Example #1
0
    def validate_webauthn_provision(self):
        form = ProvisionWebAuthnForm(
            **self.request.POST,
            user_service=self.user_service,
            user_id=self.request.user.id,
            challenge=self.request.session.get_webauthn_challenge(),
            rp_id=self.request.domain,
            origin=self.request.host_url,
        )

        self.request.session.clear_webauthn_challenge()

        if form.validate():
            self.user_service.add_webauthn(
                self.request.user.id,
                label=form.label.data,
                credential_id=form.validated_credential.credential_id.decode(),
                public_key=form.validated_credential.public_key.decode(),
                sign_count=form.validated_credential.sign_count,
            )
            self.request.session.flash("WebAuthn successfully provisioned.",
                                       queue="success")
            return {"success": "WebAuthn successfully provisioned"}

        errors = [
            str(error) for error_list in form.errors.values()
            for error in error_list
        ]
        return {"fail": {"errors": errors}}
Example #2
0
    def validate_webauthn_provision(self):
        form = ProvisionWebAuthnForm(
            **self.request.POST,
            user_service=self.user_service,
            user_id=self.request.user.id,
            challenge=self.request.session.get_webauthn_challenge(),
            rp_id=self.request.domain,
            origin=self.request.host_url,
        )

        self.request.session.clear_webauthn_challenge()

        if form.validate():
            self.user_service.add_webauthn(
                self.request.user.id,
                label=form.label.data,
                credential_id=form.validated_credential.credential_id.decode(),
                public_key=form.validated_credential.public_key.decode(),
                sign_count=form.validated_credential.sign_count,
            )
            self.user_service.record_event(
                self.request.user.id,
                tag="account:two_factor:method_added",
                ip_address=self.request.remote_addr,
                additional={"method": "webauthn", "label": form.label.data},
            )
            self.request.session.flash(
                "Security device successfully set up", queue="success"
            )
            return {"success": "Security device successfully set up"}

        errors = [
            str(error) for error_list in form.errors.values() for error in error_list
        ]
        return {"fail": {"errors": errors}}