def fido2_keys_user_authenticate(user_id):
keys = list_fido2_keys(user_id)
credentials = list(map(lambda k: pickle.loads(base64.b64decode(k.key)), keys))
auth_data, state = Config.FIDO2_SERVER.authenticate_begin(credentials)
create_fido2_session(user_id, state)
# API Client only like JSON
return jsonify({"data": base64.b64encode(cbor.encode(auth_data)).decode('utf8')})
def fido2_keys_user_authenticate(user_id):
keys = list_fido2_keys(user_id)
# It is safe to do pickle.loads as we ensure the data represents FIDO key when storing
credentials = list(
map(lambda k: pickle.loads(base64.b64decode(k.key)), keys)) # nosec
auth_data, state = Config.FIDO2_SERVER.authenticate_begin(credentials)
create_fido2_session(user_id, state)
# API Client only like JSON
return jsonify(
{"data": base64.b64encode(cbor.encode(auth_data)).decode('utf8')})
def fido2_keys_user_register(user_id):
user = get_user_and_accounts(user_id)
keys = list_fido2_keys(user_id)
credentials = list(map(lambda k: pickle.loads(base64.b64decode(k.key)), keys))
registration_data, state = Config.FIDO2_SERVER.register_begin({
'id': user.id.bytes,
'name': user.name,
'displayName': user.name,
}, credentials, user_verification='discouraged')
create_fido2_session(user_id, state)
# API Client only like JSON
return jsonify({"data": base64.b64encode(cbor.encode(registration_data)).decode('utf8')})
def test_get_fido2_key_returns_and_deletes_an_existing_session(sample_user):
create_fido2_session(sample_user.id, "abcd")
session = get_fido2_session(sample_user.id)
assert Fido2Session.query.count() == 0
assert session == "abcd"
def test_create_fido2_session_deletes_existing_sessions(sample_user):
create_fido2_session(sample_user.id, "abcd")
create_fido2_session(sample_user.id, "efgh")
assert Fido2Session.query.count() == 1
def test_create_fido2_session(sample_user):
create_fido2_session(sample_user.id, "abcd")
assert Fido2Session.query.count() == 1