✨ Support WebAuthn 2.0

WebAuthn 2.0 refactored pydantic usage out of the codebase.

Tests were passing locally with both 1.x and 2.y, but for simplicity's
sake, the minimum version is now set to 2.0 so that no compat layer
is required.

There doesn't seem to have been a real reason to catch pydantic validation
errors - nothing was documented in 96bbd1a and the model does not appear
to perform additional validations (see
https://github.com/duo-labs/py_webauthn/blob/v1.11.1/webauthn/authentication/verify_authentication_response.py
), but possibly the base model did. Either way, it was not a tested
execution branch.

setup.py

@@ -21,7 +21,7 @@
     extras_require={
         'call': ['twilio>=6.0'],
         'sms': ['twilio>=6.0'],
-        'webauthn': ['webauthn>=1.11.0,<1.99'],
+        'webauthn': ['webauthn>=2.0,<2.99'],
         'yubikey': ['django-otp-yubikey'],
         'phonenumbers': ['phonenumbers>=7.0.9,<8.99'],
         'phonenumberslite': ['phonenumberslite>=7.0.9,<8.99'],

two_factor/plugins/webauthn/forms.py

@@ -6,7 +6,6 @@
 from django.utils import timezone
 from django.utils.module_loading import import_string
 from django.utils.translation import gettext_lazy as _
-from pydantic import ValidationError as PydanticValidationError
 from webauthn.helpers.exceptions import (
     InvalidAuthenticationResponse, InvalidRegistrationResponse,
 )
@@ -91,7 +90,7 @@ def _verify_token(self, user, token, device=None):
 
             new_sign_count = verify_authentication_response(
                 device.public_key, device.sign_count, self.webauthn_rp, self.webauthn_origin, challenge, token)
-        except (PydanticValidationError, WebauthnDevice.DoesNotExist, InvalidAuthenticationResponse) as exc:
+        except (WebauthnDevice.DoesNotExist, InvalidAuthenticationResponse) as exc:
             raise forms.ValidationError(_('Entered token is not valid.'), code='invalid_token') from exc
 
         device.sign_count = new_sign_count