def webauthn_begin_activate(): ''' This url is called when the registration process starts ''' username = request.form.get('register_username') if not util.validate_username(username): return make_response(jsonify({'fail': 'Invalid username.'}), 401) display_name = request.form.get('register_display_name') user_exists = database.user_exists(username) if not user_exists or not current_user.is_authenticated or not username == current_user.id: return make_response(jsonify({'fail': 'User not logged in.'}), 401) if not util.validate_token_name(display_name): return make_response(jsonify({'fail': 'Invalid display name.'}), 401) # clear session variables prior to starting a new registration session.pop('register_ukey', None) session.pop('register_username', None) session.pop('register_display_name', None) session.pop('challenge', None) session['register_username'] = username session['register_display_name'] = display_name challenge = util.generate_challenge(32) ukey = util.generate_ukey() session['challenge'] = challenge.rstrip('=') session['register_ukey'] = ukey make_credential_options = webauthn.WebAuthnMakeCredentialOptions( challenge, RP_NAME, RP_ID, ukey, username, display_name, cfg['host']['origin']) return jsonify(make_credential_options.registration_dict)
def reg_request(): username = request.form.get('register_username') display_name = request.form.get('register_display_name') rp_name = 'localhost' challenge = util.generate_challenge(32) ukey = util.generate_ukey() if 'register_ukey' in session: del session['register_ukey'] if 'register_username' in session: del session['register_username'] if 'register_display_name' in session: del session['register_display_name'] if 'challenge' in session: del session['challenge'] session['register_username'] = username session['register_display_name'] = display_name session['challenge'] = challenge session['register_ukey'] = ukey make_credential_options = webauthn.WebAuthnMakeCredentialOptions( challenge, rp_name, RP_ID, ukey, username, display_name, 'https://example.com') # print(make_credential_options) # print(make_credential_options.registration_dict) return json.jsonify(make_credential_options.registration_dict)
def webauthn_begin_activate(): #clear session variables prior to starting a new registration session.pop('register_ukey', None) session.pop('register_id', None) session.pop('challenge', None) session['register_username'] = current_user.id session['register_display_name'] = current_user.vorname + " " + current_user.name challenge = util.generate_challenge(32) ukey = util.generate_ukey() # We strip the saved challenge of padding, so that we can do a byte # comparison on the URL-safe-without-padding challenge we get back # from the browser. # We will still pass the padded version down to the browser so that the JS # can decode the challenge into binary without too much trouble. session['challenge'] = challenge.rstrip('=') session['register_ukey'] = ukey make_credential_options = webauthn.WebAuthnMakeCredentialOptions( challenge, RP_NAME, RP_ID, ukey, current_user.id, current_user.vorname + " " + current_user.name, ORIGIN) return jsonify(make_credential_options.registration_dict)
def webauthn_begin_activate(): print("[ENTER] begin registration") import pdb pdb.set_trace() # MakeCredentialOptions username = request.form.get('register_username') display_name = request.form.get('register_display_name') if not util.validate_username(username): return make_response(jsonify({'fail': 'Invalid username.'}), 401) if not util.validate_display_name(display_name): return make_response(jsonify({'fail': 'Invalid display name.'}), 401) if User.query.filter_by(username=username).first(): return make_response(jsonify({'fail': 'User already exists.'}), 401) #clear session variables prior to starting a new registration session.pop('register_ukey', None) session.pop('register_username', None) session.pop('register_display_name', None) session.pop('challenge', None) session['register_username'] = username session['register_display_name'] = display_name challenge = util.generate_challenge(32) print("[INFO] registration challenge ", challenge) ukey = util.generate_ukey() # We strip the saved challenge of padding, so that we can do a byte # comparison on the URL-safe-without-padding challenge we get back # from the browser. # We will still pass the padded version down to the browser so that the JS # can decode the challenge into binary without too much trouble. session['challenge'] = challenge.rstrip('=') print("[INFO] challenge.rstrip('=') ", session['challenge']) session['register_ukey'] = ukey make_credential_options = webauthn.WebAuthnMakeCredentialOptions( challenge, RP_NAME, RP_ID, ukey, username, display_name, 'https://example.com') js = make_credential_options.registration_dict pprint.pprint(js) print("[EXIT] begin registration\n") return jsonify(js)
