2FA (Webauthn) #5795
2FA (Webauthn) #5795
Conversation
|
Hey @brainwane @di @dstufft @ewdurbin -- this should be good for a review! We're still waiting on duo-labs/py_webauthn#41 for multiple WebAuthn credential support; we can either push forwards with this PR and begin a new one for multiple credentials, or wait on that (and begin another task) while they cut a release. Thoughts? |
|
I think I'd prefer to merge this for support w/ multiple credentials if the Duo team's timeline is compatible with ours. @mschwager, is there anything you can do to help us resolve duo-labs/py_webauthn#41? |
|
This seems functionally excellent. Looks like we still need to sort out:
|
Adds requisite view behavior, client-side handling, templates, interfaces, and services. Still incomplete.
Initial login work.
Adds the client-side JS needed for login, some of the form validation, some of the views, some of the services.
Set cookie properly on WebAuthn login.
|
@woodruffw I've now updated the UI: No 2fa
2fa by TOTP only
Single security key
Multiple security keys
Add key page
Remove key modal
|
|
@woodruffw it seems I've broken the remove modal - when trying to remove a key, I am getting a 404 error. I can't work out how to fix it - could you please look into this? |
|
Sure, I'll take a look in a moment. |
This should be done by the authenticator, but isn't.
For real this time.
Emphasizes that we do WebAuthn validation elsewhere. See: pypi#5795 (comment)
| @@ -83,6 +84,7 @@ <h2><a href="#my-account">My Account</a></h2> | |||
| <li><a href="#compromised-password">{{ compromised_password() }}</a></li> | |||
| <li><a href="#2fa">{{ twoFA() }}</a></li> | |||
| <li><a href="#totp">{{ totp() }}</a></li> | |||
| <li><a href="#utfkey">{{ utfkey() }}</a></li> | |||
There was a problem hiding this comment.
I did a double-take at utf 🙂
IIUC this is about U2F keys, not Unicode’s UTF, right?
There was a problem hiding this comment.
It is about U2F keys and not Unicode's UTF; the T stands for "two". I'm ok with this since it's just an anchor tag, but if you want to change it I figure a PR would be pretty easy!
Begins work on Webauthn as a supported 2FA method.
TODO:
utils.webauthnhelper methodsWebauthnmodel viaIUserServicenavigator.credentials)cc @brainwane @nlhkabu @di @ewdurbin @dstufft