habsi/authentik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

stages/authenticator_webauthn: optimize device types creation (#9932)

Browse Source 
* stages/authenticator_webauthn: optimize device types creation

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* same for aaguid_import task

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

---------

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
This commit is contained in:
Marc 'risson' Schmitt
2024-06-01 11:16:55 +02:00
committed by GitHub
parent 5f65a7c6cc
commit c3cb9bc778
1 changed files with 37 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

54
authentik/stages/authenticator_webauthn/tasks.py
View File

@ -32,28 +32,41 @@ def webauthn_mds_import(force=False):
"""Background task to import FIDO Alliance MDS blob into database""" """Background task to import FIDO Alliance MDS blob into database"""
with open(MDS_BLOB_PATH, mode="rb") as _raw_blob: with open(MDS_BLOB_PATH, mode="rb") as _raw_blob:
blob = parse_blob(_raw_blob.read(), mds_ca()) blob = parse_blob(_raw_blob.read(), mds_ca())
with atomic(): to_create_update = [
WebAuthnDeviceType.objects.update_or_create( WebAuthnDeviceType(
aaguid=UNKNOWN_DEVICE_TYPE_AAGUID, aaguid=UNKNOWN_DEVICE_TYPE_AAGUID,
defaults={ description="authentik: Unknown devices",
"description": "authentik: Unknown devices",
},
) )
if cache.get(CACHE_KEY_MDS_NO) == blob.no and not force: ]
return to_delete = []
mds_no = cache.get(CACHE_KEY_MDS_NO)
if mds_no != blob.no or force:
for entry in blob.entries: for entry in blob.entries:
aaguid = entry.aaguid aaguid = entry.aaguid
if not aaguid: if not aaguid:
continue continue
if not filter_revoked(entry): if not filter_revoked(entry):
WebAuthnDeviceType.objects.filter(aaguid=str(aaguid)).delete() to_delete.append(str(aaguid))
continue continue
metadata = entry.metadata_statement metadata = entry.metadata_statement
WebAuthnDeviceType.objects.update_or_create( to_create_update.append(
aaguid=str(aaguid), WebAuthnDeviceType(
defaults={"description": metadata.description, "icon": metadata.icon}, aaguid=str(aaguid),
description=metadata.description,
icon=metadata.icon,
)
) )
cache.set(CACHE_KEY_MDS_NO, blob.no) with atomic():
WebAuthnDeviceType.objects.bulk_create(
to_create_update,
update_conflicts=True,
update_fields=["description", "icon"],
unique_fields=["aaguid"],
)
WebAuthnDeviceType.objects.filter(aaguid__in=to_delete).delete()
if mds_no != blob.no:
cache.set(CACHE_KEY_MDS_NO, blob.no)
@CELERY_APP.task() @CELERY_APP.task()
@ -61,9 +74,16 @@ def webauthn_aaguid_import(force=False):
"""Background task to import AAGUIDs into database""" """Background task to import AAGUIDs into database"""
with open(AAGUID_BLOB_PATH, mode="rb") as _raw_blob: with open(AAGUID_BLOB_PATH, mode="rb") as _raw_blob:
entries = loads(_raw_blob.read()) entries = loads(_raw_blob.read())
to_create_update = [
WebAuthnDeviceType(
aaguid=str(aaguid), description=details.get("name"), icon=details.get("icon_light")
)
for aaguid, details in entries.items()
]
with atomic(): with atomic():
for aaguid, details in entries.items(): WebAuthnDeviceType.objects.bulk_create(
WebAuthnDeviceType.objects.update_or_create( to_create_update,
aaguid=str(aaguid), update_conflicts=True,
defaults={"description": details.get("name"), "icon": details.get("icon_light")}, update_fields=["description", "icon"],
) unique_fields=["aaguid"],
)