From 5fbb505e98ecdd409330a5c336ad5ec49631b0db Mon Sep 17 00:00:00 2001
From: Mohamed ElKalioby <mkalioby@mkalioby.com>
Date: Mon, 10 Oct 2022 17:07:01 +0300
Subject: [PATCH] Fixing CVE-2022-42731

---
 CHANGELOG.md | 3 +++
 mfa/FIDO2.py | 8 +++++---
 setup.py     | 2 +-
 3 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 9657b2d..0c11061 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,4 +1,7 @@
 # Change Log
+## 2.5.1
+* Fix: CVE-2022-42731: related to possibility of registration replay attack thanks to 'SSE (Secure Systems Engineering)' 
+   
 ## 2.5.0
 
    * Fixed: issue in the 'Authorize' button don't show on Firefox and Chrome on iOS.
diff --git a/mfa/FIDO2.py b/mfa/FIDO2.py
index dcdf9f2..a2b5b5b 100644
--- a/mfa/FIDO2.py
+++ b/mfa/FIDO2.py
@@ -16,7 +16,7 @@
 import datetime
 from .Common import get_redirect_url
 from django.utils import timezone
-
+from django.http import JsonResponse
 
 def recheck(request):
     """Starts FIDO2 recheck"""
@@ -49,13 +49,15 @@ def begin_registeration(request):
 def complete_reg(request):
     """Completes the registeration, called by API"""
     try:
+        if not "fido_state" in request.session:
+            return JsonResponse({'status': 'ERR', "message": "FIDO Status can't be found, please try again"})
         data = cbor.decode(request.body)
 
         client_data = CollectedClientData(data['clientDataJSON'])
         att_obj = AttestationObject((data['attestationObject']))
         server = getServer()
         auth_data = server.register_complete(
-            request.session['fido_state'],
+            request.session.pop['fido_state'],
             client_data,
             att_obj
         )
@@ -75,7 +77,7 @@ def complete_reg(request):
             client.captureException()
         except:
             pass
-        return HttpResponse(simplejson.dumps({'status': 'ERR', "message": "Error on server, please try again later"}))
+        return JsonResponse({'status': 'ERR', "message": "Error on server, please try again later"})
 
 
 def start(request):
diff --git a/setup.py b/setup.py
index 273081d..02d4a7b 100644
--- a/setup.py
+++ b/setup.py
@@ -4,7 +4,7 @@
 
 setup(
     name='django-mfa2',
-    version='2.5.0',
+    version='2.5.1',
     description='Allows user to add 2FA to their accounts',
     long_description=open("README.md").read(),
     long_description_content_type="text/markdown",