misc bugfix

README.md

@@ -4,6 +4,7 @@ A security shield for protecting a number of small web applications.
 ## Requirements  
 Python 3.7+  
 PostgreSQL 11.5+  
+Debian System packages: `build-essential python3-dev`
 Python packages: `wheel gunicorn aiohttp aiohttp_jinja2 asyncpg passlib argon2_cffi uvloop fido2`  
 
 ## Install  

auth.py

@@ -9,7 +9,8 @@ from datetime import datetime
 
 from aiohttp import web
 from fido2.client import ClientData
-from fido2.server import Fido2Server, RelyingParty
+from fido2.server import Fido2Server
+from fido2.webauthn import PublicKeyCredentialRpEntity
 from fido2.ctap2 import AttestationObject, AuthenticatorData, \
 	AttestedCredentialData
 from fido2 import cbor
@@ -17,7 +18,7 @@ from fido2 import cbor
 import config
 
 routes = web.RouteTableDef()
-rp = RelyingParty(config.server_domain, 'Buckler')
+rp = PublicKeyCredentialRpEntity(config.server_domain, 'Buckler')
 server = Fido2Server(rp)
 
 def auth_required(func):

buckler_aiohttp.py

@@ -16,8 +16,8 @@ async def buckler_session(request, handler):
 	Verifies the user with the configured Buckler app and retrieves any
 	session data they may have. Redirects them to the login page otherwise.
 	"""
-	user_id = request.cookies.get('userid')
+	user_id = request.cookies.get('userid', '')
-	user_sid = request.cookies.get('session')
+	user_sid = request.cookies.get('session', '')
 
 	url = config.buckler['url'] + '/get_session'
 	params = {

forms.py

@@ -89,14 +89,14 @@ async def change_password(request):
 		return errors
 
 	async with request.app['pool'].acquire() as conn:
-		pw_hash = conn.fetchrow(
+		pw_hash = await conn.fetchrow(
 			"SELECT password_hash FROM user_info WHERE id = $1",
 			request['session']['id'])
 		if not argon2.verify(current_pw, pw_hash['password_hash']):
 			errors['change_password'] = "Invalid password."
 			return errors
 		h = argon2.hash(new_pw)
-		conn.execute(
+		await conn.execute(
 			"UPDATE user_info SET password_hash = $1 WHERE id = $2",
 			h, request['session']['id'])
 	return errors