From 6fc45404bc3a2f98b7c23d4f341347f50c414104 Mon Sep 17 00:00:00 2001
From: yurem <Yuriy.Movchan@gmail.com>
Date: Tue, 29 Dec 2015 21:44:01 +0200
Subject: [PATCH] Force auth mode instead of enrollment if there is no U2F
 devices associated with specified application

---
 .../oxpush2/oxPush2ExternalAuthenticator.py        | 14 +++++++++++++-
 .../oxauth/ws/rs/fido/u2f/U2fConfigurationWS.java  |  2 +-
 2 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/Server/integrations/oxpush2/oxPush2ExternalAuthenticator.py b/Server/integrations/oxpush2/oxPush2ExternalAuthenticator.py
index cf5a40c717..121a1411e9 100644
--- a/Server/integrations/oxpush2/oxPush2ExternalAuthenticator.py
+++ b/Server/integrations/oxpush2/oxPush2ExternalAuthenticator.py
@@ -55,6 +55,7 @@ def authenticate(self, configurationAttributes, requestParameters, step):
         context = Contexts.getEventContext()
 
         userService = UserService.instance()
+        deviceRegistrationService = DeviceRegistrationService.instance()
         if (step == 1):
             print "oxPush2. Authenticate for step 1"
 
@@ -70,6 +71,18 @@ def authenticate(self, configurationAttributes, requestParameters, step):
             enrollment_mode = ServerUtil.getFirstValue(requestParameters, "loginForm:registerButton")
             if StringHelper.isNotEmpty(enrollment_mode):
                 auth_method = 'enroll'
+            
+            if (auth_method == 'authenticate'):
+                find_user_by_uid = userService.getUser(user_name)
+                if (find_user_by_uid == None):
+                    print "oxPush. Authenticate for step 1. Failed to find user"
+                    return False
+
+                user_inum = userService.getUserInum(find_user_by_uid)
+                u2f_devices_list = deviceRegistrationService.findUserDeviceRegistrations(user_inum, self.u2f_application_id, "oxId")
+                if (u2f_devices_list.size() == 0):
+                    auth_method = 'enroll'
+                    print "oxPush2. There is no U2F '%s' user devices associated with application '%s'. Changing auth_method to '%s'" % (user_name, self.u2f_application_id, auth_method)
 
             print "oxPush2. Authenticate for step 1. auth_method: '%s'" % auth_method
             
@@ -123,7 +136,6 @@ def authenticate(self, configurationAttributes, requestParameters, step):
 
                 # Validate if user has specified device_id enrollment
                 user_inum = userService.getUserInum(find_user_by_uid)
-                deviceRegistrationService = DeviceRegistrationService.instance()
 
                 u2f_device = deviceRegistrationService.findUserDeviceRegistration(user_inum, u2f_device_id)
                 if (u2f_device == None):
diff --git a/Server/src/main/java/org/xdi/oxauth/ws/rs/fido/u2f/U2fConfigurationWS.java b/Server/src/main/java/org/xdi/oxauth/ws/rs/fido/u2f/U2fConfigurationWS.java
index 20792692ee..f1166f8a42 100644
--- a/Server/src/main/java/org/xdi/oxauth/ws/rs/fido/u2f/U2fConfigurationWS.java
+++ b/Server/src/main/java/org/xdi/oxauth/ws/rs/fido/u2f/U2fConfigurationWS.java
@@ -55,7 +55,7 @@ public Response getConfiguration() {
 			final String baseEndpointUri = configuration.getBaseEndpoint();
 
 			final U2fConfiguration conf = new U2fConfiguration();
-			conf.setVersion("1.0");
+			conf.setVersion("2.0");
 			conf.setIssuer(configuration.getIssuer());
 
 			conf.setRegistrationEndpoint(baseEndpointUri + "/fido/u2f/registration");