Upgrade to webauthn 1.6.0
#52
Conversation
Natim
force-pushed
the
chore/upgrade-webauthn-1.6.0
branch
from
9d6faf4 to
84968b2
Compare
|
Is this about to be merged into main when checks pass? @justinmayer |
Natim
force-pushed
the
chore/upgrade-webauthn-1.6.0
branch
from
5d36528 to
4b5bd91
Compare
|
@dunderrrrrr did you had a chance to test kagi with this new branch? I am a bit worried that the migration is not going to be easy. |
Natim
force-pushed
the
chore/upgrade-webauthn-1.6.0
branch
from
4b5bd91 to
ae2fa0d
Compare
|
@Natim not yet, ill give it a shot when I have time. Thanks! |
|
@dunderrrrrr wrote:
Is this about to be merged into main when checks pass?
I am traveling for the next week, and when I return I will be able to test these changes on a production application.
In the interim, as Rémy suggested, any testing you can do would be much appreciated!
|
| _authenticator_selection = AuthenticatorSelectionCriteria() | ||
| _authenticator_selection.user_verification = UserVerificationRequirement.DISCOURAGED |
There was a problem hiding this comment.
If you want to allow the user to register new usb nfc yubikey, one that it's pin code wasn't defined before on this specific browser you should define the
_authenticator_selection.resident_key=ResidentKeyRequirement.PREFERRED see
kagi/static/kagi/webauthn.js
Outdated
| formData.set("csrf_token", token); | ||
|
|
||
| const resp = await fetch( | ||
| "/kagi/api/verify-credential-info/", { |
There was a problem hiding this comment.
Should not use hardcoded URLs, instead use window.Kagi.verify_credential_info
Same for other hardcoded URLs in this file.
|
After testing the contents of this First, starting on the current Then, switching back to my other terminal session running the current from kagi.views import api as kagi_api_views
from kagi.views.login import KagiLoginView… these path("login/", KagiLoginView.as_view(), name="login"),
path("settings/security/", include("kagi.urls", namespace="kagi")),… and I commented out this line, which is obviated by the line above: # path("kagi/", include("kagi.urls", namespace="kagi")),After making these changes, I confirmed that all of the above WebAuthn-related behavior continues to function as expected on the current However, when I switch back to the In short, it seems the new branch depends on the @Natim: Do you have any ideas about what is going on here, and perhaps how it might be resolved? (Copying @apollo13, @carltongibson & @MarkusH) |
See my earlier comment that point out the origin of this issue. |
|
@rphlo: Around the time of your previous comment, I tried using |
I have successfully ran this branch with the following change in |
|
Hi @rphlo, thank you so much for this. I will pulling your chances into this branch shortly and will start testing. |
Replace hardcoded pathes
apollo13
force-pushed
the
chore/upgrade-webauthn-1.6.0
branch
from
20ba30a to
679c419
Compare
As a follow-up to this, I opened #65 |
@MarkusH This is an issue I also had in my project. I fixed it somehow similarly, however this is something that I believe is outside the scope of this PR and can be fixed in separate one as it affect also other branches. |
Yes, absolutely! |
- Add support for Django 5.0 - Drop support for Django 3.2 and 4.1 - Drop support for Python 3.7 and 3.8
justinmayer
force-pushed
the
chore/upgrade-webauthn-1.6.0
branch
from
1d5f715 to
d919efb
Compare
There was a problem hiding this comment.
Many sincere thanks to @Natim for all his work on this endeavor, as well as to everyone else who helped review and improve it! 🌟
No description provided.