Webauthn

This package contains views related to the multi-factor-authentication login with FIDO2.

The 2FA login process with FIDO2 is as follows:

1. User tries to login with the LoginView

2. If the user has at least one FidoKey configured, the login is delayed and the user is redirected to WebAuthnLoginView

3. A 2FA assertion challenge is requested via an AJAX call to WebAuthnAssertView

4. The browser sends the challenge to the FIDO key token and receives an assertion response

5. The key’s assertion response is also sent via AJAX to WebAuthnVerifyView

6. If the validation was successful, the user is logged in and redirected to the entry dashboard

7. If the validation was not successful, an error message it displayed and the user can try again

Webauthn Assert View

class integreat_cms.cms.views.authentication.webauthn.webauthn_assert_view.WebAuthnAssertView(**kwargs)

Bases: View

Generate challenge for multi factor authentication. If the user did not provide the first factor (password) or already authenticated with multiple factors, an error is returned. This AJAX view is called asynchronously by JavaScript.

__init__(**kwargs)

Constructor. Called in the URLconf; can contain helpful extra keyword arguments, and other things.

classmethod as_view(**initkwargs)

Main entry point for a request-response process.

dispatch(request, *args, **kwargs)

get(request: HttpRequest) → HttpResponse

Parameters:

request (HttpRequest) – The current request

Returns:

The mfa challenge as JSON

Return type:

HttpResponse

http_method_names = ['get', 'post', 'put', 'patch', 'delete', 'head', 'options', 'trace']

http_method_not_allowed(request, *args, **kwargs)

options(request, *args, **kwargs)

Handle responding to requests for the OPTIONS HTTP verb.

setup(request, *args, **kwargs)

Initialize attributes shared by all view methods.

view_is_async = False

Webauthn Login View

class integreat_cms.cms.views.authentication.webauthn.webauthn_login_view.WebAuthnLoginView(**kwargs)

Bases: LoginView

View to extend the default login behavior from LoginView with multi-factor-authentication.

__init__(**kwargs)

Constructor. Called in the URLconf; can contain helpful extra keyword arguments, and other things.

classmethod as_view(**initkwargs)

Main entry point for a request-response process.

authentication_form = None

content_type = None

dispatch(request, *args, **kwargs)

extra_context = None

form_class

alias of AuthenticationForm

form_invalid(form)

If the form is invalid, render the invalid form.

form_valid(form)

Security check complete. Log the user in.

get(request: HttpRequest, *args: Any, **kwargs: Any) → HttpResponse

Renders the login form for TOTP authentication

Parameters:

• request (HttpRequest) – The current request

• *args (Any) – The supplied arguments

• **kwargs (Any) – The supplied kwargs

Returns:

Rendered login form

Return type:

HttpResponse

get_context_data(**kwargs)

Insert the form into the context dict.

get_default_redirect_url()

Return the default redirect URL.

get_form(form_class=None)

Return an instance of the form to be used in this view.

get_form_class()

Return the form class to use.

get_form_kwargs()

Return the keyword arguments for instantiating the form.

get_initial()

Return the initial data to use for forms on this view.

get_prefix()

Return the prefix to use for forms.

get_redirect_url()

Return the user-originating redirect URL if it’s safe.

get_success_url()

Return the URL to redirect to after processing a valid form.

get_success_url_allowed_hosts()

get_template_names()

Return a list of template names to be used for the request. Must return a list. May not be called if render_to_response() is overridden.

http_method_names = ['get', 'post', 'put', 'patch', 'delete', 'head', 'options', 'trace']

http_method_not_allowed(request, *args, **kwargs)

initial = {}

next_page = None

options(request, *args, **kwargs)

Handle responding to requests for the OPTIONS HTTP verb.

post(request, *args, **kwargs)

Handle POST requests: instantiate a form instance with the passed POST variables and then check if it’s valid.

prefix = None

put(*args, **kwargs)

redirect_authenticated_user = False

redirect_field_name = 'next'

render_to_response(context, **response_kwargs)

Return a response, using the response_class for this view, with a template rendered with the given context.

Pass response_kwargs to the constructor of the response class.

response_class

alias of TemplateResponse

setup(request, *args, **kwargs)

Initialize attributes shared by all view methods.

success_url = None

success_url_allowed_hosts = {}

template_engine = None

template_name = 'authentication/login_webauthn.html'

The template to render (see TemplateResponseMixin)

view_is_async = False

Webauthn Verify View

class integreat_cms.cms.views.authentication.webauthn.webauthn_verify_view.WebAuthnVerifyView(**kwargs)

Bases: View

Verify the response to the challenge generated in WebAuthnAssertView. After a successful verification, the user is logged in.

__init__(**kwargs)

Constructor. Called in the URLconf; can contain helpful extra keyword arguments, and other things.

classmethod as_view(**initkwargs)

Main entry point for a request-response process.

dispatch(request, *args, **kwargs)

http_method_names = ['get', 'post', 'put', 'patch', 'delete', 'head', 'options', 'trace']

http_method_not_allowed(request, *args, **kwargs)

options(request, *args, **kwargs)

Handle responding to requests for the OPTIONS HTTP verb.

post(request: HttpRequest) → JsonResponse

Parameters:

request (HttpRequest) – The current request

Returns:

The mfa challenge as JSON

Return type:

JsonResponse

setup(request, *args, **kwargs)

Initialize attributes shared by all view methods.

view_is_async = False