Webauthn

This package contains views related to the multi-factor-authentication login with FIDO2.

The 2FA login process with FIDO2 is as follows:

  1. User tries to login with the LoginView

  2. If the user has at least one FidoKey configured, the login is delayed and the user is redirected to WebAuthnLoginView

  3. A 2FA assertion challenge is requested via an AJAX call to WebAuthnAssertView

  4. The browser sends the challenge to the FIDO key token and receives an assertion response

  5. The key’s assertion response is also sent via AJAX to WebAuthnVerifyView

  6. If the validation was successful, the user is logged in and redirected to the entry dashboard

  7. If the validation was not successful, an error message it displayed and the user can try again

Webauthn Assert View

class integreat_cms.cms.views.authentication.webauthn.webauthn_assert_view.WebAuthnAssertView(**kwargs)[source]

Bases: View

Generate challenge for multi factor authentication. If the user did not provide the first factor (password) or already authenticated with multiple factors, an error is returned. This AJAX view is called asynchronously by JavaScript.

get(request: HttpRequest) HttpResponse[source]
Parameters:

request (HttpRequest) – The current request

Returns:

The mfa challenge as JSON

Return type:

HttpResponse

Webauthn Login View

class integreat_cms.cms.views.authentication.webauthn.webauthn_login_view.WebAuthnLoginView(**kwargs)[source]

Bases: LoginView

View to extend the default login behavior from LoginView with multi-factor-authentication.

get(request: HttpRequest, *args: Any, **kwargs: Any) HttpResponse[source]

Renders the login form for TOTP authentication

Parameters:

  • request (HttpRequest) – The current request

  • *args (Any) – The supplied arguments

  • **kwargs (Any) – The supplied kwargs

Returns:

Rendered login form

Return type:

HttpResponse

template_name = 'authentication/login_webauthn.html'[source]

The template to render (see TemplateResponseMixin)

Webauthn Verify View

class integreat_cms.cms.views.authentication.webauthn.webauthn_verify_view.WebAuthnVerifyView(**kwargs)[source]

Bases: View

Verify the response to the challenge generated in WebAuthnAssertView. After a successful verification, the user is logged in.

post(request: HttpRequest) JsonResponse[source]
Parameters:

request (HttpRequest) – The current request

Returns:

The mfa challenge as JSON

Return type:

JsonResponse