github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity

fix: bitwardne request data encode

pull/15625/head
ibuler 2025-06-23 13:40:35 +08:00 committed by 老广
parent 46ddad1d59
commit cb42df542d
4 changed files with 39 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
apps/authentication/api/confirm.py
View File

@ -37,6 +37,7 @@ class UserConfirmationViewSet(JMSGenericViewSet):
backend_classes = ConfirmType.get_prop_backends(confirm_type)
if not backend_classes:
return
for backend_cls in backend_classes:
backend = backend_cls(self.request.user, self.request)
if not backend.check():
@ -69,6 +70,7 @@ class UserConfirmationViewSet(JMSGenericViewSet):
ok, msg = backend.authenticate(secret_key, mfa_type)
if ok:
request.session['CONFIRM_LEVEL'] = ConfirmType.values.index(confirm_type) + 1
request.session['CONFIRM_TYPE'] = confirm_type
request.session['CONFIRM_TIME'] = int(time.time())
return Response('ok')
return Response({'error': msg}, status=400)

1
apps/authentication/backends/passkey/api.py
View File

@ -74,6 +74,7 @@ class PasskeyViewSet(AuthMixin, FlashMessageMixin, JMSModelViewSet):
if confirm_mfa:
request.session['CONFIRM_LEVEL'] = ConfirmType.values.index('mfa') + 1
request.session['CONFIRM_TIME'] = int(time.time())
request.session['CONFIRM_TYPE'] = ConfirmType.MFA
request.session['passkey_confirm_mfa'] = ''
return Response('ok')

24
apps/authentication/permissions.py
View File

@ -14,23 +14,29 @@ from orgs.utils import tmp_to_root_org
class UserConfirmation(permissions.BasePermission):
ttl = 60 * 5
min_level = 1
confirm_type = 'relogin'
min_type = 'relogin'
def has_permission(self, request, view):
if not settings.SECURITY_VIEW_AUTH_NEED_MFA:
return True
confirm_level = request.session.get('CONFIRM_LEVEL')
confirm_type = request.session.get('CONFIRM_TYPE')
confirm_time = request.session.get('CONFIRM_TIME')
ttl = self.get_ttl()
if not confirm_level or not confirm_time or \
confirm_level < self.min_level or \
confirm_time < time.time() - ttl:
raise UserConfirmRequired(code=self.confirm_type)
ttl = self.get_ttl(confirm_type)
now = int(time.time())
if not confirm_level or not confirm_time:
raise UserConfirmRequired(code=self.min_type)
if confirm_level < self.min_level or \
confirm_time < now - ttl:
raise UserConfirmRequired(code=self.min_type)
return True
def get_ttl(self):
if self.confirm_type == ConfirmType.MFA:
def get_ttl(self, confirm_type):
if confirm_type == ConfirmType.MFA:
ttl = settings.SECURITY_MFA_VERIFY_TTL
else:
ttl = self.ttl
@ -40,7 +46,7 @@ class UserConfirmation(permissions.BasePermission):
def require(cls, confirm_type=ConfirmType.RELOGIN, ttl=60 * 5):
min_level = ConfirmType.values.index(confirm_type) + 1
name = 'UserConfirmationLevel{}TTL{}'.format(min_level, ttl)
return type(name, (cls,), {'min_level': min_level, 'ttl': ttl, 'confirm_type': confirm_type})
return type(name, (cls,), {'min_level': min_level, 'ttl': ttl, 'min_type': confirm_type})
class IsValidUserOrConnectionToken(IsValidUser):

39
apps/authentication/templates/authentication/passkey.html
View File

@ -91,27 +91,30 @@
}
}
const publicKeyCredentialToJSON = (pubKeyCred) => {
if (pubKeyCred instanceof Array) {
const arr = []
for (const i of pubKeyCred) {
arr.push(publicKeyCredentialToJSON(i))
}
return arr
const publicKeyCredentialToJSON = pubKeyCred => {
if (pubKeyCred instanceof Array) {
const arr = []
for (const i of pubKeyCred) {
arr.push(publicKeyCredentialToJSON(i))
}
return arr
}
if (pubKeyCred instanceof ArrayBuffer || pubKeyCred instanceof Uint8Array) {
return encode(pubKeyCred)
}
if (pubKeyCred instanceof Object) {
const obj = {}
for (const key in pubKeyCred) {
obj[key] = publicKeyCredentialToJSON(pubKeyCred[key])
}
if (pubKeyCred instanceof ArrayBuffer) {
return encode(pubKeyCred)
}
return obj
}
if (pubKeyCred instanceof Object) {
const obj = {}
for (const key in pubKeyCred) {
obj[key] = publicKeyCredentialToJSON(pubKeyCred[key])
}
return obj
}
return pubKeyCred
return pubKeyCred
}
function GetAssertReq(getAssert) {