Ejemplo n.º 1
0
def verify_assertion(request):
    print("verify_assertion")
    challenge = request.session.get('challenge', False)
    assertion_response = request.POST
    credential_id = assertion_response.get('id')

    user = User_T.get(credential_id=credential_id)
    if not user:
        return JsonResponse({'fail': 'User does not exist.'})

    webauthn_user = webauthn.WebAuthnUser(user.ukey, user.username,
                                          user.display_name, user.icon_url,
                                          user.credential_id, user.pub_key,
                                          user.sign_count, user.rp_id)

    webauthn_assertion_response = webauthn.WebAuthnAssertionResponse(
        webauthn_user,
        assertion_response,
        challenge,
        ORIGIN,
        uv_required=False)  # User Verification

    try:
        sign_count = webauthn_assertion_response.verify()
    except Exception as e:
        return JsonResponse({'fail': 'Assertion failed. Error: {}'.format(e)})

    # Update counter.
    user.sign_count = sign_count
    user.save()

    login(request, user)

    return JsonResponse(
        {'success': 'Successfully authenticated as {}'.format(user.username)})
Ejemplo n.º 2
0
def verify_assertion():
    challenge = session.get("challenge")
    print(session)
    print("------------------------------------------")
    assertion_response = request.form
    credential_id = assertion_response.get("id")

    user = User.query.filter_by(credential_id=credential_id).first()
    if not user:
        return make_response(jsonify({"fail": "User does not exist."}), 401)

    webauthn_user = webauthn.WebAuthnUser(
        user.ukey,
        user.username,
        user.display_name,
        user.icon_url,
        user.credential_id,
        user.pub_key,
        user.sign_count,
        user.rp_id,
    )

    webauthn_assertion_response = webauthn.WebAuthnAssertionResponse(
        webauthn_user,
        assertion_response,
        challenge,
        ORIGIN,
        uv_required=False)  # User Verification

    sign_count = webauthn_assertion_response.verify()

    # Update counter.
    user.sign_count = sign_count
    db.session.add(user)
    db.session.commit()

    # Add to session
    session['user_is_authenticated'] = True
    session['user_rollno'] = user.rollno
    if user.is_staff:
        session['is_staff'] = True
        print("IM STAFF")
        return jsonify({
            "success":
            "Successfully logged in as {}".format(user.username),
            "is_staff":
            True,
            "student_id":
            user.rollno
        })
    else:
        session['is_staff'] = False
        return jsonify({
            "success":
            "Successfully logged in as {}".format(user.username),
            "is_staff":
            False,
            "staff_id":
            user.rollno
        })
Ejemplo n.º 3
0
def webauthn_begin_assertion():

    rollno = request.form.get("rollno")
    if not rollno:
        rollno = session.get('user_rollno')
    user = User.query.filter_by(rollno=rollno).first()

    if not user:
        return make_response(jsonify({"fail": "User does not exist."}), 401)
    if not user.credential_id:
        return make_response(jsonify({"fail": "Unknown credential ID."}), 401)

    challenge = util.generate_challenge(32)

    webauthn_user = webauthn.WebAuthnUser(
        user.ukey,
        user.username,
        user.display_name,
        user.icon_url,
        user.credential_id,
        user.pub_key,
        user.sign_count,
        user.rp_id,
    )

    webauthn_assertion_options = webauthn.WebAuthnAssertionOptions(
        webauthn_user, challenge)
    session["challenge"] = challenge.rstrip("=")
    session["user_rollno"] = rollno
    print(session.get('challenge'))
    response = make_response(
        jsonify(webauthn_assertion_options.assertion_dict), 200)
    return response
Ejemplo n.º 4
0
def make_user(user, device, relying_party):
    return webauthn.WebAuthnUser(
        user_id=make_user_id(user),
        username=user.get_username(),
        display_name=user.get_full_name(),
        icon_url=None,
        credential_id=device.key_handle,
        public_key=device.public_key,
        sign_count=device.sign_count,
        rp_id=relying_party['id'],
    )
Ejemplo n.º 5
0
def webauthn_begin_assertion(request):
    username = request.POST.get('login_username')
    challenge = generate_challenge(32)
    user = User_T.objects.get(username=username)
    if 'challenge' in request.session:
        del request.session['challenge']

    challenge = generate_challenge(32)

    request.session['challenge'] = challenge
    webauthn_user = webauthn.WebAuthnUser(user.ukey, user.username,
                                          user.display_name, user.icon_url,
                                          user.credential_id, user.pub_key,
                                          user.sign_count, user.rp_id)

    webauthn_assertion_options = webauthn.WebAuthnAssertionOptions(
        webauthn_user, challenge)
    return JsonResponse(webauthn_assertion_options.assertion_dict)
Ejemplo n.º 6
0
def verify_assertion_attendance():

    latitude = request.form.get("latitude")
    longitude = request.form.get("longitude")
    rollno = request.form.get("rollno")
    staff_id = request.form.get("staff_code")
    course_code = request.form.get("course_code")
    period = request.form.get("period")

    challenge = session.get("challenge")

    assertion_response = request.form
    credential_id = assertion_response.get("id")

    user = User.query.filter_by(credential_id=credential_id).first()
    if not user:
        return make_response(jsonify({"fail": "User does not exist."}), 401)

    webauthn_user = webauthn.WebAuthnUser(
        user.ukey,
        user.username,
        user.display_name,
        user.icon_url,
        user.credential_id,
        user.pub_key,
        user.sign_count,
        user.rp_id,
    )

    webauthn_assertion_response = webauthn.WebAuthnAssertionResponse(
        webauthn_user,
        assertion_response,
        challenge,
        ORIGIN,
        uv_required=False)  # User Verification

    sign_count = webauthn_assertion_response.verify()

    # Update counter.
    user.sign_count = sign_count

    todays_datetime = datetime(datetime.today().year,
                               datetime.today().month,
                               datetime.today().day)

    attendance = Attendance.query.filter_by(
        roll_no=rollno,
        staff_id=staff_id,
        period=period,
        logged_time=todays_datetime).first()
    if attendance:
        return make_response(
            jsonify({"fail": "Attendance has already been registered"}), 200)

    db.session.add(user)
    db.session.commit()

    # check if the attendance is given at the correct lat, long
    loc = Course.query.filter_by(latitude=latitude,
                                 longitude=longitude).first()
    if not loc:
        return make_response(
            jsonify(
                {"fail": "Location Incorrect, Please be at correct location"}),
            200)

    location = Location(latitude=latitude, longitude=longitude)
    attendance = Attendance(
        roll_no=rollno,
        staff_id=staff_id,
        is_present=1,
        is_fingerprint=1,
        logged_time=datetime.datetime.now(),
        period=period,
        location=location,
        course_code=course_code,
    )
    db.session.add(attendance)
    db.session.commit()
    return jsonify(
        {"success": "Successfully authenticated as {}".format(user.username)})