start re-writing validation for item matching

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
This commit is contained in:
Jens Langhammer 2023-12-14 21:16:59 +01:00
parent 7599d48a25
commit ac1e16675c
No known key found for this signature in database
2 changed files with 44 additions and 4 deletions

View File

@ -105,18 +105,58 @@ def get_webauthn_challenge(
)
def select_challenge(request: HttpRequest, device: Device):
def select_challenge(request: HttpRequest,stage_view: StageView, device: Device):
"""Callback when the user selected a challenge in the frontend."""
if isinstance(device, SMSDevice):
select_challenge_sms(request, device)
select_challenge_sms(request, stage_view, device)
if isinstance(device, MobileDevice):
select_challenge_mobile(request, stage_view, device)
def select_challenge_sms(request: HttpRequest, device: SMSDevice):
def select_challenge_sms(request: HttpRequest, stage_view: StageView, device: SMSDevice):
"""Send SMS"""
device.generate_token()
device.stage.send(device.token, device)
def select_challenge_mobile(request: HttpRequest, stage_view: StageView, device: MobileDevice):
"""Send mobile notification"""
# Get additional context for push
push_context = {
__("Domain"): stage_view.request.get_host(),
}
if SESSION_KEY_APPLICATION_PRE in stage_view.request.session:
push_context[__("Application")] = stage_view.request.session.get(
SESSION_KEY_APPLICATION_PRE, Application()
).name
try:
transaction = device.create_transaction()
transaction.send_message(stage_view.request, **push_context)
status = transaction.wait_for_response()
if status == TransactionStates.DENY:
LOGGER.debug("mobile push response", result=status)
login_failed.send(
sender=__name__,
credentials={"username": user.username},
request=stage_view.request,
stage=stage_view.executor.current_stage,
device_class=DeviceClasses.MOBILE.value,
mobile_response=status,
)
raise ValidationError("Mobile denied access", code="denied")
return device
except TimeoutError:
raise ValidationError("Mobile push notification timed out.")
except RuntimeError as exc:
Event.new(
EventAction.CONFIGURATION_ERROR,
message=f"Failed to Mobile authenticate user: {str(exc)}",
user=user,
).from_http(stage_view.request, user)
raise ValidationError("Mobile denied access", code="denied")
def validate_challenge_code(code: str, stage_view: StageView, user: User) -> Device:
"""Validate code-based challenges. We test against every device, on purpose, as
the user mustn't choose between totp and static devices."""

View File

@ -127,7 +127,7 @@ class AuthenticatorValidationChallengeResponse(ChallengeResponse):
devices = SMSDevice.objects.filter(pk=int(challenge.get("device_uid", "0")))
if not devices.exists():
raise ValidationError("invalid challenge selected")
select_challenge(self.stage.request, devices.first())
select_challenge(self.stage.request, self.stage, devices.first())
return challenge
def validate_selected_stage(self, stage_pk: str) -> str: