From e6980f7c066d2cf9c08363b11e8dcdc36bd08332 Mon Sep 17 00:00:00 2001
From: Julian Rother <julianr@fsmpi.rwth-aachen.de>
Date: Mon, 5 Oct 2020 11:58:44 +0200
Subject: [PATCH] made webauthn rp name and id configurable

---
 uffd/default_config.cfg | 4 ++++
 uffd/mfa/views.py       | 4 ++--
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/uffd/default_config.cfg b/uffd/default_config.cfg
index 3cd27609..0cf302b0 100644
--- a/uffd/default_config.cfg
+++ b/uffd/default_config.cfg
@@ -24,6 +24,10 @@ MAIL_USE_STARTTLS=True
 MAIL_FROM_ADDRESS='foo@bar.com'
 MAIL_LDAP_OBJECTCLASSES=["top", "postfixVirtual"]
 
+#MFA_ICON_URL = 'https://example.com/logo.png'
+#MFA_RP_ID = 'example.com' # If unset, hostname from current request is used
+MFA_RP_NAME = 'Uffd Test Service' # Service name passed to U2F/FIDO2 authenticators
+
 ROLES_BASEROLES=['base']
 
 SQLALCHEMY_TRACK_MODIFICATIONS=False
diff --git a/uffd/mfa/views.py b/uffd/mfa/views.py
index 35a3a905..fbaad53b 100644
--- a/uffd/mfa/views.py
+++ b/uffd/mfa/views.py
@@ -90,7 +90,7 @@ def setup_totp_finish():
 		db.session.commit()
 		return redirect(url_for('mfa.setup'))
 	flash('Code is invalid')
-	return redirect(url_for('mfa.setup_totp'))
+	return redirect(url_for('mfa.setup_totp', name=request.values['name']))
 
 @bp.route('/setup/totp/<int:id>/delete')
 @login_required()
@@ -103,7 +103,7 @@ def delete_totp(id):
 	return redirect(url_for('mfa.setup'))
 
 def get_webauthn_server():
-	return Fido2Server(RelyingParty(urllib.parse.urlsplit(request.url).hostname, "uffd"))
+	return Fido2Server(RelyingParty(current_app.config.get('MFA_RP_ID', urllib.parse.urlsplit(request.url).hostname), current_app.config['MFA_RP_NAME']))
 
 @bp.route('/setup/webauthn/begin', methods=['POST'])
 @login_required()
-- 
GitLab