def page(self) -> CBORPageResult:
assert user.id is not None
if not is_two_factor_login_enabled(user.id):
raise MKGeneralException(
_("Two-factor authentication not enabled"))
data: dict[str, object] = cbor.decode(request.get_data())
credential_id = data["credentialId"]
client_data = ClientData(data["clientDataJSON"])
auth_data = AuthenticatorData(data["authenticatorData"])
signature = data["signature"]
logger.debug("ClientData: %r", client_data)
logger.debug("AuthenticatorData: %r", auth_data)
make_fido2_server().authenticate_complete(
session.session_info.webauthn_action_state,
[
AttestedCredentialData.unpack_from(v["credential_data"])[0]
for v in load_two_factor_credentials(user.id)
["webauthn_credentials"].values()
],
credential_id,
client_data,
auth_data,
signature,
)
session.session_info.webauthn_action_state = None
set_two_factor_completed()
return {"status": "OK"}
def page(self) -> None:
assert user.id is not None
html.set_render_headfoot(False)
html.add_body_css_class("login")
html.add_body_css_class("two_factor")
html.header(_("Two-factor authentication"), Breadcrumb(), javascripts=[])
html.open_div(id_="login")
html.open_div(id_="login_window")
html.open_a(href="https://checkmk.com")
html.img(
src=theme.detect_icon_path(icon_name="logo", prefix="mk-"),
id_="logo",
class_="custom" if theme.has_custom_logo() else None,
)
html.close_a()
if not is_two_factor_login_enabled(user.id):
raise MKGeneralException(_("Two-factor authentication not enabled"))
html.begin_form(
"two_factor_login", method="POST", add_transid=False, action="user_login_two_factor.py"
)
html.prevent_password_auto_completion()
html.hidden_field(
"_origtarget", origtarget := request.get_url_input("_origtarget", "index.py")
)
if backup_code := request.get_ascii_input("_backup_code"):
if is_two_factor_backup_code_valid(user.id, backup_code):
set_two_factor_completed()
raise HTTPRedirect(origtarget)