diff --git a/app/main/views/webauthn_credentials.py b/app/main/views/webauthn_credentials.py index d0f2eb8d6..3bf59149a 100644 --- a/app/main/views/webauthn_credentials.py +++ b/app/main/views/webauthn_credentials.py @@ -28,10 +28,7 @@ def webauthn_begin_register(): "name": current_user.email_address, "displayName": current_user.name, }, - credentials=[ - credential.to_credential_data() - for credential in current_user.webauthn_credentials - ], + credentials=current_user.webauthn_credentials_as_cbor, user_verification="discouraged", # don't ask for PIN authenticator_attachment="cross-platform", ) @@ -74,10 +71,7 @@ def webauthn_begin_authentication(): abort(403) authentication_data, state = current_app.webauthn_server.authenticate_begin( - credentials=[ - credential.to_credential_data() - for credential in user_to_login.webauthn_credentials - ], + credentials=user_to_login.webauthn_credentials_as_cbor, user_verification=None, # required, preferred, discouraged. sets whether to ask for PIN ) session["webauthn_authentication_state"] = state @@ -125,10 +119,7 @@ def _complete_webauthn_authentication(user): try: current_app.webauthn_server.authenticate_complete( state=state, - credentials=[ - credential.to_credential_data() - for credential in user.webauthn_credentials - ], + credentials=user.webauthn_credentials_as_cbor, credential_id=request_data['credentialId'], client_data=ClientData(request_data['clientDataJSON']), auth_data=AuthenticatorData(request_data['authenticatorData']), diff --git a/app/models/user.py b/app/models/user.py index 0a635cb93..5de35723d 100644 --- a/app/models/user.py +++ b/app/models/user.py @@ -353,6 +353,13 @@ class User(JSONModel, UserMixin): return [WebAuthnCredential(json) for json in user_api_client.get_webauthn_credentials_for_user(self.id)] + @property + def webauthn_credentials_as_cbor(self): + return [ + credential.to_credential_data() + for credential in self.webauthn_credentials + ] + def serialize(self): dct = { "id": self.id,