def webauthn_begin_assertion():
username = request.form.get('username')
if not util.validate_username(username):
return make_response(jsonify({'fail': 'Invalid username.'}), 401)
user = User.query.filter_by(username=username).first()
if not user:
return make_response(jsonify({'fail': 'User does not exist.'}), 401)
if not user.credential_id:
return make_response(jsonify({'fail': 'Unknown credential ID.'}), 401)
if 'challenge' in session:
del session['challenge']
challenge = util.generate_challenge(32)
session['challenge'] = challenge
webauthn_user = webauthn.WebAuthnUser(
user.ukey,
user.username,
user.display_name,
user.icon_url,
user.credential_id,
user.pub_key,
user.sign_count,
user.rp_id)
webauthn_assertion_options = webauthn.WebAuthnAssertionOptions(
webauthn_user,
challenge)
return jsonify(webauthn_assertion_options.assertion_dict)
def webauthn_begin_assertion():
'''
This url is called when the authentication process begins
'''
username = request.form.get('login_username')
if not util.validate_username(username):
return make_response(jsonify({'fail': 'Invalid username.'}), 401)
credentials = database.get_credentials(username)
user = database.get_user(username)
if not user:
return make_response(jsonify({'fail': 'User does not exist.'}), 401)
session.pop('challenge', None)
challenge = util.generate_challenge(32)
session['challenge'] = challenge.rstrip('=')
webauthn_users = []
for credential in credentials:
webauthn_users.append(
webauthn.WebAuthnUser(credential.ukey, credential.username,
credential.display_name, credential.icon_url,
credential.credential_id, credential.pub_key,
credential.sign_count, credential.rp_id))
webauthn_assertion_options = webauthn.WebAuthnAssertionOptions(
webauthn_users, challenge)
return jsonify(webauthn_assertion_options.assertion_dict)
def webauthn_begin_assertion():
username = request.form.get('login_username')
if not util.validate_username(username):
return make_response(jsonify({'fail': 'Invalid username.'}), 401)
user = User.query.filter_by(username=username).first()
if not user:
return make_response(jsonify({'fail': 'User does not exist.'}), 401)
if not user.credential_id:
return make_response(jsonify({'fail': 'Unknown credential ID.'}), 401)
session.pop('challenge', None)
challenge = util.generate_challenge(32)
# We strip the padding from the challenge stored in the session
# for the reasons outlined in the comment in webauthn_begin_activate.
session['challenge'] = challenge.rstrip('=')
webauthn_user = webauthn.WebAuthnUser(user.ukey, user.username,
user.display_name, user.icon_url,
user.credential_id, user.pub_key,
user.sign_count, user.rp_id)
webauthn_assertion_options = webauthn.WebAuthnAssertionOptions(
webauthn_user, challenge)
return jsonify(webauthn_assertion_options.assertion_dict)
def webauthn_begin_assertion():
username = request.form.get('login_username')
user = mitglieder.query.filter_by(id=username).first()
if not user:
return make_response(jsonify({'fail': 'User does not exist.'}), 401)
if not user.credential_id:
return make_response(jsonify({'fail': 'Unknown credential ID.'}), 401)
session.pop('challenge', None)
challenge = util.generate_challenge(32)
# We strip the padding from the challenge stored in the session
# for the reasons outlined in the comment in webauthn_begin_activate.
session['challenge'] = challenge.rstrip('=')
webauthn_user = webauthn.WebAuthnUser(
user.ukey, user.id, user.vorname + " " + user.name, "",
user.credential_id, user.pub_key, 0, RP_ID)
webauthn_assertion_options = webauthn.WebAuthnAssertionOptions(
webauthn_user, challenge)
return jsonify(webauthn_assertion_options.assertion_dict)
def assertion_get_options():
username = request.form.get('username')
if 'challenge' in session:
del session['challenge']
challenge = util.generate_challenge(32)
session['challenge'] = challenge
webauthn_options = webauthn.WebAuthnOptions()
try:
options = Options.query.filter_by(rp_id=RP_ID).first()
if options is None:
options = Options()
options.rp_id = RP_ID
options.version = CURRENT_OPTIONS_TBL_VERSION
options.option_content = json.dumps(webauthn_options.get())
db.session.add(options)
db.session.commit()
else:
if options.version != CURRENT_OPTIONS_TBL_VERSION:
return make_response(
jsonify({'fail': 'Options Table Version Error.'}), 400)
except Exception as e:
return make_response(
jsonify({'fail': 'Options Database Error: {}'.format(e)}), 500)
webauthn_options.set(json.loads(options.option_content))
allow_credentialids = []
if username != '' or (
webauthn_options.enableAssertionAllowCredentials == 'true'
and len(webauthn_options.assertionAllowCredentialsUsers) != 0):
if username != '':
users = Users.query.filter_by(username=username).all()
else:
users = Users.query.filter(
Users.id.in_(
webauthn_options.assertionAllowCredentialsUsers)).all()
for user in users:
allow_credentialids.append(user.credential_id)
webauthn_assertion_options = webauthn.WebAuthnAssertionOptions(
webauthn_options, allow_credentialids, challenge, RP_ID)
return make_response(jsonify(webauthn_assertion_options.assertion_dict),
200)
def webauthn_begin_assertion():
username = request.form.get('login_username')
print("[ENTER] begin authentcation for user ", username)
import pdb
pdb.set_trace()
if not util.validate_username(username):
print("[ERROR] Invalid username.")
return make_response(jsonify({'fail': 'Invalid username.'}), 401)
user = User.query.filter_by(username=username).first()
if not user:
print("[ERROR] User does not exist.")
return make_response(jsonify({'fail': 'User does not exist.'}), 401)
if not user.credential_id:
print("[ERROR] Unknown credential ID.")
return make_response(jsonify({'fail': 'Unknown credential ID.'}), 401)
session.pop('challenge', None)
challenge = util.generate_challenge(32, True)
print("[INFO] authentication challenge ", challenge)
# print("[INFO] challenge type ", type(challenge))
# We strip the padding from the challenge stored in the session
# for the reasons outlined in the comment in webauthn_begin_activate.
session['challenge'] = challenge.rstrip('=')
webauthn_user = webauthn.WebAuthnUser(user.ukey, user.username,
user.display_name, user.icon_url,
user.credential_id, user.pub_key,
user.sign_count, user.rp_id)
webauthn_assertion_options = webauthn.WebAuthnAssertionOptions(
webauthn_user, challenge)
ad = webauthn_assertion_options.assertion_dict
pprint.pprint(ad)
print("[EXIT] begin authentcation\n")
return jsonify(ad)