def _parse_request(self, data): request = Request() for row in data: request.id = row["id"] request.nonce = row["nonce"] request.time = row["time"] request.userId = row["user_id"] request.success = row["success"] return request
def authentication_request_get(message): ''' This is the url that other system uses to redirect the user in order to authenticate them ''' try: message = JWS().verify_compact(message, keys=[public_key]) except BadSignature: return "Signature invalid" # todo check whether signed correctly raise BadSignature satosa_request = Request(message) user = database.get_user(satosa_request.userId) if not database.request_exists(satosa_request): database.save_request(satosa_request) else: return "REPLAY ATTACK" if not user: database.save_user(satosa_request.userId) new_user = database.get_user(satosa_request.userId) login_user(new_user) return render_template('satosa_registration_index.html', username1=satosa_request.userId, redirect_url1=cfg['caller']['callback-url']) if len(database.get_credentials(satosa_request.userId)) == 0: new_user = database.get_user(satosa_request.userId) login_user(new_user) return render_template('satosa_registration_index.html', username1=satosa_request.userId, redirect_url1=cfg['caller']['callback-url']) if cfg['host']['turn-off'] and database.is_turned_off(user.id): database.turn_on(user.id) login_user(user) satosa_request = Request() satosa_request.userId = user.id database.make_success(satosa_request) username = current_user.id credentials_array = database.get_credentials(username) return render_template("credentials.html", credentials=credentials_array, username1=username, url=ORIGIN, turn_off=cfg['host']['turn-off'], timeout=int( cfg['host']['turn-off-timeout-seconds'])) return render_template('satosa_index.html', username1=satosa_request.userId, redirect_url1=cfg['caller']['callback-url'])
def verify_assertion(): ''' This url is called to authenticate the user ''' challenge = session.get('challenge') assertion_response = request.form credential_id = assertion_response.get('id') credential = database.get_credential(credential_id) if not credential: return make_response(jsonify({'fail': 'User does not exist.'}), 401) webauthn_user = webauthn.WebAuthnUser( credential.ukey, credential.username, credential.display_name, credential.icon_url, credential.credential_id, credential.pub_key, credential.sign_count, credential.rp_id) webauthn_assertion_response = webauthn.WebAuthnAssertionResponse( webauthn_user, assertion_response, challenge, ORIGIN, uv_required=False) # User Verification try: sign_count = webauthn_assertion_response.verify() except Exception as e: raise e return jsonify({'fail': 'Assertion failed. Error: {}'.format(e)}) # Update counter. credential.sign_count = sign_count database.increment_sign_count(credential) satosa_request = Request() satosa_request.userId = credential.username database.make_success(satosa_request) user = User() user.id = credential.username login_user(user) return jsonify({'success': 'User successfully logged in.'})
def verify_credential_info(): ''' This url is called to verify and register the token ''' challenge = session['challenge'] username = session['register_username'] display_name = session['register_display_name'] ukey = session['register_ukey'] user_exists = database.user_exists(username) if not user_exists or not current_user.is_authenticated or not username == current_user.id: return make_response(jsonify({'fail': 'User not logged in.'}), 401) registration_response = request.form trust_anchor_dir = os.path.join(os.path.dirname(os.path.abspath(__file__)), TRUST_ANCHOR_DIR) trusted_attestation_cert_required = True self_attestation_permitted = True none_attestation_permitted = True webauthn_registration_response = webauthn.WebAuthnRegistrationResponse( RP_ID, ORIGIN, registration_response, challenge, trust_anchor_dir, trusted_attestation_cert_required, self_attestation_permitted, none_attestation_permitted, uv_required=False) # User Verification try: webauthn_credential = webauthn_registration_response.verify() except Exception as e: return jsonify({'fail': 'Registration failed. Error: {}'.format(e)}) credential_id_exists = database.credential_exists( webauthn_credential.credential_id) if credential_id_exists: return make_response( jsonify({'fail': 'Credential ID already exists.'}), 401) existing_user = database.user_exists(username) credential = Credential() if not existing_user or True: if sys.version_info >= (3, 0): webauthn_credential.credential_id = str( webauthn_credential.credential_id, "utf-8") webauthn_credential.public_key = str( webauthn_credential.public_key, "utf-8") credential.id = randint(1, 100000) credential.ukey = ukey credential.username = username credential.display_name = display_name credential.pub_key = webauthn_credential.public_key credential.credential_id = webauthn_credential.credential_id credential.sign_count = webauthn_credential.sign_count credential.rp_id = RP_ID credential.icon_url = 'https://example.com' database.save_credential(credential) database.turn_on(credential.username) else: return make_response(jsonify({'fail': 'User already exists.'}), 401) satosa_request = Request() satosa_request.userId = credential.username database.make_success(satosa_request) user = database.get_user(credential.username) login_user(user) return jsonify({'success': 'User successfully registered.'})