Replace U2F with WebAuthn (#1392)

* Replace U2F with WebAuthn * Imports * Fix backwards compatibility * Add explanatory comment * Fix tests
2026-05-06 15:24:02 +00:00 · 2019-09-10 09:58:31 +02:00
parent 21451db412
commit 2c4ee3b3c7
20 changed files with 686 additions and 928 deletions
--- a/src/pretix/control/templates/pretixcontrol/auth/login_2fa.html
+++ b/src/pretix/control/templates/pretixcontrol/auth/login_2fa.html
@@ -4,7 +4,7 @@
 {% load static %}
 {% load compress %}
 {% block content %}
-    <form class="form-signin" action="" method="post" id="u2f-form">
+    <form class="form-signin" action="" method="post" id="webauthn-form">
        {% csrf_token %}
        <h3>{% trans "Welcome back!" %}</h3>
        <p>
@@ -12,14 +12,14 @@
        </p>
        <div class="form-group">
            <input class="form-control" name="token" placeholder="{% trans "Token" %}"
-                    type="text" required="required" autofocus="autofocus" id="u2f-response">
+                    type="text" required="required" autofocus="autofocus" id="webauthn-response">
        </div>
-        <div class="sr-only alert alert-danger" id="u2f-error">
-            {% trans "U2F failed. Check that the correct authentication device is correctly plugged in." %}
+        <div class="sr-only alert alert-danger" id="webauthn-error">
+            {% trans "WebAuthn failed. Check that the correct authentication device is correctly plugged in." %}
        </div>
        {% if jsondata %}
            <p><small>
-                {% trans "Alternatively, connect your U2F device. If it has a button, touch it now. You might have to unplug the device and plug it back in again." %}
+                {% trans "Alternatively, connect your WebAuthn device. If it has a button, touch it now. You might have to unplug the device and plug it back in again." %}
            </small></p>
        {% endif %}
        <div class="form-group buttons">
@@ -29,14 +29,14 @@
        </div>
    </form>
    {% if jsondata %}
-        <script type="text/json" id="u2f-login">
+        <script type="text/json" id="webauthn-login">
            {{ jsondata|safe }}

        </script>
    {% endif %}
    {% compress js %}
        <script type="text/javascript" src="{% static "jquery/js/jquery-2.1.1.min.js" %}"></script>
-        <script type="text/javascript" src="{% static "pretixcontrol/js/ui/u2f-api.js" %}"></script>
-        <script type="text/javascript" src="{% static "pretixcontrol/js/ui/u2f.js" %}"></script>
+        <script type="text/javascript" src="{% static "pretixcontrol/js/base64js.js" %}"></script>
+        <script type="text/javascript" src="{% static "pretixcontrol/js/ui/webauthn.js" %}"></script>
    {% endcompress %}
 {% endblock %}
--- a/src/pretix/control/templates/pretixcontrol/user/2fa_confirm_webauthn.html
+++ b/src/pretix/control/templates/pretixcontrol/user/2fa_confirm_webauthn.html
@@ -6,13 +6,13 @@
 {% block title %}{% trans "Add a two-factor authentication device" %}{% endblock %}
 {% block content %}
    <h1>{% trans "Add a two-factor authentication device" %}</h1>
-    <p id="u2f-progress">
+    <p id="webauthn-progress">
        <span class="fa fa-cog fa-spin"></span>
-        {% trans "Please connect your U2F device. If it has a button, touch it now. You might have to unplug the device and plug it back in again." %}
+        {% trans "Please connect your WebAuthn device. If it has a button, touch it now. You might have to unplug the device and plug it back in again." %}
    </p>
-    <form class="form form-inline" method="post" action="" id="u2f-form">
+    <form class="form form-inline" method="post" action="" id="webauthn-form">
        {% csrf_token %}
-        <input type="hidden" id="u2f-response" name="token" class="form-control" required="required">
+        <input type="hidden" id="webauthn-response" name="token" class="form-control" required="required">
        <p>
            <label>
                <input type="checkbox" name="activate" checked="checked" value="on">
@@ -22,16 +22,16 @@
        <button class="btn btn-primary sr-only" type="submit"></button>
    </form>

-    <div class="sr-only alert alert-danger" id="u2f-error">
+    <div class="sr-only alert alert-danger" id="webauthn-error">
        {% trans "Device registration failed." %}
    </div>
-    <script type="text/json" id="u2f-enroll">
+    <script type="text/json" id="webauthn-enroll">
        {{ jsondata|safe }}


    </script>
    {% compress js %}
-        <script type="text/javascript" src="{% static "pretixcontrol/js/ui/u2f-api.js" %}"></script>
-        <script type="text/javascript" src="{% static "pretixcontrol/js/ui/u2f.js" %}"></script>
+        <script type="text/javascript" src="{% static "pretixcontrol/js/base64js.js" %}"></script>
+        <script type="text/javascript" src="{% static "pretixcontrol/js/ui/webauthn.js" %}"></script>
    {% endcompress %}
 {% endblock %}
--- a/src/pretix/control/templates/pretixcontrol/user/2fa_main.html
+++ b/src/pretix/control/templates/pretixcontrol/user/2fa_main.html
@@ -78,6 +78,8 @@
                    </a>
                    {% if d.devicetype == "totp" %}
                        <span class="fa fa-mobile"></span>
+                    {% elif d.devicetype == "webauthn" %}
+                        <span class="fa fa-usb"></span>
                    {% elif d.devicetype == "u2f" %}
                        <span class="fa fa-usb"></span>
                    {% endif %}
--- a/src/pretix/control/templates/pretixcontrol/user/reauth.html
+++ b/src/pretix/control/templates/pretixcontrol/user/reauth.html
@@ -4,7 +4,7 @@
 {% load compress %}
 {% load static %}
 {% block content %}
-    <form class="form-signin" id="u2f-form" action="" method="post">
+    <form class="form-signin" id="webauthn-form" action="" method="post">
        {% csrf_token %}
        <h3>{% trans "Welcome back!" %}</h3>
        <p>
@@ -19,12 +19,12 @@
                    title="" type="password" required="" autofocus>
        </div>
        {% if jsondata %}
-            <div class="sr-only alert alert-danger" id="u2f-error">
-                {% trans "U2F failed. Check that the correct authentication device is correctly plugged in." %}
+            <div class="sr-only alert alert-danger" id="webauthn-error">
+                {% trans "WebAuthn failed. Check that the correct authentication device is correctly plugged in." %}
            </div>
            <p><small>
                <span class="fa fa-usb"></span>
-                {% trans "Alternatively, you can use your U2F device." %}
+                {% trans "Alternatively, you can use your WebAuthn device." %}
            </small></p>
        {% endif %}
        <div class="form-group text-right">
@@ -37,14 +37,14 @@
        </div>

        {% if jsondata %}
-            <script type="text/json" id="u2f-login">
+            <script type="text/json" id="webauthn-login">
            {{ jsondata|safe }}
            </script>
        {% endif %}
        {% compress js %}
            <script type="text/javascript" src="{% static "jquery/js/jquery-2.1.1.min.js" %}"></script>
-            <script type="text/javascript" src="{% static "pretixcontrol/js/ui/u2f-api.js" %}"></script>
-            <script type="text/javascript" src="{% static "pretixcontrol/js/ui/u2f.js" %}"></script>
+            <script type="text/javascript" src="{% static "pretixcontrol/js/base64js.js" %}"></script>
+            <script type="text/javascript" src="{% static "pretixcontrol/js/ui/webauthn.js" %}"></script>
        {% endcompress %}
    </form>
 {% endblock %}