Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow only JSON rendering for views #56

Merged
merged 2 commits into from
Feb 20, 2025
Merged

Allow only JSON rendering for views #56

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
1391230
Only allow JSON rendering
AlmerCarbonEquity Feb 20, 2025
c23f688
Formatting
AlmerCarbonEquity Feb 20, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 9 additions & 0 deletions src/django_otp_webauthn/views.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@
from django.views.decorators.cache import never_cache
from django_otp import login as otp_login
from rest_framework.permissions import AllowAny, IsAuthenticated
from rest_framework.renderers import JSONRenderer
from rest_framework.response import Response
from rest_framework.views import APIView

Expand Down Expand Up @@ -89,6 +90,8 @@ class BeginCredentialRegistrationView(RegistrationCeremonyMixin, APIView):
This view will return a JSON response with the options for the client to use to register a credential.
"""

renderer_classes = [JSONRenderer]

def post(self, *args, **kwargs):
user = self.get_user()
helper = self.get_helper()
Expand All @@ -106,6 +109,8 @@ class CompleteCredentialRegistrationView(RegistrationCeremonyMixin, APIView):
This view accepts client data about the registered credential, validates it, and saves the credential to the database.
"""

renderer_classes = [JSONRenderer]

def get_state(self):
"""Retrieve the registration state."""

Expand Down Expand Up @@ -139,6 +144,8 @@ class BeginCredentialAuthenticationView(AuthenticationCeremonyMixin, APIView):
This view will return a JSON response with the options for the client to use to authenticate with a credential.
"""

renderer_classes = [JSONRenderer]

def post(self, *args, **kwargs):
user = self.get_user()
helper = self.get_helper()
Expand All @@ -162,6 +169,8 @@ class CompleteCredentialAuthenticationView(AuthenticationCeremonyMixin, APIView)
and logs the user in.
"""

renderer_classes = [JSONRenderer]

def get_state(self):
"""Retrieve the authentication state."""
# It is VITAL that we pop the state from the session before we do anything else.
Expand Down
15 changes: 15 additions & 0 deletions tests/unit/test_views.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
import pytest
from django.contrib.auth.models import AnonymousUser
from rest_framework.renderers import JSONRenderer

from django_otp_webauthn import exceptions
from django_otp_webauthn.helpers import WebAuthnHelper
Expand Down Expand Up @@ -36,6 +37,20 @@ def test_views__no_caching_headers_present(rf, view_class, user_in_memory):
assert "Expires" in response.headers


@pytest.mark.parametrize(
"view_class",
[
BeginCredentialRegistrationView,
CompleteCredentialRegistrationView,
BeginCredentialAuthenticationView,
CompleteCredentialAuthenticationView,
],
)
def test_views__no_html_render(view_class):
view = view_class()
assert view.renderer_classes == [JSONRenderer]


def test_pywebauthn_logger(settings):
settings.OTP_WEBAUTHN_EXCEPTION_LOGGER_NAME = "test_logger"
_get_pywebauthn_logger.cache_clear()
Expand Down