Beispiel #1
0
    def post(self, request, *args, **kwargs):
        token = request.POST.get('token', '').strip().replace(' ', '')

        valid = False
        if '_u2f_challenge' in self.request.session and token.startswith('{'):
            devices = [DeviceRegistration.wrap(device.json_data)
                       for device in U2FDevice.objects.filter(confirmed=True, user=self.user)]
            challenge = self.request.session.pop('_u2f_challenge')
            try:
                u2f.verify_authenticate(devices, challenge, token, [self.app_id])
                valid = True
            except Exception:
                logger.exception('U2F login failed')
        else:
            valid = match_token(self.user, token)

        if valid:
            auth_login(request, self.user)
            request.session['pretix_auth_login_time'] = int(time.time())
            del request.session['pretix_auth_2fa_user']
            del request.session['pretix_auth_2fa_time']
            if "next" in request.GET and is_safe_url(request.GET.get("next"), allowed_hosts=None):
                return redirect(request.GET.get("next"))
            return redirect(reverse('control:index'))
        else:
            messages.error(request, _('Invalid code, please try again.'))
            return redirect('control:auth.login.2fa')
Beispiel #2
0
    def post(self, request, *args, **kwargs):
        password = request.POST.get("password", "")
        valid = False

        if '_u2f_challenge' in self.request.session and password.startswith(
                '{'):
            devices = [
                DeviceRegistration.wrap(device.json_data)
                for device in U2FDevice.objects.filter(confirmed=True,
                                                       user=self.request.user)
            ]
            challenge = self.request.session.pop('_u2f_challenge')
            try:
                u2f.verify_authenticate(devices, challenge, password,
                                        [self.app_id])
                valid = True
            except Exception:
                logger.exception('U2F login failed')

        valid = valid or request.user.check_password(password)

        if valid:
            t = int(time.time())
            request.session['pretix_auth_login_time'] = t
            request.session['pretix_auth_last_used'] = t
            if "next" in request.GET and is_safe_url(request.GET.get("next")):
                return redirect(request.GET.get("next"))
            return redirect(reverse('control:index'))
        else:
            messages.error(
                request,
                _('The password you entered was invalid, please try again.'))
            return self.get(request, *args, **kwargs)
Beispiel #3
0
    def post(self, request, *args, **kwargs):
        password = request.POST.get("password", "")
        valid = False

        if '_u2f_challenge' in self.request.session and password.startswith('{'):
            devices = [DeviceRegistration.wrap(device.json_data)
                       for device in U2FDevice.objects.filter(confirmed=True, user=self.request.user)]
            challenge = self.request.session.pop('_u2f_challenge')
            try:
                u2f.verify_authenticate(devices, challenge, password, [self.app_id])
                valid = True
            except Exception:
                logger.exception('U2F login failed')

        valid = valid or request.user.check_password(password)

        if valid:
            t = int(time.time())
            request.session['pretix_auth_login_time'] = t
            request.session['pretix_auth_last_used'] = t
            if "next" in request.GET and is_safe_url(request.GET.get("next"), allowed_hosts=None):
                return redirect(request.GET.get("next"))
            return redirect(reverse('control:index'))
        else:
            messages.error(request, _('The password you entered was invalid, please try again.'))
            return self.get(request, *args, **kwargs)
Beispiel #4
0
    def post(self, request, *args, **kwargs):
        token = request.POST.get('token', '').strip().replace(' ', '')

        valid = False
        if '_u2f_challenge' in self.request.session and token.startswith('{'):
            devices = [
                DeviceRegistration.wrap(device.json_data)
                for device in U2FDevice.objects.filter(confirmed=True,
                                                       user=self.user)
            ]
            challenge = self.request.session.pop('_u2f_challenge')
            try:
                u2f.verify_authenticate(devices, challenge, token,
                                        [self.app_id])
                valid = True
            except Exception:
                logger.exception('U2F login failed')
        else:
            valid = match_token(self.user, token)

        if valid:
            auth_login(request, self.user)
            request.session['pretix_auth_login_time'] = int(time.time())
            del request.session['pretix_auth_2fa_user']
            del request.session['pretix_auth_2fa_time']
            if "next" in request.GET and is_safe_url(request.GET.get("next")):
                return redirect(request.GET.get("next"))
            return redirect(reverse('control:index'))
        else:
            messages.error(request, _('Invalid code, please try again.'))
            return redirect('control:auth.login.2fa')
Beispiel #5
0
    def verify(self, username, data):
        user = self.users[username]
        devices = map(DeviceRegistration.wrap, user.get('_u2f_devices_', []))

        challenge = user.pop('_u2f_challenge_')
        c, t = verify_authenticate(devices, challenge, data, [self.facet])
        return json.dumps({'touch': t, 'counter': c})
Beispiel #6
0
    def verify(self, user_name, object_dn, key):

