Ejemplo n.º 1
0
def webauthn_begin_login():
    username = request.form.get('login_username')
    password = request.form.get('login_password')

    if not util.validate_username(username):
        return make_response(jsonify({'fail': 'Invalid username.'}), 401)

    _, person = auth.getPerson(username)

    if not person:
        return make_response(jsonify({'fail': 'User does not exist.'}), 401)
    if not person.credential_id:
        return make_response(jsonify({'fail': 'Unknown credential ID.'}), 401)

    session.pop('challenge', None)
    session.pop('login_password', None)

    challenge = util.generate_challenge(32)

    # We strip the padding from the challenge stored in the session
    # for the reasons outlined in the comment in webauthn_begin_activate.
    session['challenge'] = challenge.rstrip('=')
    session['login_password'] = password
    
    webauthn_user = webauthn.WebAuthnUser(
        person.ukey, person.username, person.display_name, person.icon_url,
        person.credential_id, person.pub_key, person.sign_count, person.rp_id)

    webauthn_assertion_options = webauthn.WebAuthnAssertionOptions(
        webauthn_user, challenge)
    
    return jsonify(webauthn_assertion_options.assertion_dict)
Ejemplo n.º 2
0
def transfer(sender, recipient, zoobars):
    persondb, senderp = auth.getPerson(sender)
    _, recipientp = auth.getPerson(sender, db=persondb)

    senderp.zoobars -= zoobars
    recipientp.zoobars += zoobars

    # Make sure no balances went negative
    if senderp.zoobars < 0 or recipientp.zoobars < 0:
        raise ValueError()

    persondb.commit()

    transfer = Transfer()
    transfer.sender = sender
    transfer.recipient = recipient
    transfer.amount = zoobars
    transfer.time = time.asctime()

    transferdb = transfer_setup()
    transferdb.add(transfer)
    transferdb.commit()
Ejemplo n.º 3
0
def users():
    args = {}
    args['req_user'] = Markup(request.args.get('user', ''))
    if 'user' in request.values:
        _, user = auth.getPerson(request.values['user'])
        if user:
            p = user.profile

            p_markup = Markup("<b>%s</b>" % p)
            args['profile'] = p_markup

            args['user'] = user
            args['user_zoobars'] = bank.balance(user.username)
            args['transfers'] = bank.get_log(user.username)
        else:
            args['warning'] = "Cannot find that user."
    return render_template('users.html', **args)
Ejemplo n.º 4
0
def balance(username):
    db, person = auth.getPerson(username)
    return person.zoobars
Ejemplo n.º 5
0
 def setPerson(self, username, token):
     db, person = auth.getPerson(username)
     self.person = person
     self.token = token
     self.zoobars = bank.balance(username)