def webauthn_begin_activate():
'''
This url is called when the registration process starts
'''
username = request.form.get('register_username')
if not util.validate_username(username):
return make_response(jsonify({'fail': 'Invalid username.'}), 401)
display_name = request.form.get('register_display_name')
user_exists = database.user_exists(username)
if not user_exists or not current_user.is_authenticated or not username == current_user.id:
return make_response(jsonify({'fail': 'User not logged in.'}), 401)
if not util.validate_token_name(display_name):
return make_response(jsonify({'fail': 'Invalid display name.'}), 401)
# clear session variables prior to starting a new registration
session.pop('register_ukey', None)
session.pop('register_username', None)
session.pop('register_display_name', None)
session.pop('challenge', None)
session['register_username'] = username
session['register_display_name'] = display_name
challenge = util.generate_challenge(32)
ukey = util.generate_ukey()
session['challenge'] = challenge.rstrip('=')
session['register_ukey'] = ukey
make_credential_options = webauthn.WebAuthnMakeCredentialOptions(
challenge, RP_NAME, RP_ID, ukey, username, display_name,
cfg['host']['origin'])
return jsonify(make_credential_options.registration_dict)
def reg_request():
username = request.form.get('register_username')
display_name = request.form.get('register_display_name')
rp_name = 'localhost'
challenge = util.generate_challenge(32)
ukey = util.generate_ukey()
if 'register_ukey' in session:
del session['register_ukey']
if 'register_username' in session:
del session['register_username']
if 'register_display_name' in session:
del session['register_display_name']
if 'challenge' in session:
del session['challenge']
session['register_username'] = username
session['register_display_name'] = display_name
session['challenge'] = challenge
session['register_ukey'] = ukey
make_credential_options = webauthn.WebAuthnMakeCredentialOptions(
challenge, rp_name, RP_ID, ukey, username, display_name,
'https://example.com')
# print(make_credential_options)
# print(make_credential_options.registration_dict)
return json.jsonify(make_credential_options.registration_dict)
def webauthn_begin_activate():
#clear session variables prior to starting a new registration
session.pop('register_ukey', None)
session.pop('register_id', None)
session.pop('challenge', None)
session['register_username'] = current_user.id
session['register_display_name'] = current_user.vorname + " " + current_user.name
challenge = util.generate_challenge(32)
ukey = util.generate_ukey()
# We strip the saved challenge of padding, so that we can do a byte
# comparison on the URL-safe-without-padding challenge we get back
# from the browser.
# We will still pass the padded version down to the browser so that the JS
# can decode the challenge into binary without too much trouble.
session['challenge'] = challenge.rstrip('=')
session['register_ukey'] = ukey
make_credential_options = webauthn.WebAuthnMakeCredentialOptions(
challenge, RP_NAME, RP_ID, ukey, current_user.id, current_user.vorname + " " + current_user.name,
ORIGIN)
return jsonify(make_credential_options.registration_dict)
def webauthn_begin_activate():
print("[ENTER] begin registration")
import pdb
pdb.set_trace()
# MakeCredentialOptions
username = request.form.get('register_username')
display_name = request.form.get('register_display_name')
if not util.validate_username(username):
return make_response(jsonify({'fail': 'Invalid username.'}), 401)
if not util.validate_display_name(display_name):
return make_response(jsonify({'fail': 'Invalid display name.'}), 401)
if User.query.filter_by(username=username).first():
return make_response(jsonify({'fail': 'User already exists.'}), 401)
#clear session variables prior to starting a new registration
session.pop('register_ukey', None)
session.pop('register_username', None)
session.pop('register_display_name', None)
session.pop('challenge', None)
session['register_username'] = username
session['register_display_name'] = display_name
challenge = util.generate_challenge(32)
print("[INFO] registration challenge ", challenge)
ukey = util.generate_ukey()
# We strip the saved challenge of padding, so that we can do a byte
# comparison on the URL-safe-without-padding challenge we get back
# from the browser.
# We will still pass the padded version down to the browser so that the JS
# can decode the challenge into binary without too much trouble.
session['challenge'] = challenge.rstrip('=')
print("[INFO] challenge.rstrip('=') ", session['challenge'])
session['register_ukey'] = ukey
make_credential_options = webauthn.WebAuthnMakeCredentialOptions(
challenge, RP_NAME, RP_ID, ukey, username, display_name,
'https://example.com')
js = make_credential_options.registration_dict
pprint.pprint(js)
print("[EXIT] begin registration\n")
return jsonify(js)
def webauthn_begin_register():
# MakeCredentialOptions
username = request.form.get('register_username')
display_name = request.form.get('register_display_name')
password = request.form.get('register_password')
if not util.validate_username(username):
return make_response(jsonify({'fail': 'Invalid username.'}), 401)
if not util.validate_display_name(display_name):
return make_response(jsonify({'fail': 'Invalid display name.'}), 401)
if auth.isRegistered(username):
return make_response(jsonify({'fail': 'User already exists.'}), 401)
#clear session variables prior to starting a new registration
session.pop('register_ukey', None)
session.pop('register_username', None)
session.pop('register_display_name', None)
session.pop('register_password', None)
session.pop('challenge', None)
session['register_username'] = username
session['register_display_name'] = display_name
# TODO: I am not sure if this is safe to do?!?!?
session['register_password'] = password
challenge = util.generate_challenge(32)
ukey = util.generate_ukey()