        # Do we have read permissions for the requested attribute
        self.__check_acl(user_name, object_dn, "r")

        # Get the object for the given dn
        user = ObjectProxy(object_dn)
        factor_method = self.get_method_from_user(user)
        user_settings = self.__settings[user.uuid] if user.uuid in self.__settings else {}
        if factor_method == "otp":
            totp = TOTP(user_settings.get('otp_secret'))
            return totp.verify(key)

        elif factor_method == "u2f":
            devices = [DeviceRegistration.wrap(device)
                       for device in user_settings.get('_u2f_devices_', [])]

            challenge = user_settings.pop('_u2f_challenge_')
            data = loads(key)
            c, t = verify_authenticate(devices, challenge, data, [self.facet])
            return {
                'touch': t,
                'counter': c
            }

        elif factor_method is None:
            return True

        return False
Beispiel #7
0
    def verify(self, user_name, object_dn, key):

        # Do we have read permissions for the requested attribute
        self.__check_acl(user_name, object_dn, "r")

        # Get the object for the given dn
        user = ObjectProxy(object_dn)
        factor_method = self.get_method_from_user(user)
        user_settings = self.__settings[
            user.uuid] if user.uuid in self.__settings else {}
        if factor_method == "otp":
            totp = TOTP(user_settings.get('otp_secret'))
            return totp.verify(key)

        elif factor_method == "u2f":
            devices = [
                DeviceRegistration.wrap(device)
                for device in user_settings.get('_u2f_devices_', [])
            ]

            challenge = user_settings.pop('_u2f_challenge_')
            data = loads(key)
            c, t = verify_authenticate(devices, challenge, data, [self.facet])
            return {'touch': t, 'counter': c}

        elif factor_method is None:
            return True

        return False
 def validate_response(self, request, challenge, response):
     try:
         counter, touch = u2f.verify_authenticate(self.get_u2f_devices(),
                                                  challenge, response,
                                                  self.u2f_facets)
     except (InvalidSignature, InvalidKey, StopIteration):
         return False
     return True
Beispiel #9
0
 def validate_response(self, request, challenge, response):
     try:
         counter, touch = u2f.verify_authenticate(self.get_u2f_devices(),
                                                  challenge, response,
                                                  self.u2f_facets)
     except (InvalidSignature, InvalidKey, StopIteration):
         return False
     return True
    def verify(self, username, data):
        user = self.users[username]
        devices = map(DeviceRegistration.wrap, user.get('_u2f_devices_', []))

        challenge = user.pop('_u2f_challenge_')
        c, t = verify_authenticate(devices, challenge, data, [self.facet])
        return json.dumps({
            'touch': t,
            'counter': c
        })
Beispiel #11
0
    def test_authenticate_single_soft_u2f(self):
        # Register
        device, token = register_token()

        # Authenticate
        sign_request = u2f.start_authenticate([device])

        response1 = token.getAssertion(
            sign_request.authenticateRequests[0].json, FACET)

        assert u2f.verify_authenticate([device], sign_request, response1)
    def verify(self, username, data):
        user = self.users[username]
        devices = [DeviceRegistration.wrap(device)
                   for device in user.get('_u2f_devices_', [])]

        challenge = user.pop('_u2f_challenge_')
        counter, touch = verify_authenticate(devices, challenge, data, self.facets)

        return json.dumps({
            'touch': bool(touch),
            'counter': counter
        })
Beispiel #13
0
    def test_authenticate_multiple_soft_u2f(self):
        # Register
        device1, token1 = register_token()
        device2, token2 = register_token([device1])

        # Authenticate
        auth_request_data = u2f.start_authenticate([device1, device2])

        response = token1.getAssertion(
            auth_request_data.authenticateRequests[0].json, FACET)

        assert u2f.verify_authenticate([device1, device2], auth_request_data,
                                       response)
    def test_authenticate_single_soft_u2f(self):
        # Register
        device, token = register_token()

        # Authenticate
        sign_request = u2f.start_authenticate([device])

        response1 = token.getAssertion(
            sign_request.authenticateRequests[0].json,
            FACET
        )

        assert u2f.verify_authenticate([device], sign_request, response1)
Beispiel #15
0
def userVerify(id):
    try:
        user = User().getObjectsByKey("_id", id)[0]
    except Exception as e:
        return abort(404)

    try:
        devices = map(DeviceRegistration.wrap, user.u2f_devices)
    except:
        devices = []

    challenge = user.u2f_challenge
    c, t = verify_authenticate(devices, challenge, data)
    return json.dumps({'touch': t, 'counter': c})
    def test_authenticate_multiple_soft_u2f(self):
        # Register
        device1, token1 = register_token()
        device2, token2 = register_token([device1])

        # Authenticate
        auth_request_data = u2f.start_authenticate([device1, device2])

        response = token1.getAssertion(
            auth_request_data.authenticateRequests[0].json,
            FACET
        )

        assert u2f.verify_authenticate([device1, device2],
                                       auth_request_data,
                                       response)