def create_new_apikey(email):
# TODO: we should put this in a while loop in the extremely unlikely chance
# there is a collision of UUIDs in the database. It is assumed at this point
# in the flow that the DB was already checked for this email address, and
# no key exists yet.
new_key = Key(apikey=uuid.uuid4().hex, email=email)
try:
db.session.add(new_key)
db.session.commit()
return standardize_response(payload=dict(data=new_key.serialize))
except Exception as e:
logger.error(e)
return standardize_response(status_code=500)
def create_new_apikey(email, session):
# TODO: we should put this in a while loop in the extremely unlikely chance
# there is a collision of UUIDs in the database. It is assumed at this point
# in the flow that the DB was already checked for this email address, and
# no key exists yet.
new_key = Key(apikey=get_new_key_value(), email=email)
try:
session.add(new_key)
session.commit()
return new_key
except Exception as e:
auth_logger.exception(e)
return None
def create_new_apikey(email):
# TODO: we should put this in a while loop in the extremely unlikely chance
# there is a collision of UUIDs in the database. It is assumed at this point
# in the flow that the DB was already checked for this email address, and
# no key exists yet.
new_key = Key(
apikey=uuid.uuid4().hex,
email=email
)
try:
db.session.add(new_key)
db.session.commit()
return standardize_response(new_key.serialize, None, "ok")
except Exception as e:
logger.error(e)
errors = [{"code": "internal-server-error"}]
return standardize_response(None, errors, "internal server error", 500)
def register_complete():
user_id = current_user.get_id()
database_id = User.get_database_id(user_id)
data = cbor.decode(request.get_data())
client_data = ClientData(data["clientDataJSON"])
att_obj = AttestationObject(data["attestationObject"])
auth_data = server.register_complete(session["state"], client_data,
att_obj)
webauthn_data = Webauthn.query.filter_by(user_id=database_id).first()
new_key = Key(
name=f"Key {webauthn_data.number + 1}",
aaguid=auth_data.credential_data.aaguid,
credential_id=auth_data.credential_data.credential_id,
client_data_hash=hashlib.sha256(client_data).digest(),
public_key=cbor.encode(auth_data.credential_data.public_key),
counter=att_obj.auth_data.counter,
attestation=data["attestationObject"],
info="TODO",
last_access=datetime.utcnow(),
created=datetime.utcnow(),
user_id=database_id,
)
if webauthn_data.number <= 10:
webauthn_data.number += 1
db.session.add(webauthn_data)
db.session.add(new_key)
db.session.commit()
return cbor.encode({"status": "OK"})
else:
flash(_("Too much keys registered"))
return (
cbor.encode({
"status": "error",
"reason": "Too much keys registered"
}),
401,
)
def init_database():
db.create_all()
user1 = User(username="******", email="*****@*****.**")
user1.set_password("[email protected]<")
user2 = User(username="******", email="*****@*****.**")
user2.set_password("m7ZTbjQdwuUFU/Zy6la+k6uUtniBExIgEhmBPduKexM=")
user3 = User(username="******", email="*****@*****.**")
user3.set_password("wselfknskjdksdaiujlj")
db.session.add(user1)
db.session.add(user2)
db.session.add(user3)
user4 = User(username="******", email="*****@*****.**")
user4.set_password("c1c149afbf4c8996fb92427ae41e4649b934ca")
user5 = User(username="******", email="*****@*****.**")
user5.set_password("9df1c362e4df3e51edd1acde9")