# We strip the saved challenge of padding, so that we can do a byte
# comparison on the URL-safe-without-padding challenge we get back
# from the browser.
# We will still pass the padded version down to the browser so that the JS
# can decode the challenge into binary without too much trouble.
session['challenge'] = challenge.rstrip('=')
session['register_ukey'] = ukey
make_credential_options = webauthn.WebAuthnMakeCredentialOptions(
challenge, RP_NAME, RP_ID, ukey, username, display_name,
ORIGIN, attestation='none')
return jsonify(make_credential_options.registration_dict)
def webauthn_begin_activate():
# MakeCredentialOptions
username = request.form.get('username')
display_name = request.form.get('displayName')
if not util.validate_username(username):
return make_response(jsonify({'fail': 'Invalid username.'}), 401)
if not util.validate_display_name(display_name):
return make_response(jsonify({'fail': 'Invalid display name.'}), 401)
if User.query.filter_by(username=username).first():
return make_response(jsonify({'fail': 'User already exists.'}), 401)
if 'register_ukey' in session:
del session['register_ukey']
if 'register_username' in session:
del session['register_username']
if 'register_display_name' in session:
del session['register_display_name']
if 'challenge' in session:
del session['challenge']
session['register_username'] = username
session['register_display_name'] = display_name
rp_name = 'localhost'
challenge = util.generate_challenge(32)
ukey = util.generate_ukey()
session['challenge'] = challenge
session['register_ukey'] = ukey
make_credential_options = webauthn.WebAuthnMakeCredentialOptions(
challenge,
rp_name,
RP_ID,
ukey,
username,
display_name,
'https://example.com')
return jsonify(make_credential_options.registration_dict)
def user_offer_reward(cls, uid, desc, fileName, fb, res_type, res_year,
res_country):
assert fileName is not None and len(fileName) > 0
assert fb > 0
assert uid > 0
assert ResourceInfo.is_valid_main_type(res_type)
uid = long(uid)
create_time = long(time() * 1000)
rid = generate_ukey(uid, create_time)
#seq_type, seq = yield get_next_sequence(cls._db_realtime, cls._key, res_type)
reward = {
"desc": desc,
"fileName": fileName,
"fb": fb,
"uid": uid,
"rid": rid,
"append_fb": [],
"append_uid": [],
"res_type": res_type,
"ctime": create_time,
"file_info": {},
"append_time": [],
"total_fb": fb,
"res_year": res_year,
"res_country": res_country,
"is_finish": 0
}
coin_ret = yield cls.user_coin_handle(uid, fb, False)
if coin_ret:
#add rid to the user reward
#yield cls._db.user_reward.update({'uid': uid}, {'$push': {'reward_ids': rid}}, True)
#add a reward to all reward
yield cls._db.all_reward.insert(reward)
#add a reward to my reward
yield cls._db.my_reward.update({"uid": uid},
{"$addToSet": {
"rid_list": rid
}}, True)
yield cls._db.my_reward.update(
{"uid": uid}, {"$addToSet": {
"rid_list" + str(res_type): rid
}}, True)
def add_feed(cls, rid, rname, uid, t, content, link = "", desc = ""):
assert t >= 0 and t < 4
assert uid > 0
#seq = yield get_next_sequence(cls._db_realtime, cls._key)
cur_time = long(time()*1000)
fid = generate_ukey(uid, cur_time)
feed = {"fid": fid, "rid": rid, "rname": rname, "uid": uid, "type": t, "content": content,
"ctime": cur_time, "link": link, "desc": desc}
tmp_feed = {"fid": fid, "rid": rid, "rname": rname, "uid": uid, "type": t, "content": content,
"ctime": cur_time, "link": link, "desc": desc}
yield cls._db.all_feeds.insert(feed)
friends = yield getFriendsById(uid)
for item in friends:
user_feed = {"uid": item["uid"], "fid": fid, "ctime": cur_time}
yield cls._db.all_user_feeds.insert(user_feed)
uid_tmp = "feed:"+str(item["uid"])
size = cls._redis.llen(uid_tmp)
if size >= 200:
cls._redis.rpop(uid_tmp)
cls._redis.lpush(uid_tmp, json.dumps(tmp_feed))
def user_offer_reward(cls, uid, desc, fileName, fb, res_type, res_year, res_country):
assert fileName is not None and len(fileName) > 0
assert fb > 0
assert uid > 0
assert ResourceInfo.is_valid_main_type(res_type)
uid = long(uid)
create_time = long(time()*1000)
rid = generate_ukey(uid, create_time)
#seq_type, seq = yield get_next_sequence(cls._db_realtime, cls._key, res_type)
reward = {"desc":desc, "fileName":fileName, "fb":fb, "uid":uid, "rid":rid, "append_fb":[], "append_uid":[],
"res_type":res_type, "ctime":create_time, "file_info":{},"append_time":[],
"total_fb":fb,"res_year":res_year,"res_country":res_country,"is_finish":0}
coin_ret = yield cls.user_coin_handle(uid, fb, False)
if coin_ret:
#add rid to the user reward
#yield cls._db.user_reward.update({'uid': uid}, {'$push': {'reward_ids': rid}}, True)
#add a reward to all reward
yield cls._db.all_reward.insert(reward)
#add a reward to my reward
yield cls._db.my_reward.update({"uid": uid}, {"$addToSet": {"rid_list": rid}}, True)
yield cls._db.my_reward.update({"uid": uid}, {"$addToSet": {"rid_list"+str(res_type): rid}}, True)
def webauthn_begin_activate():
jsonData = request.get_json()
name = jsonData['name']
surname = jsonData['surname']
email = jsonData['email']
username = email
display_name = name + " " + surname
challenge = util.generate_challenge(32)
id = util.generate_ukey()
'''
PublicKeyCredentialCreationOptions
rp-> Relying Party: It's the server where you want to authenticate.
