def test_authenticate_soft_u2f(self):
token = SoftU2FDevice()
request = u2f.start_register(APP_ID)
response = token.register(request.json, FACET)
device, cert = u2f.complete_register(request, response)
challenge1 = u2f.start_authenticate(device)
challenge2 = u2f.start_authenticate(device)
response2 = token.getAssertion(challenge2.json, FACET)
response1 = token.getAssertion(challenge1.json, FACET)
assert u2f.verify_authenticate(device, challenge1, response1)
assert u2f.verify_authenticate(device, challenge2, response2)
try:
u2f.verify_authenticate(device, challenge1, response2)
except:
pass
else:
assert False, "Incorrect validation should fail!"
try:
u2f.verify_authenticate(device, challenge2, response1)
except:
pass
else:
assert False, "Incorrect validation should fail!"
def add_key(request):
if request.method == 'POST':
# Add the key
keyresponseform = KeyResponseForm(request.POST)
if keyresponseform.is_valid():
response = keyresponseform.cleaned_data['response']
challenge = request.session['u2f_registration_challenge']
print(challenge)
del request.session['u2f_registration_challenge']
device, attestation_cert = u2f.complete_register(
challenge, response)
request.user.u2f_keys.create(
public_key=device['publicKey'],
key_handle=device['keyHandle'],
app_id=device['appId'],
)
print("%s\n\n\n%s" % (device, attestation_cert))
return HttpResponseRedirect('/dashboard/')
# Else if its a GET variable
# Send them the request
origin = '{scheme}://{host}'.format(
scheme='https' if request.is_secure() else 'http',
host=request.get_host(),
)
origin = "https://www.bestedm.org"
challenge = u2f.start_register(origin)
request.session['u2f_registration_challenge'] = challenge
# sign_requests = [u2f.start_authenticate(d.to_json()) for d in request.user.u2f_keys.all()]
context = {'challenge': json.dumps(challenge)}
# 'sign_requests': sign_requests}
return render(request, 'u2f/add_key.html', context)
def test_authenticate_soft_u2f(self):
token = SoftU2FDevice()
request = u2f.start_register(APP_ID)
response = token.register(request.json, FACET)
device, cert = u2f.complete_register(request, response)
challenge1 = u2f.start_authenticate(device)
challenge2 = u2f.start_authenticate(device)
response2 = token.getAssertion(challenge2.json, FACET)
response1 = token.getAssertion(challenge1.json, FACET)
assert u2f.verify_authenticate(device, challenge1, response1)
assert u2f.verify_authenticate(device, challenge2, response2)
try:
u2f.verify_authenticate(device, challenge1, response2)
except:
pass
else:
assert False, "Incorrect validation should fail!"
try:
u2f.verify_authenticate(device, challenge2, response1)
except:
pass
else:
assert False, "Incorrect validation should fail!"
def add_key(request):
if request.method == 'POST':
# Add the key
keyresponseform = KeyResponseForm(request.POST)
if keyresponseform.is_valid():
response = keyresponseform.cleaned_data['response']
challenge = request.session['u2f_registration_challenge']
print(challenge)
del request.session['u2f_registration_challenge']
device, attestation_cert = u2f.complete_register(challenge, response)
request.user.u2f_keys.create(
public_key=device['publicKey'],
key_handle=device['keyHandle'],
app_id=device['appId'],
)
print("%s\n\n\n%s" % (device, attestation_cert))
return HttpResponseRedirect('/dashboard/')
# Else if its a GET variable
# Send them the request
origin = '{scheme}://{host}'.format(
scheme='https' if request.is_secure() else 'http',
host=request.get_host(),
)
challenge = u2f.start_register(origin)
request.session['u2f_registration_challenge'] = challenge
# sign_requests = [u2f.start_authenticate(d.to_json()) for d in request.user.u2f_keys.all()]
context = {'challenge': json.dumps(challenge)}
# 'sign_requests': sign_requests}
return render(request, 'u2f/add_key.html', context)
def get_context_data(self, **kwargs):
kwargs = super(AddKeyView, self).get_context_data(**kwargs)
challenge = u2f.start_register(self.get_origin())
self.request.session['u2f_registration_challenge'] = challenge
kwargs['challenge'] = challenge
# TODO: also blacklist the keys already added to the account (the
# second argument of u2f.register)
return kwargs
def enroll(self, username):
if username not in self.users:
self.users[username] = {}
user = self.users[username]
enroll = start_register(self.app_id)
user['_u2f_enroll_'] = enroll.json
return enroll.json
def get_context_data(self, **kwargs):
kwargs = super(AddKeyView, self).get_context_data(**kwargs)
challenge = u2f.start_register(self.get_origin())
self.request.session['u2f_registration_challenge'] = challenge
kwargs['challenge'] = challenge
# TODO: also blacklist the keys already added to the account (the
# second argument of u2f.register)
return kwargs
def test_register_soft_u2f(self):
token = SoftU2FDevice()
request = u2f.start_register(APP_ID)
response = token.register(request.json, FACET)
device, cert = u2f.complete_register(request, response)
assert device
def test_register_soft_u2f(self):
token = SoftU2FDevice()
request = u2f.start_register(APP_ID)
response = token.register(request.json, FACET)
device, cert = u2f.complete_register(request, response)
assert device
def enroll(self, username, password):
try:
user = self.auth.get_user(username)
user.set_password(password)
except:
user = self.auth.create_user(username, password)
enroll = start_register(self.app_id)
user.attributes['_u2f_enroll_'] = enroll.json
return enroll.json
def enroll(self, username, password):
try:
user = self.auth.get_user(username)
user.set_password(password)
except:
user = self.auth.create_user(username, password)
enroll = start_register(self.app_id)
user.attributes['_u2f_enroll_'] = enroll.json
return enroll.json
def start_register(app_id, devices, challenge=None):
# RegisterRequest
register_request = u2f_v2.start_register(app_id, challenge)
# SignRequest[]
sign_requests = start_authenticate(
devices,
'check-only'
).authenticateRequests
return RegisterRequestData(
registerRequests=[register_request],
authenticateRequests=sign_requests
)
def get_context_data(self, **kwargs):
kwargs = super(AddKeyView, self).get_context_data(**kwargs)
challenge = u2f.start_register(self.get_origin())
