stages/authenticator_webauthn: fix rp_id and origin generation

This commit is contained in:
Jens Langhammer 2021-02-23 23:39:00 +01:00
parent 55af786852
commit e8259791f0
2 changed files with 19 additions and 5 deletions

View file

@ -18,7 +18,7 @@ from authentik.flows.planner import PLAN_CONTEXT_PENDING_USER
from authentik.flows.stage import ChallengeStageView
from authentik.lib.templatetags.authentik_utils import avatar
from authentik.stages.authenticator_webauthn.models import WebAuthnDevice
from authentik.stages.authenticator_webauthn.utils import generate_challenge
from authentik.stages.authenticator_webauthn.utils import generate_challenge, get_origin, get_rp_id
RP_NAME = "authentik"
@ -52,8 +52,8 @@ class AuthenticatorWebAuthnChallengeResponse(ChallengeResponse):
none_attestation_permitted = True
webauthn_registration_response = WebAuthnRegistrationResponse(
self.request.get_host(),
self.request.build_absolute_uri("/"),
get_rp_id(self.request),
get_origin(self.request),
response,
challenge,
trusted_attestation_cert_required=trusted_attestation_cert_required,
@ -110,7 +110,7 @@ class AuthenticatorWebAuthnStageView(ChallengeStageView):
make_credential_options = WebAuthnMakeCredentialOptions(
challenge,
RP_NAME,
self.request.get_host(),
get_rp_id(self.request),
user.uid,
user.username,
user.name,
@ -154,7 +154,7 @@ class AuthenticatorWebAuthnStageView(ChallengeStageView):
public_key=webauthn_credential.public_key,
credential_id=webauthn_credential.credential_id,
sign_count=webauthn_credential.sign_count,
rp_id=self.request.get_host(),
rp_id=get_rp_id(self.request),
)
else:
return self.executor.stage_invalid(

View file

@ -1,6 +1,7 @@
"""webauthn utils"""
import base64
import os
from django.http import HttpRequest
CHALLENGE_DEFAULT_BYTE_LEN = 32
@ -21,3 +22,16 @@ def generate_challenge(challenge_len=CHALLENGE_DEFAULT_BYTE_LEN):
if not isinstance(challenge_base64, str):
challenge_base64 = challenge_base64.decode("utf-8")
return challenge_base64
def get_rp_id(request: HttpRequest) -> str:
"""Get hostname from http request, without port"""
host = request.get_host()
if ":" in host:
return host.split(":")[0]
return host
def get_origin(request: HttpRequest) -> str:
"""Return Origin by building an absolute URL and removing the
trailing slash"""
full_url = request.build_absolute_uri("/")
return full_url[:-1]