Update py_webauthn and avoid pydantic deprecation warnings (refs #634)

jazzband · Oct 2, 2023 · bc9dea1 · bc9dea1
1 parent 8b6171c
commit bc9dea1
Show file tree

Hide file tree

Showing 4 changed files with 19 additions and 13 deletions.
diff --git a/setup.py b/setup.py
@@ -21,7 +21,7 @@
     extras_require={
         'call': ['twilio>=6.0'],
         'sms': ['twilio>=6.0'],
-        'webauthn': ['webauthn>=1.6.0,<1.99'],
+        'webauthn': ['webauthn>=1.11.0,<1.99'],
         'yubikey': ['django-otp-yubikey'],
         'phonenumbers': ['phonenumbers>=7.0.9,<8.99'],
         'phonenumberslite': ['phonenumberslite>=7.0.9,<8.99'],

diff --git a/two_factor/plugins/webauthn/forms.py b/two_factor/plugins/webauthn/forms.py
@@ -7,7 +7,15 @@
 from django.utils.module_loading import import_string
 from django.utils.translation import gettext_lazy as _
 from pydantic import ValidationError as PydanticValidationError
-from webauthn.helpers.exceptions import InvalidAuthenticationResponse
+from webauthn.helpers.exceptions import (
+    InvalidAuthenticationResponse, InvalidRegistrationResponse,
+)
+from webauthn.helpers.parse_authentication_credential_json import (
+    parse_authentication_credential_json,
+)
+from webauthn.helpers.parse_registration_credential_json import (
+    parse_registration_credential_json,
+)
 from webauthn.helpers.structs import (
     PublicKeyCredentialRpEntity, PublicKeyCredentialUserEntity,
 )
@@ -16,7 +24,6 @@
 
 from .models import WebauthnDevice
 from .utils import (
-    AuthenticationCredential, RegistrationCredential,
     make_credential_creation_options, make_credential_request_options,
     verify_authentication_response,
 )
@@ -79,7 +86,7 @@ def _verify_token(self, user, token, device=None):
         del self.request.session['webauthn_request_options']
 
         try:
-            credential_id = AuthenticationCredential.parse_raw(token).id
+            credential_id = parse_authentication_credential_json(token).id
             device = WebauthnDevice.objects.get(user=user, key_handle=credential_id)
 
             new_sign_count = verify_authentication_response(
@@ -128,8 +135,8 @@ def clean_token(self):
         token = self.cleaned_data['token']
 
         try:
-            RegistrationCredential.parse_raw(token)
-        except PydanticValidationError as exc:
+            parse_registration_credential_json(token)
+        except InvalidRegistrationResponse as exc:
             raise forms.ValidationError(_('Entered token is not valid.'), code='invalid_token') from exc
 
         self.cleaned_data = {

diff --git a/two_factor/plugins/webauthn/tests/test_views_setup.py b/two_factor/plugins/webauthn/tests/test_views_setup.py
@@ -41,7 +41,7 @@ def test_setup_webauthn(self):
                          {'token': ['This field is required.']})
 
         with mock.patch(
-            "two_factor.plugins.webauthn.forms.RegistrationCredential.parse_raw"
+            "two_factor.plugins.webauthn.forms.parse_registration_credential_json"
         ), mock.patch(
             "two_factor.plugins.webauthn.method.verify_registration_response"
         ) as verify_registration_response:

diff --git a/two_factor/plugins/webauthn/utils.py b/two_factor/plugins/webauthn/utils.py
@@ -7,10 +7,9 @@
 )
 from webauthn.helpers import base64url_to_bytes, bytes_to_base64url
 from webauthn.helpers.structs import (
-    AttestationConveyancePreference, AuthenticationCredential,
-    AuthenticatorAttachment, AuthenticatorSelectionCriteria,
-    AuthenticatorTransport, PublicKeyCredentialDescriptor,
-    RegistrationCredential, UserVerificationRequirement,
+    AttestationConveyancePreference, AuthenticatorAttachment,
+    AuthenticatorSelectionCriteria, AuthenticatorTransport,
+    PublicKeyCredentialDescriptor, UserVerificationRequirement,
 )
 
 
@@ -62,7 +61,7 @@ def verify_registration_response(expected_rp_id, expected_origin, expected_chall
     :return: a tuple with the credential public key, id and current sign count
     """
     verified_registration = webauthn_verify_registration_response(
-        credential=RegistrationCredential.parse_raw(registration_token),
+        credential=registration_token,
         expected_challenge=base64url_to_bytes(expected_challenge),
         expected_origin=expected_origin,
         expected_rp_id=expected_rp_id,
@@ -130,7 +129,7 @@ def verify_authentication_response(
     :return: the new sign count for the WebauthnDevice instance
     """
     verified_authentication = webauthn_verify_authentication_response(
-        credential=AuthenticationCredential.parse_raw(authentication_token),
+        credential=authentication_token,
         expected_challenge=base64url_to_bytes(expected_challenge),
         expected_rp_id=expected_rp.id,
         expected_origin=expected_origin,