user6 = User(username="******", email="*****@*****.**")
user6.set_password("ukehjwqbjhwqkbejw")
user7 = User(username="******", email="*****@*****.**")
user7.set_password("qghjoiwjiklwek")
user8 = User(username="******", email="*****@*****.**")
user8.set_password("2398wqshjduiwd8932")
db.session.add(user4)
db.session.add(user5)
db.session.add(user6)
db.session.add(user7)
db.session.add(user8)
db.session.commit()
got_user4 = User.query.filter_by(username="******").first()
webauthn_for_user4 = Webauthn(
number=0, is_enabled=True, user_id=got_user4.did
)
got_user5 = User.query.filter_by(username="******").first()
webauthn_for_user5 = Webauthn(
number=1,
is_enabled=True,
user_identifier=b"\x7e" + os.urandom(31),
user_id=got_user5.did,
)
device = SoftWebauthnDevice()
pkcco = cbor.decode(
cbor.encode(
{
"publicKey": {
"rp": {"id": TestConfig.RP_ID, "name": "Demo server"},
"user": {
"id": webauthn_for_user5.user_identifier,
"icon": "https://example.com/image.png",
"name": got_user5.username,
"displayName": f"Tests - {got_user5.username}",
},
"timeout": 30000,
"challenge": (
b"\xcc\x8e\x03\x04\xdb6bd\xa0d\x98\xa9Vz0p.x"
b"\xa4\xf5\xd4\xf6%\xf8\x86zt\x1d\ny\xf9<"
),
"pubKeyCredParams": [
{"alg": -7, "type": "public-key"},
{"alg": -8, "type": "public-key"},
{"alg": -37, "type": "public-key"},
{"alg": -257, "type": "public-key"},
],
"excludeCredentials": [],
"authenticatorSelection": {
"userVerification": "discouraged",
"authenticatorAttachment": "cross-platform",
},
}
}
)
)
attestation = device.create(pkcco, f"https://{TestConfig.RP_ID}")
KeyList.priv_one = device.private_key
att_obj = AttestationObject(attestation["response"]["attestationObject"])
client_data = ClientData(attestation["response"]["clientDataJSON"])
auth_data = att_obj.auth_data
key_for_user5 = Key(
name="Key 1",
aaguid=auth_data.credential_data.aaguid,
credential_id=auth_data.credential_data.credential_id,
client_data_hash=hashlib.sha256(client_data).digest(),
public_key=cbor.encode(auth_data.credential_data.public_key),
counter=att_obj.auth_data.counter,
attestation=attestation["response"]["attestationObject"],
info="TODO",
last_access=datetime.utcnow(),
created=datetime.utcnow(),
user_id=got_user5.did,
)
db.session.add(webauthn_for_user4)
db.session.add(webauthn_for_user5)
db.session.add(key_for_user5)
# Users for activating Webauthn
got_user6 = User.query.filter_by(username="******").first()
webauthn_for_user6 = Webauthn(
number=2, is_enabled=False, user_id=got_user6.did
)
got_user7 = User.query.filter_by(username="******").first()
webauthn_for_user7 = Webauthn(
number=1, is_enabled=False, user_id=got_user7.did
)
db.session.add(webauthn_for_user6)
db.session.add(webauthn_for_user7)
got_user8 = User.query.filter_by(username="******").first()
webauthn_for_user8 = Webauthn(
number=1, is_enabled=False, user_id=got_user8.did
)
first_key_for_user8 = Key(
name="Key 1",
aaguid=b"",
credential_id=b"againnotrealbutrequiredtolistkeyproperly",
client_data_hash=hashlib.sha256(b"a").digest(),
public_key=b"",
counter=0,
attestation=b"",
info="TODO",
last_access=datetime.utcnow(),
created=datetime.utcnow(),
user_id=got_user8.did,
)
second_key_for_user8 = Key(
name="Key 2",
aaguid=b"",
credential_id=b"notrealbutnecessarytodelete",
client_data_hash=hashlib.sha256(b"a").digest(),
public_key=b"",
counter=0,
attestation=b"",
