From 551bd3e2847bc75f0e591eed89d7994fb52575a8 Mon Sep 17 00:00:00 2001
From: Richard Schreiber <schreiber@rami.io>
Date: Fri, 25 Mar 2022 12:25:15 +0100
Subject: [PATCH] Fix #2556 -- Remove attestation from 2FA-device registration

As we currently do not verify attestation in 2FA-device registration, we can safely remove it. This circumvents a bug in webkit when registering Touch-ID as 2FA-device on M1 Macs. See https://bugs.webkit.org/show_bug.cgi?id=224042

For more info on why we do not use attestation, see https://fidoalliance.org/fido-technotes-the-truth-about-attestation/
---
 src/pretix/control/views/user.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/pretix/control/views/user.py b/src/pretix/control/views/user.py
index a5ba9e7d91..e78e5c43af 100644
--- a/src/pretix/control/views/user.py
+++ b/src/pretix/control/views/user.py
@@ -399,7 +399,8 @@ class User2FADeviceConfirmWebAuthnView(RecentAuthenticationRequiredMixin, Templa
             ukey,
             self.request.user.email,
             str(self.request.user),
-            settings.SITE_URL
+            settings.SITE_URL,
+            attestation="none"
         )
         ctx['jsondata'] = json.dumps(make_credential_options.registration_dict)