-
Notifications
You must be signed in to change notification settings - Fork 23
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Can't add/use device with Django-U2F #23
Comments
@samdeane: As a side note, I wanted to add how much I appreciate you stepping forward and doing what you can to improve the U2F situation for Safari. It's a terrific browser, and it would be grand to avoid having to switch to another in order to take advantage of the improved web app security that U2F provides. Truly, thank you! 😸 |
Would it be useful if I provided a concise but detailed list of steps to reproduce? e.g., perhaps a quick Bash script that creates a virtual environment with everything needed to visit https://localhost:8000 and test locally? |
Yeah, that would be awesome. I've just uploaded a 1.1b4 too, which might help. |
I just tested 1.1b4 with Django-U2F, but it exhibits the same problem. |
Tried with 1.1b5, but sadly no change here. |
It's possible that you might fare better with 1.1b7, since it now implements another api function (getApiVersion) which the Django code might be relying on. |
Another new release to test: 2.0b1. :) A lot has changed in this one, and it seems to be working for me with Github, so I have some hope... |
Many thanks for your work on this, Sam. I tested 2.0b1 on two different environments, but the behavior is unfortunately the same as in the original description above. Those environments are:
As a side note, in the latter environment, the Safari FIDO U2F extension does not appear in Safari > Preferences > Extensions — but the status shows up as Enabled within the Safari FIDO U2F application. In the former environment, the extension appears in the list as expected. |
No problem. I will eventually get my arse in gear and set up a test environment - I found the instructions on the Django-U2F page. Compatibility is getting better, slowly... |
Perhaps I can help. Assuming you already have Python, Pip, and Virtualenv installed, following is a quick way to get set up... Start by saving this script somewhere as
Ignore the deprecation warnings and create a user account when prompted. Once created, load the following URL in Safari: https://127.0.0.1:8000/u2f/two-factor-settings/ You will probably see a "This Connection Is Not Private" warning. Bypass it by tapping the "Show Details" button and then the "visit this website" link. Log in via the credentials you supplied when creating your user account. Choose "Manage U2F keys" from the settings list. Tap the "Add another key link" and follow the instructions there. Hopefully this is helpful. If you have any questions or run into any trouble, please don't hesitate to let me know! |
I think it's fixed in #49. The Django test code seems to be working for me locally. I've uploaded a build as 2.0b3. Give it a whirl. |
Thanks for the instructions btw - simplified my life a lot! |
I am trying to use Safari-FIDO-U2F 1.1b3 on macOS 10.12.6 and Safari 10.1.2 in conjunction with a Django web application that utilizes Django-U2F for two-factor authentication. Adding U2F devices and using them to log into the web application functions as expected on Chromium and Firefox 57+, but I cannot neither add nor use U2F devices with the current version of this Safari extension.
When prompted to insert (or tap on an already-inserted) U2F device on Safari with the extension installed, doing so produces no change in or response from the web app in Safari (whereas normally the key would be added, or the user would be logged in, respectively). On the U2F device, tapping it causes the light to come on persistently, and tapping it again turns the light off.
I'm not well-versed enough with the U2F API to know whether anything needs to be done in Django-U2F in order to support this Safari extension, whether the above-described behavior is indicative of a bug in this extension that should be addressed, or whether changes are needed on both ends. Any thoughts?
The text was updated successfully, but these errors were encountered: