From 45645728c7d0888841ef8e47b34e82ed1adf26f2 Mon Sep 17 00:00:00 2001 From: Chris Hill-Scott Date: Mon, 7 Jun 2021 13:51:39 +0100 Subject: [PATCH 1/2] Refactor into model MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit It’s generally an antipattern for the view layer code to be calling the API client directly. --- app/main/views/webauthn_credentials.py | 4 +--- app/models/user.py | 5 +++++ 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/app/main/views/webauthn_credentials.py b/app/main/views/webauthn_credentials.py index d1b458da6..5f097c713 100644 --- a/app/main/views/webauthn_credentials.py +++ b/app/main/views/webauthn_credentials.py @@ -52,9 +52,7 @@ def webauthn_complete_register(): current_app.logger.info(f'User {current_user.id} could not register a new webauthn token - {e}') return cbor.encode(str(e)), 400 - user_api_client.create_webauthn_credential_for_user( - current_user.id, credential - ) + current_user.create_webauthn_credential(credential) flash(( 'Registration complete. Next time you sign in to Notify ' diff --git a/app/models/user.py b/app/models/user.py index 54fbb85d2..584938513 100644 --- a/app/models/user.py +++ b/app/models/user.py @@ -360,6 +360,11 @@ class User(JSONModel, UserMixin): for credential in self.webauthn_credentials ] + def create_webauthn_credential(self, credential): + user_api_client.create_webauthn_credential_for_user( + self.id, credential + ) + def serialize(self): dct = { "id": self.id, From f8f718dff8a5c74b0b69608fdc7ac8cc1971fe0d Mon Sep 17 00:00:00 2001 From: Chris Hill-Scott Date: Mon, 7 Jun 2021 13:53:33 +0100 Subject: [PATCH 2/2] Set user to sign in with newly-added key --- app/main/views/webauthn_credentials.py | 1 + tests/app/main/views/test_webauthn_credentials.py | 5 +++++ 2 files changed, 6 insertions(+) diff --git a/app/main/views/webauthn_credentials.py b/app/main/views/webauthn_credentials.py index 5f097c713..a0e9ddb53 100644 --- a/app/main/views/webauthn_credentials.py +++ b/app/main/views/webauthn_credentials.py @@ -53,6 +53,7 @@ def webauthn_complete_register(): return cbor.encode(str(e)), 400 current_user.create_webauthn_credential(credential) + current_user.update(auth_type='webauthn_auth') flash(( 'Registration complete. Next time you sign in to Notify ' diff --git a/tests/app/main/views/test_webauthn_credentials.py b/tests/app/main/views/test_webauthn_credentials.py index 011200eaa..19386097b 100644 --- a/tests/app/main/views/test_webauthn_credentials.py +++ b/tests/app/main/views/test_webauthn_credentials.py @@ -112,6 +112,7 @@ def test_begin_register_stores_state_in_session( def test_complete_register_creates_credential( platform_admin_user, platform_admin_client, + mock_update_user_attribute, mocker, ): with platform_admin_client.session_transaction() as session: @@ -134,6 +135,10 @@ def test_complete_register_creates_credential( assert response.status_code == 200 credential_mock.assert_called_once_with('state', 'public_key_credential') user_api_mock.assert_called_once_with(platform_admin_user['id'], 'cred') + mock_update_user_attribute.assert_called_once_with( + platform_admin_user['id'], + auth_type='webauthn_auth', + ) def test_complete_register_clears_session(