def post(self, request, *args, **kwargs): try: binding, cert = u2f.complete_register(self.request.session.pop('_u2f_enroll'), request.POST.get('token'), [self.app_id]) self.device.json_data = binding.json self.device.confirmed = True self.device.save() self.request.user.log_action('pretix.user.settings.2fa.device.added', user=self.request.user, data={ 'id': self.device.pk, 'devicetype': 'u2f', 'name': self.device.name, }) self.request.user.send_security_notice([ _('A new two-factor authentication device has been added to your account.') ]) messages.success(request, _('The device has been verified and can now be used.')) return redirect(reverse('control:user.settings.2fa')) except Exception: messages.error(request, _('The registration could not be completed. Please try again.')) logger.exception('U2F registration failed') return redirect(reverse('control:user.settings.2fa.confirm.u2f', kwargs={ 'device': self.device.pk }))
def try_enroll(self, enrollment_data, response_data, device_name=None): binding, cert = u2f.complete_register(enrollment_data, response_data, self.u2f_facets) devices = self.config.setdefault('devices', []) devices.append({ 'name': device_name or 'Security Key', 'ts': int(time.time()), 'binding': dict(binding), })
def try_enroll(self, response_data): # XXX: handle error enrollment_data = self.config.get('enrollment') if enrollment_data is None: raise RuntimeError('This authenticator is not in a state that ' 'permits user enrollment.') binding, cert = u2f.complete_register(enrollment_data, response_data, self.u2f_facets) self.config['device'] = dict(binding)
def bind(self, username, data): user = self.users[username] binding, cert = complete_register(user.pop('_u2f_enroll_'), data, [self.facet]) devices = map(DeviceRegistration.wrap, user.get('_u2f_devices_', [])) devices.append(binding) user['_u2f_devices_'] = [d.json for d in devices] log.info("U2F device enrolled. Username: %s", username) log.debug("Attestation certificate:\n%s", cert.as_text()) return json.dumps(True)
def post(self, request, *args, **kwargs): try: binding, cert = u2f.complete_register( self.request.session.pop('_u2f_enroll'), request.POST.get('token'), [self.app_id]) self.device.json_data = binding.json self.device.confirmed = True self.device.save() self.request.user.log_action( 'pretix.user.settings.2fa.device.added', user=self.request.user, data={ 'id': self.device.pk, 'devicetype': 'u2f', 'name': self.device.name, }) notices = [ _('A new two-factor authentication device has been added to your account.' ) ] activate = request.POST.get('activate', '') if activate == 'on' and not self.request.user.require_2fa: self.request.user.require_2fa = True self.request.user.save() self.request.user.log_action( 'pretix.user.settings.2fa.enabled', user=self.request.user) notices.append( _('Two-factor authentication has been enabled.')) self.request.user.send_security_notice(notices) note = '' if not self.request.user.require_2fa: note = ' ' + str( _('Please note that you still need to enable two-factor authentication for your ' 'account using the buttons below to make a second factor required for logging ' 'into your account.')) messages.success( request, str(_('The device has been verified and can now be used.')) + note) return redirect(reverse('control:user.settings.2fa')) except Exception: messages.error( request, _('The registration could not be completed. Please try again.') ) logger.exception('U2F registration failed') return redirect( reverse('control:user.settings.2fa.confirm.u2f', kwargs={'device': self.device.pk}))
def bind(self, username, data): user = self.users[username] binding, cert = complete_register(user.pop('_u2f_enroll_'), data, self.facets) devices = [DeviceRegistration.wrap(device) for device in user.get('_u2f_devices_', [])] devices.append(binding) user['_u2f_devices_'] = [d.json for d in devices] log.info("U2F device enrolled. Username: %s", username) log.debug("Attestation certificate:\n%s", cert.public_bytes(Encoding.PEM)) return json.dumps(True)
def completeU2FRegistration(self, user_name, object_dn, data): # Do we have write permissions for the requested attribute self.__check_acl(user_name, object_dn, "w") user = ObjectProxy(object_dn) user_settings = self.__settings[user.uuid] data = loads(data) binding, cert = complete_register(user_settings.pop('_u2f_enroll_'), data, [self.facet]) devices = [DeviceRegistration.wrap(device) for device in user_settings.get('_u2f_devices_', [])] devices.append(binding) user_settings['_u2f_devices_'] = [d.json for d in devices] self.__save_settings() self.__log.info("U2F device enrolled. Username: %s", user_name) self.__log.debug("Attestation certificate:\n%s", cert.public_bytes(Encoding.PEM)) return True
def post(self, request, *args, **kwargs): try: binding, cert = u2f.complete_register(self.request.session.pop('_u2f_enroll'), request.POST.get('token'), [self.app_id]) self.device.json_data = binding.json self.device.confirmed = True self.device.save() self.request.user.log_action('pretix.user.settings.2fa.device.added', user=self.request.user, data={ 'id': self.device.pk, 'devicetype': 'u2f', 'name': self.device.name, }) notices = [ _('A new two-factor authentication device has been added to your account.') ] activate = request.POST.get('activate', '') if activate == 'on' and not self.request.user.require_2fa: self.request.user.require_2fa = True self.request.user.save() self.request.user.log_action('pretix.user.settings.2fa.enabled', user=self.request.user) notices.append( _('Two-factor authentication has been enabled.') ) self.request.user.send_security_notice(notices) note = '' if not self.request.user.require_2fa: note = ' ' + str(_('Please note that you still need to enable two-factor authentication for your ' 'account using the buttons below to make a second factor required for logging ' 'into your account.')) messages.success(request, str(_('The device has been verified and can now be used.')) + note) return redirect(reverse('control:user.settings.2fa')) except Exception: messages.error(request, _('The registration could not be completed. Please try again.')) logger.exception('U2F registration failed') return redirect(reverse('control:user.settings.2fa.confirm.u2f', kwargs={ 'device': self.device.pk }))
def userBind(id): try: user = User().getObjectsByKey("_id", id)[0] except Exception as e: return abort(404) data = request.data.get("data", None) enroll = user.u2f_enroll binding, cert = complete_register(enroll, data, []) try: devices = map(DeviceRegistration.wrap, user.u2f_devices) except: devices = [] devices.append(binding) user.u2f_devices = [d.json for d in devices] print "U2F device enrolled. Username: %s" % user.username print "Attestation certificate:\n%s" % cert.as_text() return json.dumps(True)
def completeU2FRegistration(self, user_name, object_dn, data): # Do we have write permissions for the requested attribute self.__check_acl(user_name, object_dn, "w") user = ObjectProxy(object_dn) user_settings = self.__settings[user.uuid] data = loads(data) binding, cert = complete_register(user_settings.pop('_u2f_enroll_'), data, [self.facet]) devices = [ DeviceRegistration.wrap(device) for device in user_settings.get('_u2f_devices_', []) ] devices.append(binding) user_settings['_u2f_devices_'] = [d.json for d in devices] self.__save_settings() self.__log.info("U2F device enrolled. Username: %s", user_name) self.__log.debug("Attestation certificate:\n%s", cert.public_bytes(Encoding.PEM)) return True
def register_token(devices=[]): token = SoftU2FDevice() request_data = u2f.start_register(APP_ID, devices) response = token.register(request_data.registerRequests[0].json, FACET) device, cert = u2f.complete_register(request_data, response) return device, token
def try_enroll(self, enrollment_data, response_data, device_name=None): binding, cert = u2f.complete_register(enrollment_data, response_data, self.u2f_facets) devices = self.config.setdefault("devices", []) devices.append({"name": device_name or "Security Key", "ts": int(time.time()), "binding": dict(binding)})