Webauthn
This package contains views related to the multi-factor-authentication login with FIDO2.
The 2FA login process with FIDO2 is as follows:
User tries to login with the
LoginView
If the user has at least one
FidoKey
configured, the login is delayed and the user is redirected toWebAuthnLoginView
A 2FA assertion challenge is requested via an AJAX call to
WebAuthnAssertView
The browser sends the challenge to the FIDO key token and receives an assertion response
The key’s assertion response is also sent via AJAX to
WebAuthnVerifyView
If the validation was successful, the user is logged in and redirected to the entry dashboard
If the validation was not successful, an error message it displayed and the user can try again
Webauthn Assert View
- class integreat_cms.cms.views.authentication.webauthn.webauthn_assert_view.WebAuthnAssertView(**kwargs)[source]
Bases:
View
Generate challenge for multi factor authentication. If the user did not provide the first factor (password) or already authenticated with multiple factors, an error is returned. This AJAX view is called asynchronously by JavaScript.
- get(request: HttpRequest) HttpResponse [source]
- Parameters:
request (HttpRequest) – The current request
- Returns:
The mfa challenge as JSON
- Return type:
HttpResponse
Webauthn Login View
- class integreat_cms.cms.views.authentication.webauthn.webauthn_login_view.WebAuthnLoginView(**kwargs)[source]
Bases:
LoginView
View to extend the default login behavior from
LoginView
with multi-factor-authentication.- get(request: HttpRequest, *args: Any, **kwargs: Any) HttpResponse [source]
Renders the login form for TOTP authentication
- Parameters:
request (HttpRequest) – The current request
*args (Any) – The supplied arguments
**kwargs (Any) – The supplied kwargs
- Returns:
Rendered login form
- Return type:
HttpResponse
- template_name = 'authentication/login_webauthn.html'[source]
The template to render (see
TemplateResponseMixin
)
Webauthn Verify View
- class integreat_cms.cms.views.authentication.webauthn.webauthn_verify_view.WebAuthnVerifyView(**kwargs)[source]
Bases:
View
Verify the response to the challenge generated in
WebAuthnAssertView
. After a successful verification, the user is logged in.- post(request: HttpRequest) JsonResponse [source]
- Parameters:
request (HttpRequest) – The current request
- Returns:
The mfa challenge as JSON
- Return type:
JsonResponse