Beispiel #1
0
    def post(self, request, *args, **kwargs):
        try:
            binding, cert = u2f.complete_register(self.request.session.pop('_u2f_enroll'),
                                                  request.POST.get('token'),
                                                  [self.app_id])
            self.device.json_data = binding.json
            self.device.confirmed = True
            self.device.save()
            self.request.user.log_action('pretix.user.settings.2fa.device.added', user=self.request.user, data={
                'id': self.device.pk,
                'devicetype': 'u2f',
                'name': self.device.name,
            })
            self.request.user.send_security_notice([
                _('A new two-factor authentication device has been added to your account.')
            ])

            messages.success(request, _('The device has been verified and can now be used.'))
            return redirect(reverse('control:user.settings.2fa'))
        except Exception:
            messages.error(request, _('The registration could not be completed. Please try again.'))
            logger.exception('U2F registration failed')
            return redirect(reverse('control:user.settings.2fa.confirm.u2f', kwargs={
                'device': self.device.pk
            }))
 def try_enroll(self, enrollment_data, response_data, device_name=None):
     binding, cert = u2f.complete_register(enrollment_data, response_data,
                                           self.u2f_facets)
     devices = self.config.setdefault('devices', [])
     devices.append({
         'name': device_name or 'Security Key',
         'ts': int(time.time()),
         'binding': dict(binding),
     })
Beispiel #3
0
 def try_enroll(self, enrollment_data, response_data, device_name=None):
     binding, cert = u2f.complete_register(enrollment_data, response_data,
                                           self.u2f_facets)
     devices = self.config.setdefault('devices', [])
     devices.append({
         'name': device_name or 'Security Key',
         'ts': int(time.time()),
         'binding': dict(binding),
     })
Beispiel #4
0
 def try_enroll(self, response_data):
     # XXX: handle error
     enrollment_data = self.config.get('enrollment')
     if enrollment_data is None:
         raise RuntimeError('This authenticator is not in a state that '
                            'permits user enrollment.')
     binding, cert = u2f.complete_register(enrollment_data, response_data,
                                           self.u2f_facets)
     self.config['device'] = dict(binding)
Beispiel #5
0
    def bind(self, username, data):
        user = self.users[username]
        binding, cert = complete_register(user.pop('_u2f_enroll_'), data,
                                          [self.facet])
        devices = map(DeviceRegistration.wrap, user.get('_u2f_devices_', []))
        devices.append(binding)
        user['_u2f_devices_'] = [d.json for d in devices]

        log.info("U2F device enrolled. Username: %s", username)
        log.debug("Attestation certificate:\n%s", cert.as_text())

        return json.dumps(True)
    def bind(self, username, data):
        user = self.users[username]
        binding, cert = complete_register(user.pop('_u2f_enroll_'), data,
                                          [self.facet])
        devices = map(DeviceRegistration.wrap, user.get('_u2f_devices_', []))
        devices.append(binding)
        user['_u2f_devices_'] = [d.json for d in devices]

        log.info("U2F device enrolled. Username: %s", username)
        log.debug("Attestation certificate:\n%s", cert.as_text())

        return json.dumps(True)
Beispiel #7
0
    def post(self, request, *args, **kwargs):
        try:
            binding, cert = u2f.complete_register(
                self.request.session.pop('_u2f_enroll'),
                request.POST.get('token'), [self.app_id])
            self.device.json_data = binding.json
            self.device.confirmed = True
            self.device.save()
            self.request.user.log_action(
                'pretix.user.settings.2fa.device.added',
                user=self.request.user,
                data={
                    'id': self.device.pk,
                    'devicetype': 'u2f',
                    'name': self.device.name,
                })
            notices = [
                _('A new two-factor authentication device has been added to your account.'
                  )
            ]
            activate = request.POST.get('activate', '')
            if activate == 'on' and not self.request.user.require_2fa:
                self.request.user.require_2fa = True
                self.request.user.save()
                self.request.user.log_action(
                    'pretix.user.settings.2fa.enabled', user=self.request.user)
                notices.append(
                    _('Two-factor authentication has been enabled.'))
            self.request.user.send_security_notice(notices)

            note = ''
            if not self.request.user.require_2fa:
                note = ' ' + str(
                    _('Please note that you still need to enable two-factor authentication for your '
                      'account using the buttons below to make a second factor required for logging '
                      'into your account.'))
            messages.success(
                request,
                str(_('The device has been verified and can now be used.')) +
                note)
            return redirect(reverse('control:user.settings.2fa'))
        except Exception:
            messages.error(
                request,
                _('The registration could not be completed. Please try again.')
            )
            logger.exception('U2F registration failed')
            return redirect(
                reverse('control:user.settings.2fa.confirm.u2f',
                        kwargs={'device': self.device.pk}))
    def bind(self, username, data):
        user = self.users[username]
        binding, cert = complete_register(user.pop('_u2f_enroll_'), data,
                                          self.facets)

        devices = [DeviceRegistration.wrap(device)
                   for device in user.get('_u2f_devices_', [])]

        devices.append(binding)
        user['_u2f_devices_'] = [d.json for d in devices]

        log.info("U2F device enrolled. Username: %s", username)
        log.debug("Attestation certificate:\n%s", cert.public_bytes(Encoding.PEM))

        return json.dumps(True)
Beispiel #9
0
    def completeU2FRegistration(self, user_name, object_dn, data):