RP_NAME: name
RP_ID: The RP ID must be equal to the origin's effective domain, or a registrable domain suffix of
the origin's effective domain.
The origin's scheme must be https.
The origin's port is unrestricted.
user information->
Information about the user registering
Helps to choose from multiple credentials.
username: it is a human-palatable identifier for a user account.
It is intended only for display, i.e., aiding the user in determining
the difference between user accounts with similar displayNames.
For example, "alexm", "*****@*****.**" or "+14255551234".
display_name: A human-palatable name for the user account, intended only for display. For example, "Alex P. Müller" or "田中 倫".
The Relying Party SHOULD let the user choose this, and SHOULD NOT restrict the choice more than necessary.
id: The user handle of the user account entity.
A user handle is an opaque byte sequence with a maximum size of 64 bytes,
and is not meant to be displayed to the user.
'''
make_credential_options = webauthn.WebAuthnMakeCredentialOptions(
challenge, RP_NAME, RP_ID, id, username, display_name,
'http://localhost')
challenge = challenge.rstrip("=")
insert = database.insert_db("insert into PublicKeyCredentialCreationOptions VALUES (?,?,?,?,?,?)",[RP_NAME, RP_ID,id,display_name,username,challenge])
return jsonify(make_credential_options.registration_dict)
import util print(util.generate_challenge(20)) print(util.generate_ukey())
def attestation_get_options():
username = request.form.get('username')
display_name = request.form.get('displayName')
if 'register_ukey' in session:
del session['register_ukey']
if 'register_username' in session:
del session['register_username']
if 'register_display_name' in session:
del session['register_display_name']
if 'challenge' in session:
del session['challenge']
if 'att_option' in session:
del session['att_option']
if username == "" or username is None:
username = util.random_username(8)
if display_name == "" or display_name is None:
display_name = username
session['register_username'] = username
session['register_display_name'] = display_name
rp_name = RP_ID
challenge = util.generate_challenge(32)
ukey = util.generate_ukey()
session['challenge'] = challenge
session['register_ukey'] = ukey
exclude_credentialids = []
webauthn_options = webauthn.WebAuthnOptions()
try:
options = Options.query.filter_by(rp_id=RP_ID).first()
if options is None:
options = Options()
options.rp_id = RP_ID
options.version = CURRENT_OPTIONS_TBL_VERSION
options.option_content = json.dumps(webauthn_options.get())
db.session.add(options)
db.session.commit()
else:
if options.version != CURRENT_OPTIONS_TBL_VERSION:
return make_response(
jsonify({'fail': 'Options Table Version Error.'}), 400)
except Exception as e:
return make_response(
jsonify({'fail': 'Options Database Error: {}'.format(e)}), 500)
webauthn_options.set(json.loads(options.option_content))
if webauthn_options.enableAttestationExcludeCredentials == 'true' and len(
webauthn_options.attestationExcludeCredentialsUsers):
users = Users.query.filter(
Users.id.in_(
webauthn_options.attestationExcludeCredentialsUsers)).all()
for user in users:
if not user.credential_id:
app.logger.debug('Unknown credential ID.')
return make_response(
jsonify({'fail': 'Unknown credential ID.'}), 401)
exclude_credentialids.append(str(user.credential_id))
make_credential_options = webauthn.WebAuthnMakeCredentialOptions(
webauthn_options, exclude_credentialids, challenge, rp_name, RP_ID,
ukey, username, display_name, 'https://example.com')
reg_dict = json.dumps(make_credential_options.registration_dict, indent=2)
session['att_option'] = reg_dict
return make_response(jsonify(make_credential_options.registration_dict),
200)