Exemple #1
0
 def _parse_credential(self, data):
     credential = Credential()
     for row in data:
         credential.id = row["id"]
         credential.ukey = row["ukey"]
         credential.credential_id = row["credential_id"]
         credential.display_name = row["display_name"]
         credential.pub_key = row["pub_key"]
         credential.sign_count = row["sign_count"]
         credential.username = row["username"]
         credential.rp_id = row["rp_id"]
         credential.icon_url = row["icon_url"]
     return credential
Exemple #2
0
def verify_credential_info():
    '''
    This url is called to verify and register the token
    '''
    challenge = session['challenge']
    username = session['register_username']
    display_name = session['register_display_name']
    ukey = session['register_ukey']
    user_exists = database.user_exists(username)
    if not user_exists or not current_user.is_authenticated or not username == current_user.id:
        return make_response(jsonify({'fail': 'User not logged in.'}), 401)

    registration_response = request.form
    trust_anchor_dir = os.path.join(os.path.dirname(os.path.abspath(__file__)),
                                    TRUST_ANCHOR_DIR)
    trusted_attestation_cert_required = True
    self_attestation_permitted = True
    none_attestation_permitted = True
    webauthn_registration_response = webauthn.WebAuthnRegistrationResponse(
        RP_ID,
        ORIGIN,
        registration_response,
        challenge,
        trust_anchor_dir,
        trusted_attestation_cert_required,
        self_attestation_permitted,
        none_attestation_permitted,
        uv_required=False)  # User Verification

    try:
        webauthn_credential = webauthn_registration_response.verify()
    except Exception as e:
        return jsonify({'fail': 'Registration failed. Error: {}'.format(e)})
    credential_id_exists = database.credential_exists(
        webauthn_credential.credential_id)
    if credential_id_exists:
        return make_response(
            jsonify({'fail': 'Credential ID already exists.'}), 401)

    existing_user = database.user_exists(username)
    credential = Credential()
    if not existing_user or True:
        if sys.version_info >= (3, 0):
            webauthn_credential.credential_id = str(
                webauthn_credential.credential_id, "utf-8")
            webauthn_credential.public_key = str(
                webauthn_credential.public_key, "utf-8")
        credential.id = randint(1, 100000)
        credential.ukey = ukey
        credential.username = username
        credential.display_name = display_name
        credential.pub_key = webauthn_credential.public_key
        credential.credential_id = webauthn_credential.credential_id
        credential.sign_count = webauthn_credential.sign_count
        credential.rp_id = RP_ID
        credential.icon_url = 'https://example.com'
        database.save_credential(credential)
        database.turn_on(credential.username)
    else:
        return make_response(jsonify({'fail': 'User already exists.'}), 401)
    satosa_request = Request()
    satosa_request.userId = credential.username
    database.make_success(satosa_request)
    user = database.get_user(credential.username)
    login_user(user)
    return jsonify({'success': 'User successfully registered.'})