Fix U2F enrollment for Chrome 72+ (#1669)

* Fix U2F enrollment for Chrome 72+ In Chrome 72, the base64url decoding behaviour changed. This could be fixed, if we use the base64_encode function for u2f registration and not only for signing. I did not test it in a good way yet. But I noticed that this works in my scenario with both, Google Chrome and Mozilla Firefox. resolves #1636
privacyidea · Jun 13, 2019 · b96482d · b96482d
1 parent 059e6b3
commit b96482d
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/privacyidea/lib/tokens/u2ftoken.py b/privacyidea/lib/tokens/u2ftoken.py
@@ -348,7 +348,7 @@ def get_init_detail(self, params=None, user=None):
             if not app_id:
                 raise TokenAdminError(_("You need to define the appId in the "
                                         "token config!"))
-            nonce = urlsafe_b64encode_and_unicode(geturandom(32))
+            nonce = url_encode(geturandom(32))
             response_detail = TokenClass.get_init_detail(self, params, user)
             register_request = {"version": U2F_Version,
                                 "challenge": nonce,

diff --git a/tests/test_lib_tokens_u2f.py b/tests/test_lib_tokens_u2f.py
@@ -148,7 +148,7 @@ def test_01_create_token(self):
         version = registerRequest.get("version")
         self.assertEqual(version, "U2F_V2")
         challenge = registerRequest.get("challenge")
-        self.assertEqual(len(challenge), 44)
+        self.assertEqual(len(challenge), 43)
 
         # Init step 2
         token = init_token({"type": "u2f",