profile
viewpoint
tpazderka Prague, Czech Republic

OpenIDC/pyoidc 594

A complete OpenID Connect implementation in Python

openid/python-openid 426

OpenID library for Python

ziima/python-openid 7

OpenID library for Python

ziima/polint 4

Linter for gettext PO files

stinovlas/django-lang-switch 2

Language switch for Django

stinovlas/django-pain 2

Django application for managing bank payments and invoices.

CZ-NIC/python-cz-nia 0

Python library for communication with Czech NIA

CZ-NIC/setuptools_i18n 0

Plugin for setuptools to build and compile i18n files.

Pull request review commentCZ-NIC/django-fido

Passwordless login

 Then you can periodically run the `download_authenticator_metadata` management c If metadata are available for the given `Authenticator`, its `metadata` property will be an object. The `level`, `vulnerabilities` and `is_update_available` methods on `metadata` can be used to determine the trust and certification level. +## Passwordless++This authentication requires "discoverable credential" and using that credential to perform a user lookup using the passwordless authentication backend++1. Set `DJANGO_FIDO_RESIDENT_KEY` to `True`

This could probably be handled and checked during application setup to have some sensible combination.

variable

comment created time in 4 days

PullRequestReviewEvent

Pull request review commentCZ-NIC/django-fido

Passwordless login

 def authenticate(self, request: HttpRequest, user: AbstractBaseUser, fido2_serve             raise PermissionDenied("Counter didn't increase.")         return user -    def mark_device_used(self, device, counter):-        """Update FIDO 2 device usage information."""-        if counter == 0 and device.counter == 0:-            # Counter is unsupported by the device, bail out early-            return-        if counter <= device.counter:-            _LOGGER.info("FIDO 2 authentication failed because of not increasing counter.")-            raise ValueError("Counter didn't increase.")-        device.counter = counter-        device.full_clean()-        device.save() -    def get_user(self, user_id):-        """Return user based on its ID."""+class Fido2PasswordlessAuthenticationBackend(BaseFido2AuthenticationBackend):+    """Authenticate user using FIDO 2 passwordlessly using supplied user handle."""++    def authenticate(self, request: HttpRequest, user: Optional[AbstractBaseUser], fido2_server: Fido2Server,+                     fido2_state: Dict[str, bytes], fido2_response: Dict[str, Any]) -> Optional[AbstractBaseUser]:+        """Authenticate using FIDO 2."""+        user_handle = base64.b64decode(fido2_response['user_handle']).decode('utf-8')         try:-            return get_user_model().objects.get(pk=user_id)-        except get_user_model().DoesNotExist:+            authenticator = Authenticator.objects.get(user_handle=user_handle)

This can probably throw DoesNotExist which should be handled.

variable

comment created time in 4 days

PullRequestReviewEvent
PullRequestReviewEvent
PullRequestReviewEvent

pull request commentCZ-NIC/django-fido

Record user handle

Master is now passing, could you please rebase?

variable

comment created time in 4 days

PR opened CZ-NIC/django-fido

Reviewers
Drop py35 from testing matrix

Py35 remained in the testing matrix... Since it is no longer supported, we do not care about tests...

+1 -4

0 comment

1 changed file

pr created time in 4 days

pull request commentCZ-NIC/django-fido

changing function force_text to force_str

Master is fixed, could you please rebase?

gmateusjose

comment created time in 4 days

create barnchCZ-NIC/django-fido

branch : drop-py35-from-tests

created branch time in 4 days

delete branch CZ-NIC/django-fido

delete branch : drop-py35

delete time in 4 days

push eventCZ-NIC/django-fido

Tomáš Pazderka

commit sha f92a587f92a9106cb8b9a1587025294602496904

Drop support for python 3.5

view details

tpazderka

commit sha d62a5da1ac16083e8209529fd56250eacc9cdb6c

Merge pull request #149 from CZ-NIC/drop-py35 Drop support for python 3.5

view details

push time in 4 days

PR merged CZ-NIC/django-fido

Drop support for python 3.5
+4 -17

0 comment

4 changed files

tpazderka

pr closed time in 4 days

pull request commentCZ-NIC/django-fido

Record user handle

I believe it is broken on master as well. I will have a look and fix it.

variable

comment created time in 4 days

pull request commentCZ-NIC/django-fido

Record user handle

So we had a discussion with @ziima and decided on the following:

  • Change the definition of Authenticator.user_handle to be unique=True, null=True, blank=True
  • Alter the existing migration to reflect these changes
  • Update the Fido2RegistrationForm.clean_user_handle to return None if resident_key=False
  • Also the typing on the clean_user_handle is incorrect

These changes should remove even the small chance of getting duplicates while still allowing multiple tokens per user for two factor login.

variable

comment created time in 5 days

pull request commentCZ-NIC/django-fido

Record user handle

Sorry, we plan/hope to get to that this week. Feel free to poke us if we don't get back to you on Friday.

variable

comment created time in 8 days

PR opened CZ-NIC/django-eidas-specific-node

Unpin xmlsec and ignore mypy error

XMLSec types do not include the Transform module but there seems to be no easy way to get the correct transformation :/

Close #108

+4 -3

0 comment

2 changed files

pr created time in 11 days

create barnchCZ-NIC/django-eidas-specific-node

branch : 108-fix-xmlsec

created branch time in 11 days

push eventCZ-NIC/django-eidas-specific-node

Tomáš Pazderka

commit sha fcc4c56f27a324856e55585311f1609a6d6cef7d

fixup! Use Github actions instead of Travis

view details

push time in 11 days

create barnchCZ-NIC/django-eidas-specific-node

branch : use-gh-actions

created branch time in 11 days

PR opened CZ-NIC/django-fido

Reviewers
Drop support for python 3.5
+4 -17

0 comment

4 changed files

pr created time in 14 days

create barnchCZ-NIC/django-fido

branch : drop-py35

created branch time in 14 days

pull request commentCZ-NIC/django-fido

changing function force_text to force_str

Looks good to me. Thanks for the contribution.

The test fails are already on master and I will fix them shortly.

gmateusjose

comment created time in 14 days

issue openedCZ-NIC/django-fido

Drop support for old fido library version

Mypy complains about some of our test. This can be easily solved by dropping the support for old versions.

created time in 14 days

pull request commentCZ-NIC/django-fido

Record user handle

It looks OK to me.

@ziima @stinovlas ?

variable

comment created time in 2 months

pull request commentCZ-NIC/django-fido

Fix deprecation warnings and drop support for Django 1.11

We need to deal with #146 first as the master branch is currently broken for existing users.

mscansian

comment created time in 2 months

pull request commentCZ-NIC/django-fido

Record user handle

I have taken out the unique=True from user_handle field because:

  1. Allow people to migrate their existing database
  2. The package does not allow multiple key registration for the same user, so even using username as user.id won't get duplicates This is not true. The package allows multiple keys per single user.
  3. an uuid4 is unlikely to get duplicates. Shouldn't this return the same uuid4 for different registration attempts for the same user?
variable

comment created time in 2 months

pull request commentCZ-NIC/django-fido

recording user handle in authenticator

But we still need to fix the migration for existing users.

variable

comment created time in 2 months

Pull request review commentCZ-NIC/django-fido

Passwordless auth backend

 node_modules/  # Ignore transpiled JS code django_fido/static/django_fido/js++# IDE

Your authenticate method must take user anyway but make it an Optional[AbstractUser] which should work.

variable

comment created time in 2 months

more