def webauthn_begin_register(): # MakeCredentialOptions username = request.form.get('register_username') display_name = request.form.get('register_display_name') password = request.form.get('register_password') if not util.validate_username(username): return make_response(jsonify({'fail': 'Invalid username.'}), 401) if not util.validate_display_name(display_name): return make_response(jsonify({'fail': 'Invalid display name.'}), 401) if auth.isRegistered(username): return make_response(jsonify({'fail': 'User already exists.'}), 401) #clear session variables prior to starting a new registration session.pop('register_ukey', None) session.pop('register_username', None) session.pop('register_display_name', None) session.pop('register_password', None) session.pop('challenge', None) session['register_username'] = username session['register_display_name'] = display_name # TODO: I am not sure if this is safe to do?!?!? session['register_password'] = password challenge = util.generate_challenge(32) ukey = util.generate_ukey() # We strip the saved challenge of padding, so that we can do a byte # comparison on the URL-safe-without-padding challenge we get back # from the browser. # We will still pass the padded version down to the browser so that the JS # can decode the challenge into binary without too much trouble. session['challenge'] = challenge.rstrip('=') session['register_ukey'] = ukey make_credential_options = webauthn.WebAuthnMakeCredentialOptions( challenge, RP_NAME, RP_ID, ukey, username, display_name, ORIGIN, attestation='none') return jsonify(make_credential_options.registration_dict)
def webauthn_begin_activate(): # MakeCredentialOptions username = request.form.get('username') display_name = request.form.get('displayName') if not util.validate_username(username): return make_response(jsonify({'fail': 'Invalid username.'}), 401) if not util.validate_display_name(display_name): return make_response(jsonify({'fail': 'Invalid display name.'}), 401) if User.query.filter_by(username=username).first(): return make_response(jsonify({'fail': 'User already exists.'}), 401) if 'register_ukey' in session: del session['register_ukey'] if 'register_username' in session: del session['register_username'] if 'register_display_name' in session: del session['register_display_name'] if 'challenge' in session: del session['challenge'] session['register_username'] = username session['register_display_name'] = display_name rp_name = 'localhost' challenge = util.generate_challenge(32) ukey = util.generate_ukey() session['challenge'] = challenge session['register_ukey'] = ukey make_credential_options = webauthn.WebAuthnMakeCredentialOptions( challenge, rp_name, RP_ID, ukey, username, display_name, 'https://example.com') return jsonify(make_credential_options.registration_dict)
def user_offer_reward(cls, uid, desc, fileName, fb, res_type, res_year, res_country): assert fileName is not None and len(fileName) > 0 assert fb > 0 assert uid > 0 assert ResourceInfo.is_valid_main_type(res_type) uid = long(uid) create_time = long(time() * 1000) rid = generate_ukey(uid, create_time) #seq_type, seq = yield get_next_sequence(cls._db_realtime, cls._key, res_type) reward = { "desc": desc, "fileName": fileName, "fb": fb, "uid": uid, "rid": rid, "append_fb": [], "append_uid": [], "res_type": res_type, "ctime": create_time, "file_info": {}, "append_time": [], "total_fb": fb, "res_year": res_year, "res_country": res_country, "is_finish": 0 } coin_ret = yield cls.user_coin_handle(uid, fb, False) if coin_ret: #add rid to the user reward #yield cls._db.user_reward.update({'uid': uid}, {'$push': {'reward_ids': rid}}, True) #add a reward to all reward yield cls._db.all_reward.insert(reward) #add a reward to my reward yield cls._db.my_reward.update({"uid": uid}, {"$addToSet": { "rid_list": rid }}, True) yield cls._db.my_reward.update( {"uid": uid}, {"$addToSet": { "rid_list" + str(res_type): rid }}, True)
def add_feed(cls, rid, rname, uid, t, content, link = "", desc = ""): assert t >= 0 and t < 4 assert uid > 0 #seq = yield get_next_sequence(cls._db_realtime, cls._key) cur_time = long(time()*1000) fid = generate_ukey(uid, cur_time) feed = {"fid": fid, "rid": rid, "rname": rname, "uid": uid, "type": t, "content": content, "ctime": cur_time, "link": link, "desc": desc} tmp_feed = {"fid": fid, "rid": rid, "rname": rname, "uid": uid, "type": t, "content": content, "ctime": cur_time, "link": link, "desc": desc} yield cls._db.all_feeds.insert(feed) friends = yield getFriendsById(uid) for item in friends: user_feed = {"uid": item["uid"], "fid": fid, "ctime": cur_time} yield cls._db.all_user_feeds.insert(user_feed) uid_tmp = "feed:"+str(item["uid"]) size = cls._redis.llen(uid_tmp) if size >= 200: cls._redis.rpop(uid_tmp) cls._redis.lpush(uid_tmp, json.dumps(tmp_feed))
