archive/healthchecks_healthchecks
0
0
Fork 0
mirror of https://github.com/healthchecks/healthchecks.git synced 2025-04-07 06:05:34 +00:00
Code Issues Projects Releases Wiki Activity

Add logging for failed webauthn key registrations

Browse source
This commit is contained in:
Pēteris Caune 2023-11-17 16:06:39 +02:00
parent decd1d4b87
commit 96823a7f90
No known key found for this signature in database
GPG key ID: E28D7679E9A9EDE2
4 changed files with 23 additions and 11 deletions
hc
accounts
tests
test_add_webauthn.py
views.py
lib
webauthn.py
static/css/admin
records.css

8
hc/accounts/tests/test_add_webauthn.py
View file

@ -73,9 +73,10 @@ class AddWebauthnTestCase(BaseTestCase):
r = self.client.post(self.url, payload) r = self.client.post(self.url, payload)
self.assertEqual(r.status_code, 400) self.assertEqual(r.status_code, 400)
@patch("hc.accounts.views.logger")
@patch("hc.accounts.views.CreateHelper.verify") @patch("hc.accounts.views.CreateHelper.verify")
def test_it_handles_verification_failure(self, mock_verify: Mock) -> None: def test_it_handles_verification_failure(self, verify: Mock, logger: Mock) -> None:
mock_verify.return_value = None verify.side_effect = ValueError
self.client.login(username="alice@example.org", password="password") self.client.login(username="alice@example.org", password="password")
self.set_sudo_flag() self.set_sudo_flag()
@ -88,3 +89,6 @@ class AddWebauthnTestCase(BaseTestCase):
r = self.client.post(self.url, payload, follow=True) r = self.client.post(self.url, payload, follow=True)
self.assertEqual(r.status_code, 400) self.assertEqual(r.status_code, 400)
# It should log the verification failure
self.assertTrue(logger.exception.called)

9
hc/accounts/views.py
View file

@ -1,5 +1,6 @@
from __future__ import annotations from __future__ import annotations
import logging
import time import time
from datetime import timedelta as td from datetime import timedelta as td
from secrets import token_urlsafe from secrets import token_urlsafe
@ -42,6 +43,8 @@ from hc.lib.tz import all_timezones
from hc.lib.webauthn import CreateHelper, GetHelper from hc.lib.webauthn import CreateHelper, GetHelper
from hc.payments.models import Subscription from hc.payments.models import Subscription
logger = logging.getLogger(__name__)
POST_LOGIN_ROUTES = ( POST_LOGIN_ROUTES = (
"hc-checks", "hc-checks",
"hc-details", "hc-details",
@ -727,8 +730,10 @@ def add_webauthn(request: AuthenticatedHttpRequest) -> HttpResponse:
return HttpResponseBadRequest() return HttpResponseBadRequest()
state = request.session["state"] state = request.session["state"]
credential_bytes = helper.verify(state, form.cleaned_data["response"]) try:
if credential_bytes is None: credential_bytes = helper.verify(state, form.cleaned_data["response"])
except ValueError as e:
logger.exception("CreateHelper.verify failed, form: %s", form.cleaned_data)
return HttpResponseBadRequest() return HttpResponseBadRequest()
c = Credential(user=request.user) c = Credential(user=request.user)

9
hc/lib/webauthn.py
View file

@ -47,12 +47,9 @@ class CreateHelper(object):
return dict(options), state return dict(options), state
def verify(self, state: Any, response_json: str) -> bytes | None: def verify(self, state: Any, response_json: str) -> bytes | None:
try: doc = json.loads(response_json)
doc = json.loads(response_json) auth_data = self.server.register_complete(state, doc)
auth_data = self.server.register_complete(state, doc) return auth_data.credential_data
return auth_data.credential_data
except ValueError:
return None
class GetHelper(object): class GetHelper(object):

8
static/css/admin/records.css
View file

@ -39,4 +39,10 @@
.field-traceback .readonly { .field-traceback .readonly {
font-family: monospace; font-family: monospace;
} }
.field-message .readonly {
width: 90%;
font-family: monospace;
}