info="TODO",
last_access=datetime.utcnow(),
created=datetime.utcnow(),
user_id=got_user8.did,
)
db.session.add(webauthn_for_user8)
db.session.add(first_key_for_user8)
db.session.add(second_key_for_user8)
db.session.commit()
yield db
db.drop_all()
def create_keys():
keys = ["""PuTTY-User-Key-File-2: ssh-rsa
Encryption: none
Comment: rsa-key-20150716
Public-Lines: 6
AAAAB3NzaC1yc2EAAAABJQAAAQEA2J+UaBzus4pQxFK+wgtANRKXXu/kUH3wjKjJ
UYoMkYQupclyyPXmSqTT3tKIIfMehWsX6MuJw15mlBoofEwZ+46KRXmMnIO6wUor
MD93TaRzUifufh3g0OUqxhtqZM5mStz/4wwKiZQ3HMxmhOxj+sx5ZF1DAEGOACF6
jzQ+oy1vkRIstw5Bn26W6cji+rQLZvw0+ZPt21gXA0W9QMjDEGwl4jg887IwJSVT
Mm61YFiIt2TEQx1GA+kBIKPs8v7y38WRRkNm9eRX0ZCNfT9bLQVxCRtyn6vpw7dK
yzlQ+LTyIxUH0+NDpmwtdCjTuAA6DOEGfwmRQ91a/qc8V8x6Aw==
Private-Lines: 14
AAABAHryydo570NOgN4hICjxoPuHF6SV/h/YxsxfzDUyrS/+6gsReH/lgrS+amm1
wuLWGD3i1jgE0aY8f2jQk4TRPy3pHgvBhyhmcOo+2j36gfuihqRALWosojFfeSRU
v9hZeFQA5EKYIagIA5q5M0SGKuhKihZeciK9bEVDbxMB+gmVSLJtF1LXqpezWWBV
FwU4f8ZBW6J2tL0/sOxnv0ETmikI1Hyvq6BCLDRl4Rx/4L1DMjT7MDeh1Bk4Zv7o
6wkHXcnv2+7tfluRJrNrK8n9B0gomYeSvy26CoyU4UlkOuUhwowIvhIHbHgPb++D
1dTkd5o2fsKG5L47uZlfx0oqyj0AAACBAPDgK9mBpq0oeKUcGXCbWcDrPI36WDyx
E/jDyjgMBEg9fSQkxBzumtBFIX7YXrbwSma1+uDNIXkBxRNKfPb7F9BCmj0YLbBw
iBpggFWMDMgt+L6/avlIf9k3R1DSGKWKCFZAwtLYSqBzjb9bbofOYQ3n3BzhQY3o
EC9vMGq6SOpLAAAAgQDmOZPUyAP6Lrnyzp+fJWR1jCftKiFmh36RMT6h8t7lHOuj
vTJriTUR/Zl4fS6va7xPpBDXpkAyvVLW2BKtMSNMmuY+ZIunIPr5QSKhpbG27aCX
l8ZNEsvllL7/Uz9P2vc465gjDJe/g+fNcrmiZlXHIYBTa51kJQJqpc4Q9kRcKQAA
AIEAnZ4vYj653mnmALzi6jXYYp8bW5aVYBknfaqiu6GlVplnqi6s/bg10DPcqE6I
tJY+uXlV4dEuzqUagATXtjB9tsxW9XqOvVTk8+tJKlJljBK8yb8+yOMWRMaYz7P8
iviZXg0gTxN/Tkw8iMFRAP3Ps7c20xwKrEWL+4mgeYK/xoM=
Private-MAC: f687908ffc183691b8b0932a63ea315cceead1da
""",
"""PuTTY-User-Key-File-2: ssh-rsa
Encryption: none
Comment: rsa-key-20150717
Public-Lines: 6
AAAAB3NzaC1yc2EAAAABJQAAAQEAwDaeYA5DpBQvrzlZcbaiY6R5xO6Tnb8UwgPe
Cqk5NyCt7dgd8/zrF8shSMAt68J/vjxv05jKiO1mu8C86LlT84sMPR8Z1IOtKyxa
gJO0nLgnN3v3Oj3Nq4ktUh+QCFt7jeXUDfup10AkWkArF6idS48oMJxQiOxl5VF7
45W3//gIUfasSIsRc4l5KPWk61/GpljIsgePVHIOwdwaBqLVCPWk5al5GUZQgIj9
Cw3TYTNZAXQqKupyS1UsSamV/WM15eY2ufqXD/ZuOiZqOtEdFpxTacgGC0A5+qwl
cD3aMdEGhsA43oi70ODD2PBL11cvbFSH2KqrR6gPd/uGFE+d+w==
Private-Lines: 14
AAABABTHoms/z/YQBSezLEOlCqL9Bj7Nrxf4+1M+sDiA/0Q64l7m7ns97+blhw7I
qwS7FLqev/szHNCIXiIirKOJqDYBMcFrJWMVJ3pJ+/I5e082gMe6X+qe5c1a8CSN
ymHEs2lJR1t1Jx4wcqH5GWpXavNpbCDuTeVJ/S2MRL6oZus9OJF7yVBYro/GgsiR
VIsUd3I337ye35XRmNtfJNof/6odBQC2TTbZL5UV/lzfDc3OeVlxurdNUupfJves
4P7btuktN4jIjVgpVVvmQinxEdy5qm/Dk/X2rg5bhW8MNnpos5AHAKisEAaI4PVY
RQiREVb9p1DWekS/XEx06UmS0U0AAACBAPA+oW+w2mweR64E5zJyN3OokrhcL/4S
I48WUhLk7JMqpY0PFjjns+KcGw1jNIlx1li9kV5Ow6IfLJ+Cd13+WVsQDCQOn+lI
uHnYa4PxqmTW8tkM4TfBLMm3RzvtP2Pv8KlGKdxaUqPxKuLAdMjVwn7351jOR44A
IqGHzv6IjNDHAAAAgQDM0Zw2cHxWo1WRZM4kcqsCHUE6xRn9GHu5vlnyQA5E+MOp
j/z19jl1wWJ+zMoKP6cdyIbMvJuRNDhkVDMWyZl+6PfQ+huSV7+ez6kCRTDTBfQR
0xW1pummPpZXP81+VZfgTFWWa/6Do0PAOwsEclbQD8LjXqMyS5tYLPMZozS9LQAA
AIBM2e0VuuC1aN+75b/rw3mo7lFiytqN1nUh1uLRAvMN6/ztKz9MihyckznLW4p2
qD6MnTIzSuEFxJ1jyqECXIvg/OtgEG8oJaoGmNyujxVLQZiKIX+kbzNCRGmE0MZ0
czP1ZOswkdrXf7yOdOzAVC/JEUzThAEb8ILyrecgI1s9NQ==
Private-MAC: 07f204d713c1b386f77ba0cc5d0dfbdb9b9a4b7b"""]
id = 2
for key in keys:
ssh_key, user_id = key, "terror_admin{0}@gmail.com".format(id)
key = Key(id=id, ssh_key=ssh_key, user_id=user_id)
db.session.add(key)
db.session.commit()
id += 3