darkhelm/notifications-admin
1
0
Fork 0
mirror of https://github.com/GSA/notifications-admin.git synced 2026-05-05 16:38:59 -04:00
Code Issues Packages Projects Releases Wiki Activity

only let platform admins with webauthn access the sign in pages

Browse Source
This commit is contained in:
Leo Hemsted
2021-05-14 18:14:13 +01:00
parent c26a596839
commit a753e32c8d
1 changed files with 15 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
app/main/views/webauthn_credentials.py
View File

@@ -61,6 +61,12 @@ def webauthn_begin_authentication():
# get user from session
user_to_login = User.from_id(session['user_details']['id'])
if not user_to_login.webauthn_auth:
abort(403)
if not user_to_login.platform_admin:
abort(403)
authentication_data, state = current_app.webauthn_server.authenticate_begin(
credentials=[
credential.to_credential_data()
@@ -75,12 +81,18 @@ def webauthn_begin_authentication():
@main.route('/webauthn/authenticate', methods=['POST'])
@redirect_to_sign_in
def webauthn_complete_authentication():
state = session.pop("webauthn_authentication_state")
request_data = cbor.decode(request.get_data())
user_id = session['user_details']['id']
user_to_login = User.from_id(user_id)
if not user_to_login.webauthn_auth:
abort(403)
if not user_to_login.platform_admin:
abort(403)
state = session.pop("webauthn_authentication_state")
request_data = cbor.decode(request.get_data())
try:
current_app.webauthn_server.authenticate_complete(
state=state,