self.request.session['u2f_registration_challenge'] = challenge
kwargs['challenge'] = challenge
# Create a SignRequest for each key that has already been added to the
# account.
# This can be passed to u2f.register as the second parameter to prevent
# re-registering the same key for the same user.
sign_requests = [
u2f.start_authenticate(d.to_json()) for d in self.request.user.u2f_keys.all()
]
kwargs['sign_requests'] = sign_requests
return kwargs
def register_start(self, username):
# RegisterRequest
register_request = start_register(self._client.app_id)
self._memstore.store(self._client.id, username,
register_request.challenge,
{'request': register_request})
# SignRequest[]
sign_requests = []
user = self._get_user(username)
if user is not None:
for dev in user.devices.values():
sign_requests.append(
start_authenticate(dev.bind_data, 'check-only'))
# To support multiple versions, add more RegisterRequests.
return [register_request], sign_requests
def register_start(self, username):
# RegisterRequest
register_request = start_register(self._client.app_id)
self._memstore.store(self._client.id, username,
register_request.challenge,
{'request': register_request})
# SignRequest[]
sign_requests = []
user = self._get_user(username)
if user is not None:
for dev in user.devices.values():
sign_requests.append(
start_authenticate(dev.bind_data, 'check-only'))
# To support multiple versions, add more RegisterRequests.
return [register_request], sign_requests
def get_context_data(self, **kwargs):
kwargs = super(AddKeyView, self).get_context_data(**kwargs)
challenge = u2f.start_register(self.get_origin())
self.request.session['u2f_registration_challenge'] = challenge
kwargs['challenge'] = challenge
# Create a SignRequest for each key that has already been added to the
# account.
# This can be passed to u2f.register as the second parameter to prevent
# re-registering the same key for the same user.
sign_requests = [
u2f.start_authenticate(d.to_json())
for d in self.request.user.u2f_keys.all()
]
kwargs['sign_requests'] = sign_requests
return kwargs
def test_wrong_facet(self):
token = SoftU2FDevice()
request = u2f.start_register(APP_ID)
response = token.register(request.json, "http://wrongfacet.com")
try:
u2f.complete_register(request, response, FACETS)
except:
pass
else:
assert False, "Incorrect facet should fail!"
response2 = token.register(request.json, FACET)
device, cert = u2f.complete_register(request, response2)
challenge = u2f.start_authenticate(device)
response = token.getAssertion(challenge.json, "http://notright.com")
try:
u2f.verify_authenticate(device, challenge, response, FACETS)
except:
pass
else:
assert False, "Incorrect facet should fail!"
def test_wrong_facet(self):
token = SoftU2FDevice()
request = u2f.start_register(APP_ID)
response = token.register(request.json, "http://wrongfacet.com")
try:
u2f.complete_register(request, response, FACETS)
except:
pass
else:
assert False, "Incorrect facet should fail!"
response2 = token.register(request.json, FACET)
device, cert = u2f.complete_register(request, response2)
challenge = u2f.start_authenticate(device)
response = token.getAssertion(challenge.json, "http://notright.com")
try:
u2f.verify_authenticate(device, challenge, response, FACETS)
except:
pass
else:
assert False, "Incorrect facet should fail!"
def test_enroll_serialization(self):
enroll1 = u2f.start_register('https://example.com')
enroll2 = RegisterRequest(enroll1.json)
assert enroll1.appId == enroll2.appId
assert enroll1.json == enroll2.json
def enroll_token():
enroll = start_register('http://localhost:5000')
session['u2f_enroll'] = enroll.json
return Response(enroll.json, mimetype='application/json')
def enroll_token():
enroll = start_register('http://localhost:5000')
session['u2f_enroll'] = enroll.json
return Response(enroll.json, mimetype='application/json')
def test_enroll_serialization(self):
enroll1 = u2f.start_register('https://example.com')
enroll2 = RegisterRequest(enroll1.json)
assert enroll1.appId == enroll2.appId
assert enroll1.json == enroll2.json