django-mfa2 icon indicating copy to clipboard operation
django-mfa2 copied to clipboard

Add 400 error status to exception handling in mfa/FIDO2.complete_reg

Open 41WhiteElephants opened this issue 2 years ago • 1 comments

Proof of concept, for testing purpose I added some random bytes to request body to check if exception handling is returning properly 400 status code and then for the same reason I removes fido_state from request.session dict to test if the first exception handling returning 400 status code.

Screenshot from 2024-01-23 13-39-11 Screenshot from 2024-01-23 13-38-55 Screenshot from 2024-01-23 13-15-30 Screenshot from 2024-01-23 13-15-10

41WhiteElephants avatar Jan 23 '24 13:01 41WhiteElephants

I found more missing status=400 places in code, will update the pull request soon

41WhiteElephants avatar Jan 28 '24 22:01 41WhiteElephants