made webauthn rp name and id configurable

e6980f7c · Julian · f574f13e · e6980f7c · e6980f7c
Commit e6980f7c authored Oct 5, 2020 by Julian
--- a/uffd/default_config.cfg
+++ b/uffd/default_config.cfg
@@ -24,6 +24,10 @@ MAIL_USE_STARTTLS=True
 MAIL_FROM_ADDRESS='foo@bar.com'
 MAIL_LDAP_OBJECTCLASSES=["top", "postfixVirtual"]

+#MFA_ICON_URL = 'https://example.com/logo.png'
+#MFA_RP_ID = 'example.com' # If unset, hostname from current request is used
+MFA_RP_NAME = 'Uffd Test Service' # Service name passed to U2F/FIDO2 authenticators
+
 ROLES_BASEROLES=['base']

 SQLALCHEMY_TRACK_MODIFICATIONS=False

--- a/uffd/mfa/views.py
+++ b/uffd/mfa/views.py
@@ -90,7 +90,7 @@ def setup_totp_finish():
 		db.session.commit()
 		return redirect(url_for('mfa.setup'))
 	flash('Code is invalid')
-	return redirect(url_for('mfa.setup_totp'))
+	return redirect(url_for('mfa.setup_totp', name=request.values['name']))

 @bp.route('/setup/totp/<int:id>/delete')
 @login_required()
@@ -103,7 +103,7 @@ def delete_totp(id):
 	return redirect(url_for('mfa.setup'))

 def get_webauthn_server():
-	return Fido2Server(RelyingParty(urllib.parse.urlsplit(request.url).hostname, "uffd"))
+	return Fido2Server(RelyingParty(current_app.config.get('MFA_RP_ID', urllib.parse.urlsplit(request.url).hostname), current_app.config['MFA_RP_NAME']))

 @bp.route('/setup/webauthn/begin', methods=['POST'])
 @login_required()