Force auth mode instead of enrollment if there is no U2F devices

associated with specified application
GluuFederation · Dec 29, 2015 · 6fc4540 · 6fc4540
1 parent 3cb0cd2
commit 6fc4540
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 2 deletions.
diff --git a/Server/integrations/oxpush2/oxPush2ExternalAuthenticator.py b/Server/integrations/oxpush2/oxPush2ExternalAuthenticator.py
@@ -55,6 +55,7 @@ def authenticate(self, configurationAttributes, requestParameters, step):
         context = Contexts.getEventContext()
 
         userService = UserService.instance()
+        deviceRegistrationService = DeviceRegistrationService.instance()
         if (step == 1):
             print "oxPush2. Authenticate for step 1"
 
@@ -70,6 +71,18 @@ def authenticate(self, configurationAttributes, requestParameters, step):
             enrollment_mode = ServerUtil.getFirstValue(requestParameters, "loginForm:registerButton")
             if StringHelper.isNotEmpty(enrollment_mode):
                 auth_method = 'enroll'
+
+            if (auth_method == 'authenticate'):
+                find_user_by_uid = userService.getUser(user_name)
+                if (find_user_by_uid == None):
+                    print "oxPush. Authenticate for step 1. Failed to find user"
+                    return False
+
+                user_inum = userService.getUserInum(find_user_by_uid)
+                u2f_devices_list = deviceRegistrationService.findUserDeviceRegistrations(user_inum, self.u2f_application_id, "oxId")
+                if (u2f_devices_list.size() == 0):
+                    auth_method = 'enroll'
+                    print "oxPush2. There is no U2F '%s' user devices associated with application '%s'. Changing auth_method to '%s'" % (user_name, self.u2f_application_id, auth_method)
 
             print "oxPush2. Authenticate for step 1. auth_method: '%s'" % auth_method
 
@@ -123,7 +136,6 @@ def authenticate(self, configurationAttributes, requestParameters, step):
 
                 # Validate if user has specified device_id enrollment
                 user_inum = userService.getUserInum(find_user_by_uid)
-                deviceRegistrationService = DeviceRegistrationService.instance()
 
                 u2f_device = deviceRegistrationService.findUserDeviceRegistration(user_inum, u2f_device_id)
                 if (u2f_device == None):

diff --git a/Server/src/main/java/org/xdi/oxauth/ws/rs/fido/u2f/U2fConfigurationWS.java b/Server/src/main/java/org/xdi/oxauth/ws/rs/fido/u2f/U2fConfigurationWS.java
@@ -55,7 +55,7 @@ public Response getConfiguration() {
 			final String baseEndpointUri = configuration.getBaseEndpoint();
 
 			final U2fConfiguration conf = new U2fConfiguration();
-			conf.setVersion("1.0");
+			conf.setVersion("2.0");
 			conf.setIssuer(configuration.getIssuer());
 
 			conf.setRegistrationEndpoint(baseEndpointUri + "/fido/u2f/registration");