def user_offer_reward(cls, uid, desc, fileName, fb, res_type, res_year, res_country): assert fileName is not None and len(fileName) > 0 assert fb > 0 assert uid > 0 assert ResourceInfo.is_valid_main_type(res_type) uid = long(uid) create_time = long(time()*1000) rid = generate_ukey(uid, create_time) #seq_type, seq = yield get_next_sequence(cls._db_realtime, cls._key, res_type) reward = {"desc":desc, "fileName":fileName, "fb":fb, "uid":uid, "rid":rid, "append_fb":[], "append_uid":[], "res_type":res_type, "ctime":create_time, "file_info":{},"append_time":[], "total_fb":fb,"res_year":res_year,"res_country":res_country,"is_finish":0} coin_ret = yield cls.user_coin_handle(uid, fb, False) if coin_ret: #add rid to the user reward #yield cls._db.user_reward.update({'uid': uid}, {'$push': {'reward_ids': rid}}, True) #add a reward to all reward yield cls._db.all_reward.insert(reward) #add a reward to my reward yield cls._db.my_reward.update({"uid": uid}, {"$addToSet": {"rid_list": rid}}, True) yield cls._db.my_reward.update({"uid": uid}, {"$addToSet": {"rid_list"+str(res_type): rid}}, True)
def webauthn_begin_activate(): jsonData = request.get_json() name = jsonData['name'] surname = jsonData['surname'] email = jsonData['email'] username = email display_name = name + " " + surname challenge = util.generate_challenge(32) id = util.generate_ukey() ''' PublicKeyCredentialCreationOptions rp-> Relying Party: It's the server where you want to authenticate. RP_NAME: name RP_ID: The RP ID must be equal to the origin's effective domain, or a registrable domain suffix of the origin's effective domain. The origin's scheme must be https. The origin's port is unrestricted. user information-> Information about the user registering Helps to choose from multiple credentials. username: it is a human-palatable identifier for a user account. It is intended only for display, i.e., aiding the user in determining the difference between user accounts with similar displayNames. For example, "alexm", "*****@*****.**" or "+14255551234". display_name: A human-palatable name for the user account, intended only for display. For example, "Alex P. Müller" or "田中 倫". The Relying Party SHOULD let the user choose this, and SHOULD NOT restrict the choice more than necessary. id: The user handle of the user account entity. A user handle is an opaque byte sequence with a maximum size of 64 bytes, and is not meant to be displayed to the user. ''' make_credential_options = webauthn.WebAuthnMakeCredentialOptions( challenge, RP_NAME, RP_ID, id, username, display_name, 'http://localhost') challenge = challenge.rstrip("=") insert = database.insert_db("insert into PublicKeyCredentialCreationOptions VALUES (?,?,?,?,?,?)",[RP_NAME, RP_ID,id,display_name,username,challenge]) return jsonify(make_credential_options.registration_dict)
import util print(util.generate_challenge(20)) print(util.generate_ukey())
def attestation_get_options(): username = request.form.get('username') display_name = request.form.get('displayName') if 'register_ukey' in session: del session['register_ukey'] if 'register_username' in session: del session['register_username'] if 'register_display_name' in session: del session['register_display_name'] if 'challenge' in session: del session['challenge'] if 'att_option' in session: del session['att_option'] if username == "" or username is None: username = util.random_username(8) if display_name == "" or display_name is None: display_name = username session['register_username'] = username session['register_display_name'] = display_name rp_name = RP_ID challenge = util.generate_challenge(32) ukey = util.generate_ukey() session['challenge'] = challenge session['register_ukey'] = ukey exclude_credentialids = [] webauthn_options = webauthn.WebAuthnOptions() try: options = Options.query.filter_by(rp_id=RP_ID).first() if options is None: options = Options() options.rp_id = RP_ID options.version = CURRENT_OPTIONS_TBL_VERSION options.option_content = json.dumps(webauthn_options.get()) db.session.add(options) db.session.commit() else: if options.version != CURRENT_OPTIONS_TBL_VERSION: return make_response( jsonify({'fail': 'Options Table Version Error.'}), 400) except Exception as e: return make_response( jsonify({'fail': 'Options Database Error: {}'.format(e)}), 500) webauthn_options.set(json.loads(options.option_content)) if webauthn_options.enableAttestationExcludeCredentials == 'true' and len( webauthn_options.attestationExcludeCredentialsUsers): users = Users.query.filter( Users.id.in_( webauthn_options.attestationExcludeCredentialsUsers)).all() for user in users: if not user.credential_id: app.logger.debug('Unknown credential ID.') return make_response( jsonify({'fail': 'Unknown credential ID.'}), 401) exclude_credentialids.append(str(user.credential_id)) make_credential_options = webauthn.WebAuthnMakeCredentialOptions( webauthn_options, exclude_credentialids, challenge, rp_name, RP_ID, ukey, username, display_name, 'https://example.com') reg_dict = json.dumps(make_credential_options.registration_dict, indent=2) session['att_option'] = reg_dict return make_response(jsonify(make_credential_options.registration_dict), 200)