Store sign count

app/auth/views/login_utils.py

@@ -14,7 +14,15 @@ def after_login(user, next_url):
     If user enables MFA: redirect user to MFA page
     Otherwise redirect to dashboard page if no next_url
     """
-    if user.enable_otp:
+    if user.fido_uuid is not None:
+        # Use the same session for FIDO so that we can easily
+        # switch between these two 2FA option
+        session[MFA_USER_ID] = user.id
+        if next_url:
+            return redirect(url_for("auth.fido", next_url=next_url))
+        else:
+            return redirect(url_for("auth.fido"))        
+    elif user.enable_otp:
         session[MFA_USER_ID] = user.id
         if next_url:
             return redirect(url_for("auth.mfa", next_url=next_url))

app/dashboard/views/fido_cancel.py

@@ -26,6 +26,7 @@ def fido_cancel():
         if current_user.check_password(password):
             current_user.fido_pk = None
             current_user.fido_uuid = None
+            current_user.fido_sign_count = None
             current_user.fido_credential_id = None
             db.session.commit()
             flash("We've unlinked your security key.", "success")

app/dashboard/views/fido_setup.py

@@ -57,6 +57,7 @@ def fido_setup():
 
         current_user.fido_pk = fido_uuid
         current_user.fido_uuid = str(fido_credential.public_key, "utf-8")
+        current_user.fido_sign_count = fido_credential.sign_count
         current_user.fido_credential_id = str(fido_credential.credential_id, "utf-8")
         db.session.commit()
 

app/models.py

@@ -138,6 +138,7 @@ class User(db.Model, ModelMixin, UserMixin):
     fido_uuid = db.Column(db.String(), nullable=True, unique=True)
     fido_credential_id = db.Column(db.String(), nullable=True, unique=True)
     fido_pk = db.Column(db.String(), nullable=True, unique=True)
+    fido_sign_count = db.Column(db.Integer(), nullable=True)
 
     # some users could have lifetime premium
     lifetime = db.Column(db.Boolean, default=False, nullable=False, server_default="0")