Commit Graph

11551 Commits

Author SHA1 Message Date
Chris Hill-Scott
2a62d6dfb8 Add a success message when security key registered
This makes it clear that there’s nothing more the user needs to do,
until the next time they sign in.
2021-06-03 13:59:43 +01:00
Chris Hill-Scott
6869b299b3 Merge pull request #3906 from alphagov/pyup-scheduled-update-2021-05-31
Scheduled weekly dependency update for week 22
2021-06-03 13:37:40 +01:00
David McDonald
0fcb7778ac Merge pull request #3893 from alphagov/allow-provider-all-channels
Allow setting provider for any channel
2021-06-03 09:36:43 +01:00
David McDonald
d04602c3aa Fix incorrect test having channel as 'all'
'all' isn't a valid channel. It should be one of government, severe or
test. I think this is a mistake and therefore this commit changes it to
what it should be
2021-06-02 18:17:54 +01:00
Chris Hill-Scott
e6bbe3f6a5 Remove Python 2 compatibility code
This will make it easier to upgrade to Flask 3.0 in the future.
2021-06-02 16:15:34 +01:00
Chris Hill-Scott
7832c862a1 Pin Flask to less than version 2
Flask 2.0 requires Jinja 3.0

govuk_frontend_jinja is not compatible with Jinja 3.0 yet
2021-06-02 16:15:34 +01:00
David McDonald
2d40208fec Merge pull request #3894 from alphagov/webauthn-login-python-tests
Webauthn login
2021-06-02 15:30:36 +01:00
Chris Hill-Scott
0888ecb628 Freeze requirements 2021-06-02 15:28:31 +01:00
pyup-bot
69a498cbd0 Update xlrd from 1.2.0 to 2.0.1 2021-06-02 15:28:30 +01:00
pyup-bot
4e82afeae6 Update werkzeug from 1.0.1 to 2.0.1 2021-06-02 15:28:30 +01:00
pyup-bot
ee16845c65 Update urllib3 from 1.26.4 to 1.26.5 2021-06-02 15:28:30 +01:00
pyup-bot
69141eb13c Update six from 1.15.0 to 1.16.0 2021-06-02 15:28:30 +01:00
pyup-bot
ea13a94952 Update s3transfer from 0.3.7 to 0.4.2 2021-06-02 15:28:30 +01:00
pyup-bot
c2ee400123 Update pyjwt from 2.0.1 to 2.1.0 2021-06-02 15:28:30 +01:00
pyup-bot
25418ddb04 Update phonenumbers from 8.12.21 to 8.12.24 2021-06-02 15:28:30 +01:00
pyup-bot
934a144725 Update markupsafe from 1.1.1 to 2.0.1 2021-06-02 15:28:30 +01:00
pyup-bot
9563138d6f Update jinja2 from 2.11.3 to 3.0.1 2021-06-02 15:28:30 +01:00
pyup-bot
0e15653939 Update idna from 2.10 to 3.2 2021-06-02 15:28:30 +01:00
pyup-bot
b4a9fe21b6 Update greenlet from 1.0.0 to 1.1.0 2021-06-02 15:28:30 +01:00
pyup-bot
a00db30546 Update et-xmlfile from 1.0.1 to 1.1.0 2021-06-02 15:28:30 +01:00
pyup-bot
3487087f4a Update docutils from 0.15.2 to 0.17.1 2021-06-02 15:28:30 +01:00
pyup-bot
79e1273d82 Update dnspython from 1.16.0 to 2.1.0 2021-06-02 15:28:30 +01:00
pyup-bot
c72022307c Update cryptography from 3.3.2 to 3.4.7 2021-06-02 15:28:30 +01:00
pyup-bot
1de542bd05 Update colorama from 0.4.3 to 0.4.4 2021-06-02 15:28:30 +01:00
pyup-bot
48ae94efa7 Update click from 7.1.2 to 8.0.1 2021-06-02 15:28:30 +01:00
pyup-bot
a6ea8dbe46 Update certifi from 2020.12.5 to 2021.5.30 2021-06-02 15:28:30 +01:00
pyup-bot
22adea55b0 Update cachetools from 4.2.1 to 4.2.2 2021-06-02 15:28:30 +01:00
pyup-bot
82d08522e6 Update botocore from 1.20.51 to 1.20.84 2021-06-02 15:28:30 +01:00
pyup-bot
176966ff83 Update boto3 from 1.17.51 to 1.17.84 2021-06-02 15:28:29 +01:00
pyup-bot
5b6125aef0 Update awscli from 1.19.51 to 1.19.84 2021-06-02 15:28:29 +01:00
pyup-bot
c832e11523 Update requests-mock from 1.8.0 to 1.9.3 2021-06-02 15:28:29 +01:00
pyup-bot
d4f11a3b40 Update flake8 from 3.9.0 to 3.9.2 2021-06-02 15:28:29 +01:00
pyup-bot
6177937014 Update pytest-mock from 3.5.1 to 3.6.1 2021-06-02 15:28:29 +01:00
pyup-bot
96e5950de7 Update pytest from 6.2.3 to 6.2.4 2021-06-02 15:28:29 +01:00
pyup-bot
164a44e41b Pin cryptography to latest version 3.4.7 2021-06-02 15:28:29 +01:00
pyup-bot
3cf17ff6bf Update itsdangerous from 1.1.0 to 2.0.1 2021-06-02 15:28:29 +01:00
pyup-bot
afcc1a90ed Update itsdangerous from 1.1.0 to 2.0.1 2021-06-02 15:28:29 +01:00
pyup-bot
14f5aadef3 Update notifications-python-client from 6.0.2 to 6.1.0 2021-06-02 15:28:29 +01:00
pyup-bot
e7893001f3 Update notifications-python-client from 6.0.2 to 6.1.0 2021-06-02 15:28:29 +01:00
pyup-bot
d86239566d Update flask-wtf from 0.14.3 to 0.15.1 2021-06-02 15:28:29 +01:00
pyup-bot
0345c95179 Update flask-wtf from 0.14.3 to 0.15.1 2021-06-02 15:28:29 +01:00
pyup-bot
c78ce2a482 Update flask from 1.1.2 to 2.0.1 2021-06-02 15:28:29 +01:00
pyup-bot
5d209a4ad9 Update flask from 1.1.2 to 2.0.1 2021-06-02 15:28:29 +01:00
pyup-bot
2a7a29a48b Update humanize from 3.4.0 to 3.6.0 2021-06-02 15:28:29 +01:00
pyup-bot
e26922e82a Update humanize from 3.4.0 to 3.6.0 2021-06-02 15:28:29 +01:00
Leo Hemsted
73a444b33a rename webauthn auth functions
_complete_webauthn_authentication -> _verify_webauthn_authentication

