search

mkalioby / django-mfa2

A Django app that handles MFA, it supports TOTP, U2F, FIDO2 U2F (Webauthn), Email Token and Trusted Devices
MIT License
302 stars 44 forks source link

FIDO2.complete_reg returns wrong status_code == 200 in exception handling #84

Open 41WhiteElephants opened 9 months ago

41WhiteElephants commented 9 months ago

Please stick to HTTP convention and change status codes when you catch exceptions. When I was using your code in my wrappers to apply JWT auth into it, I found in negative test with wrong payload I cannot pass the line below 'cause it was always status_code == 200 assert response = client.post(url, wrong_payload, format='json') assert response.status_code == HTTP_400_BAD_REQUEST

As an example, code from mfa/FIDO2.py line 89.

return JsonResponse({'status': 'ERR', "message": "Error on server, please try again later"}) is using default status_code = 200 from base class HttpResponseBase .

expected code: return JsonResponse({'status': 'ERR', "message": "Error on server, please try again later"}, status=status.HTTP_400_BAD_REQUEST) The same goes for mfa/FIDO2.py line 55.

mkalioby commented 9 months ago

You can open a PR and I'll merge as ASAP.

41WhiteElephants commented 9 months ago

Here https://github.com/mkalioby/django-mfa2/pull/85