()