This function just does verification of the actual auth process -
checking the challenge is correct, the signature matches the public key
we have stored in our database, etc.

verify_webauthn_login -> _complete_webauthn_login_attempt

This function doesn't do any actual verification, we've already verified
the user is who they say they are (or not), it's about marking the
attempt, either unsuccessful (we bump the failed_login_count in the db)
or successful (we set the logged_in_at and current_session_id in the
db).

This change also informs changes to the names of methods on the user
model and in user_api_client.
2021-06-02 12:06:10 +01:00
Leo Hemsted
0ec92e8c2f DRY attested webauthn creds data 2021-06-02 12:06:10 +01:00
Leo Hemsted
e864100be7 make sure error message flashes work properly
flashes are consumed by the jinja template calling get_flashed_messages
in flash_messages.html.

When you call `abort(403)` the 403 error page is rendered, with the
flashed message on it. However, the webauthn endpoints just return that
page to the ajax `fetch`, which ignores the response and just reloads
the page.

Instead of calling abort, we can just return an empty response body and
the 403 error code, so that the flashed messages stay in the session and
will be rendered when the `GET /two-factor-webauthn` request happens
after the js reloads the page.
2021-06-02 12:06:09 +01:00
Leo Hemsted
a3870af87d allow password reset with webauthn login flow 2021-06-02 12:06:09 +01:00
Leo Hemsted
6a21915cee add webauthn authentication js tests
notably i had to change `window.location = foo` to
`window.location.assign` so that i could have something to spy on with
jest. mocking sucks. Otherwise this is pretty similar to the
registerSecurityKey.test.js file.
2021-06-02 12:06:09 +01:00