        # Do we have write permissions for the requested attribute
        self.__check_acl(user_name, object_dn, "w")

        user = ObjectProxy(object_dn)
        user_settings = self.__settings[user.uuid]
        data = loads(data)
        binding, cert = complete_register(user_settings.pop('_u2f_enroll_'), data,
                                          [self.facet])
        devices = [DeviceRegistration.wrap(device)
                   for device in user_settings.get('_u2f_devices_', [])]
        devices.append(binding)
        user_settings['_u2f_devices_'] = [d.json for d in devices]
        self.__save_settings()

        self.__log.info("U2F device enrolled. Username: %s", user_name)
        self.__log.debug("Attestation certificate:\n%s", cert.public_bytes(Encoding.PEM))

        return True
Beispiel #10
0
    def post(self, request, *args, **kwargs):
        try:
            binding, cert = u2f.complete_register(self.request.session.pop('_u2f_enroll'),
                                                  request.POST.get('token'),
                                                  [self.app_id])
            self.device.json_data = binding.json
            self.device.confirmed = True
            self.device.save()
            self.request.user.log_action('pretix.user.settings.2fa.device.added', user=self.request.user, data={
                'id': self.device.pk,
                'devicetype': 'u2f',
                'name': self.device.name,
            })
            notices = [
                _('A new two-factor authentication device has been added to your account.')
            ]
            activate = request.POST.get('activate', '')
            if activate == 'on' and not self.request.user.require_2fa:
                self.request.user.require_2fa = True
                self.request.user.save()
                self.request.user.log_action('pretix.user.settings.2fa.enabled', user=self.request.user)
                notices.append(
                    _('Two-factor authentication has been enabled.')
                )
            self.request.user.send_security_notice(notices)

            note = ''
            if not self.request.user.require_2fa:
                note = ' ' + str(_('Please note that you still need to enable two-factor authentication for your '
                                   'account using the buttons below to make a second factor required for logging '
                                   'into your account.'))
            messages.success(request, str(_('The device has been verified and can now be used.')) + note)
            return redirect(reverse('control:user.settings.2fa'))
        except Exception:
            messages.error(request, _('The registration could not be completed. Please try again.'))
            logger.exception('U2F registration failed')
            return redirect(reverse('control:user.settings.2fa.confirm.u2f', kwargs={
                'device': self.device.pk
            }))
Beispiel #11
0
def userBind(id):
    try:
        user = User().getObjectsByKey("_id", id)[0]
    except Exception as e:
        return abort(404)

    data = request.data.get("data", None)
    enroll = user.u2f_enroll
    binding, cert = complete_register(enroll, data, [])

    try:
        devices = map(DeviceRegistration.wrap, user.u2f_devices)
    except:
        devices = []

    devices.append(binding)
    user.u2f_devices = [d.json for d in devices]

    print "U2F device enrolled. Username: %s" % user.username
    print "Attestation certificate:\n%s" % cert.as_text()

    return json.dumps(True)
Beispiel #12
0
    def completeU2FRegistration(self, user_name, object_dn, data):

        # Do we have write permissions for the requested attribute
        self.__check_acl(user_name, object_dn, "w")

        user = ObjectProxy(object_dn)
        user_settings = self.__settings[user.uuid]
        data = loads(data)
        binding, cert = complete_register(user_settings.pop('_u2f_enroll_'),
                                          data, [self.facet])
        devices = [
            DeviceRegistration.wrap(device)
            for device in user_settings.get('_u2f_devices_', [])
        ]
        devices.append(binding)
        user_settings['_u2f_devices_'] = [d.json for d in devices]
        self.__save_settings()

        self.__log.info("U2F device enrolled. Username: %s", user_name)
        self.__log.debug("Attestation certificate:\n%s",
                         cert.public_bytes(Encoding.PEM))

        return True
Beispiel #13
0
def register_token(devices=[]):
    token = SoftU2FDevice()
    request_data = u2f.start_register(APP_ID, devices)
    response = token.register(request_data.registerRequests[0].json, FACET)
    device, cert = u2f.complete_register(request_data, response)
    return device, token
def register_token(devices=[]):
    token = SoftU2FDevice()
    request_data = u2f.start_register(APP_ID, devices)
    response = token.register(request_data.registerRequests[0].json, FACET)
    device, cert = u2f.complete_register(request_data, response)
    return device, token
Beispiel #15
0
 def try_enroll(self, enrollment_data, response_data, device_name=None):
     binding, cert = u2f.complete_register(enrollment_data, response_data, self.u2f_facets)
     devices = self.config.setdefault("devices", [])
     devices.append({"name": device_name or "Security Key", "ts": int(time.time()), "binding": dict(binding)})