stages/authenticator_webauthn: fix rp_id and origin generation
This commit is contained in:
parent
55af786852
commit
e8259791f0
|
@ -18,7 +18,7 @@ from authentik.flows.planner import PLAN_CONTEXT_PENDING_USER
|
|||
from authentik.flows.stage import ChallengeStageView
|
||||
from authentik.lib.templatetags.authentik_utils import avatar
|
||||
from authentik.stages.authenticator_webauthn.models import WebAuthnDevice
|
||||
from authentik.stages.authenticator_webauthn.utils import generate_challenge
|
||||
from authentik.stages.authenticator_webauthn.utils import generate_challenge, get_origin, get_rp_id
|
||||
|
||||
RP_NAME = "authentik"
|
||||
|
||||
|
@ -52,8 +52,8 @@ class AuthenticatorWebAuthnChallengeResponse(ChallengeResponse):
|
|||
none_attestation_permitted = True
|
||||
|
||||
webauthn_registration_response = WebAuthnRegistrationResponse(
|
||||
self.request.get_host(),
|
||||
self.request.build_absolute_uri("/"),
|
||||
get_rp_id(self.request),
|
||||
get_origin(self.request),
|
||||
response,
|
||||
challenge,
|
||||
trusted_attestation_cert_required=trusted_attestation_cert_required,
|
||||
|
@ -110,7 +110,7 @@ class AuthenticatorWebAuthnStageView(ChallengeStageView):
|
|||
make_credential_options = WebAuthnMakeCredentialOptions(
|
||||
challenge,
|
||||
RP_NAME,
|
||||
self.request.get_host(),
|
||||
get_rp_id(self.request),
|
||||
user.uid,
|
||||
user.username,
|
||||
user.name,
|
||||
|
@ -154,7 +154,7 @@ class AuthenticatorWebAuthnStageView(ChallengeStageView):
|
|||
public_key=webauthn_credential.public_key,
|
||||
credential_id=webauthn_credential.credential_id,
|
||||
sign_count=webauthn_credential.sign_count,
|
||||
rp_id=self.request.get_host(),
|
||||
rp_id=get_rp_id(self.request),
|
||||
)
|
||||
else:
|
||||
return self.executor.stage_invalid(
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
"""webauthn utils"""
|
||||
import base64
|
||||
import os
|
||||
from django.http import HttpRequest
|
||||
|
||||
CHALLENGE_DEFAULT_BYTE_LEN = 32
|
||||
|
||||
|
@ -21,3 +22,16 @@ def generate_challenge(challenge_len=CHALLENGE_DEFAULT_BYTE_LEN):
|
|||
if not isinstance(challenge_base64, str):
|
||||
challenge_base64 = challenge_base64.decode("utf-8")
|
||||
return challenge_base64
|
||||
|
||||
def get_rp_id(request: HttpRequest) -> str:
|
||||
"""Get hostname from http request, without port"""
|
||||
host = request.get_host()
|
||||
if ":" in host:
|
||||
return host.split(":")[0]
|
||||
return host
|
||||
|
||||
def get_origin(request: HttpRequest) -> str:
|
||||
"""Return Origin by building an absolute URL and removing the
|
||||
trailing slash"""
|
||||
full_url = request.build_absolute_uri("/")
|
||||
return full_url[:-1]
|
||||
|
|
Reference in a new issue