stages/authenticator_*: fix device.confirmed being set incorrectly
closes #2330 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
parent
c1e4d78672
commit
0dfecc6ae2
|
@ -61,7 +61,7 @@ class StaticDeviceViewSet(
|
||||||
):
|
):
|
||||||
"""Viewset for static authenticator devices"""
|
"""Viewset for static authenticator devices"""
|
||||||
|
|
||||||
queryset = StaticDevice.objects.all()
|
queryset = StaticDevice.objects.filter(confirmed=True)
|
||||||
serializer_class = StaticDeviceSerializer
|
serializer_class = StaticDeviceSerializer
|
||||||
permission_classes = [OwnerPermissions]
|
permission_classes = [OwnerPermissions]
|
||||||
filter_backends = [OwnerFilter, DjangoFilterBackend, OrderingFilter, SearchFilter]
|
filter_backends = [OwnerFilter, DjangoFilterBackend, OrderingFilter, SearchFilter]
|
||||||
|
|
|
@ -55,7 +55,7 @@ class AuthenticatorStaticStageView(ChallengeStageView):
|
||||||
stage: AuthenticatorStaticStage = self.executor.current_stage
|
stage: AuthenticatorStaticStage = self.executor.current_stage
|
||||||
|
|
||||||
if SESSION_STATIC_DEVICE not in self.request.session:
|
if SESSION_STATIC_DEVICE not in self.request.session:
|
||||||
device = StaticDevice(user=user, confirmed=True, name="Static Token")
|
device = StaticDevice(user=user, confirmed=False, name="Static Token")
|
||||||
tokens = []
|
tokens = []
|
||||||
for _ in range(0, stage.token_count):
|
for _ in range(0, stage.token_count):
|
||||||
tokens.append(StaticToken(device=device, token=StaticToken.random_token()))
|
tokens.append(StaticToken(device=device, token=StaticToken.random_token()))
|
||||||
|
@ -66,6 +66,7 @@ class AuthenticatorStaticStageView(ChallengeStageView):
|
||||||
def challenge_valid(self, response: ChallengeResponse) -> HttpResponse:
|
def challenge_valid(self, response: ChallengeResponse) -> HttpResponse:
|
||||||
"""Verify OTP Token"""
|
"""Verify OTP Token"""
|
||||||
device: StaticDevice = self.request.session[SESSION_STATIC_DEVICE]
|
device: StaticDevice = self.request.session[SESSION_STATIC_DEVICE]
|
||||||
|
device.confirmed = True
|
||||||
device.save()
|
device.save()
|
||||||
for token in self.request.session[SESSION_STATIC_TOKENS]:
|
for token in self.request.session[SESSION_STATIC_TOKENS]:
|
||||||
token.save()
|
token.save()
|
||||||
|
|
|
@ -54,7 +54,7 @@ class TOTPDeviceViewSet(
|
||||||
):
|
):
|
||||||
"""Viewset for totp authenticator devices"""
|
"""Viewset for totp authenticator devices"""
|
||||||
|
|
||||||
queryset = TOTPDevice.objects.all()
|
queryset = TOTPDevice.objects.filter(confirmed=True)
|
||||||
serializer_class = TOTPDeviceSerializer
|
serializer_class = TOTPDeviceSerializer
|
||||||
permission_classes = [OwnerPermissions]
|
permission_classes = [OwnerPermissions]
|
||||||
filter_backends = [OwnerFilter, DjangoFilterBackend, OrderingFilter, SearchFilter]
|
filter_backends = [OwnerFilter, DjangoFilterBackend, OrderingFilter, SearchFilter]
|
||||||
|
|
|
@ -42,6 +42,7 @@ class AuthenticatorTOTPChallengeResponse(ChallengeResponse):
|
||||||
"""Validate totp code"""
|
"""Validate totp code"""
|
||||||
if self.device is not None:
|
if self.device is not None:
|
||||||
if not self.device.verify_token(code):
|
if not self.device.verify_token(code):
|
||||||
|
self.device.confirmed = False
|
||||||
raise ValidationError(_("Code does not match"))
|
raise ValidationError(_("Code does not match"))
|
||||||
return code
|
return code
|
||||||
|
|
||||||
|
@ -82,7 +83,7 @@ class AuthenticatorTOTPStageView(ChallengeStageView):
|
||||||
|
|
||||||
if SESSION_TOTP_DEVICE not in self.request.session:
|
if SESSION_TOTP_DEVICE not in self.request.session:
|
||||||
device = TOTPDevice(
|
device = TOTPDevice(
|
||||||
user=user, confirmed=True, digits=stage.digits, name="TOTP Authenticator"
|
user=user, confirmed=False, digits=stage.digits, name="TOTP Authenticator"
|
||||||
)
|
)
|
||||||
|
|
||||||
self.request.session[SESSION_TOTP_DEVICE] = device
|
self.request.session[SESSION_TOTP_DEVICE] = device
|
||||||
|
@ -91,6 +92,7 @@ class AuthenticatorTOTPStageView(ChallengeStageView):
|
||||||
def challenge_valid(self, response: ChallengeResponse) -> HttpResponse:
|
def challenge_valid(self, response: ChallengeResponse) -> HttpResponse:
|
||||||
"""TOTP Token is validated by challenge"""
|
"""TOTP Token is validated by challenge"""
|
||||||
device: TOTPDevice = self.request.session[SESSION_TOTP_DEVICE]
|
device: TOTPDevice = self.request.session[SESSION_TOTP_DEVICE]
|
||||||
|
device.confirmed = True
|
||||||
device.save()
|
device.save()
|
||||||
del self.request.session[SESSION_TOTP_DEVICE]
|
del self.request.session[SESSION_TOTP_DEVICE]
|
||||||
return self.executor.stage_ok()
|
return self.executor.stage_ok()
|
||||||
|
|
Reference in New Issue