def test_verify_registration_response_failure(monkeypatch):
response_obj = pretend.stub(
verify=pretend.raiser(pywebauthn.webauthn.RegistrationRejectedException)
)
response_cls = pretend.call_recorder(lambda *a, **kw: response_obj)
monkeypatch.setattr(pywebauthn, "WebAuthnRegistrationResponse", response_cls)
with pytest.raises(webauthn.RegistrationRejectedException):
webauthn.verify_registration_response(
{}, "not_a_real_challenge", rp_id="fake_rp_id", origin="fake_origin"
)
def test_verify_registration_response_failure(monkeypatch):
monkeypatch.setattr(
pywebauthn,
"verify_registration_response",
pretend.raiser(pywebauthn.helpers.exceptions.InvalidRegistrationResponse),
)
with pytest.raises(webauthn.RegistrationRejectedError):
webauthn.verify_registration_response(
(
'{"id": "foo", "rawId": "foo", "response": '
'{"attestationObject": "foo", "clientDataJSON": "bar"}}'
),
b"not_a_real_challenge",
rp_id="fake_rp_id",
origin="fake_origin",
)
def test_verify_registration_response(monkeypatch):
fake_verified_registration = VerifiedRegistration(
credential_id=b"foo",
credential_public_key=b"bar",
sign_count=0,
aaguid="wutang",
fmt=AttestationFormat.NONE,
credential_type=PublicKeyCredentialType.PUBLIC_KEY,
user_verified=False,
attestation_object=b"foobar",
)
mock_verify_registration_response = pretend.call_recorder(
lambda *a, **kw: fake_verified_registration
)
monkeypatch.setattr(
pywebauthn, "verify_registration_response", mock_verify_registration_response
)
resp = webauthn.verify_registration_response(
(
'{"id": "foo", "rawId": "foo", "response": '
'{"attestationObject": "foo", "clientDataJSON": "bar"}}'
),
b"not_a_real_challenge",
rp_id="fake_rp_id",
origin="fake_origin",
)
assert mock_verify_registration_response.calls == [
pretend.call(
credential=RegistrationCredential(
id="foo",
raw_id=b"~\x8a",
response=AuthenticatorAttestationResponse(
client_data_json=b"m\xaa", attestation_object=b"~\x8a"
),
transports=None,
type=PublicKeyCredentialType.PUBLIC_KEY,
),
expected_challenge=bytes_to_base64url(b"not_a_real_challenge").encode(),
expected_rp_id="fake_rp_id",
expected_origin="fake_origin",
require_user_verification=False,
)
]
assert resp == fake_verified_registration
def verify_webauthn_credential(self, credential, *, challenge, rp_id,
origin):
"""
Checks whether the given credential is valid, i.e. suitable for generating
assertions during authentication.
Returns the validated credential on success, raises
webauthn.RegistrationRejectedException on failure.
"""
validated_credential = webauthn.verify_registration_response(
credential, challenge=challenge, rp_id=rp_id, origin=origin)
webauthn_cred = (self.db.query(WebAuthn).filter_by(
credential_id=validated_credential.credential_id.decode()).first())
if webauthn_cred is not None:
raise webauthn.RegistrationRejectedException(
"Credential ID already in use")
return validated_credential
def test_verify_registration_response(monkeypatch):
response_obj = pretend.stub(
verify=pretend.call_recorder(lambda: "not a real object")
)
response_cls = pretend.call_recorder(lambda *a, **kw: response_obj)
monkeypatch.setattr(pywebauthn, "WebAuthnRegistrationResponse", response_cls)
resp = webauthn.verify_registration_response(
{}, "not_a_real_challenge", rp_id="fake_rp_id", origin="fake_origin"
)
assert response_cls.calls == [
pretend.call(
"fake_rp_id",
"fake_origin",
{},
webauthn._webauthn_b64encode("not_a_real_challenge".encode()).decode(),
self_attestation_permitted=True,
)
]
assert resp == "not a real object"
