def webauthn_begin_assertion():
jsonData = request.get_json()
username = jsonData['username']
if not util.validate_username(username):
return make_response(jsonify({'fail': 'Invalid username.'}), 401)
user = database.query_db("select * from Users where username=?",[username])[0]
if len(user) == 0:
return make_response(jsonify({'fail': 'User does not exist.'}), 401)
if not user[4]:
return make_response(jsonify({'fail': 'Unknown credential ID.'}), 401)
challenge = util.generate_challenge(32)
# We strip the padding from the challenge stored in the session
# for the reasons outlined in the comment in webauthn_begin_activate.
toStoreChallenge = challenge.rstrip('=')
try:
insert = database.insert_db("insert into PublicKeyCredentialCreationOptions VALUES (?,?,?,?,?,?)",[None, None,user[0],None,username,toStoreChallenge])
except:
update = database.insert_db("update PublicKeyCredentialCreationOptions SET challenge=? where user_username=?",[toStoreChallenge,username])
webauthn_user = webauthn.WebAuthnUser(
user[0], user[1], user[2], user[6],
user[4], user[3], user[5], user[7])
webauthn_assertion_options = webauthn.WebAuthnAssertionOptions(
webauthn_user, challenge)
return jsonify(webauthn_assertion_options.assertion_dict)
def webauthn_begin_assertion():
username = request.form.get('username')
if not util.validate_username(username):
return make_response(jsonify({'fail': 'Invalid username.'}), 401)
user = User.query.filter_by(username=username).first()
if not user:
return make_response(jsonify({'fail': 'User does not exist.'}), 401)
if not user.credential_id:
return make_response(jsonify({'fail': 'Unknown credential ID.'}), 401)
if 'challenge' in session:
del session['challenge']
challenge = util.generate_challenge(32)
session['challenge'] = challenge
webauthn_user = webauthn.WebAuthnUser(
user.ukey,
user.username,
user.display_name,
user.icon_url,
user.credential_id,
user.pub_key,
user.sign_count,
user.rp_id)
webauthn_assertion_options = webauthn.WebAuthnAssertionOptions(
webauthn_user,
challenge)
return jsonify(webauthn_assertion_options.assertion_dict)
def webauthn_begin_activate():
'''
This url is called when the registration process starts
'''
username = request.form.get('register_username')
if not util.validate_username(username):
return make_response(jsonify({'fail': 'Invalid username.'}), 401)
display_name = request.form.get('register_display_name')
user_exists = database.user_exists(username)
if not user_exists or not current_user.is_authenticated or not username == current_user.id:
return make_response(jsonify({'fail': 'User not logged in.'}), 401)
if not util.validate_token_name(display_name):
return make_response(jsonify({'fail': 'Invalid display name.'}), 401)
# clear session variables prior to starting a new registration
session.pop('register_ukey', None)
session.pop('register_username', None)
session.pop('register_display_name', None)
session.pop('challenge', None)
session['register_username'] = username
session['register_display_name'] = display_name
challenge = util.generate_challenge(32)
ukey = util.generate_ukey()
session['challenge'] = challenge.rstrip('=')
session['register_ukey'] = ukey
make_credential_options = webauthn.WebAuthnMakeCredentialOptions(
challenge, RP_NAME, RP_ID, ukey, username, display_name,
cfg['host']['origin'])
return jsonify(make_credential_options.registration_dict)
def join(member):
"""
회원 등록. 회원 정보를 포함하고 있는 딕셔너리를 던져 주면
회원 등록을 시도한다. 실패했을 경우 상황에 따른 오류 코드를 반환한다.
member에 오는 키와 값은 다음과 같다.
- username: 사용자 ID
- password: 사용자 암호. 두 번 입력받는 걸 검증하는 역할은 프론트엔드에서 담당한다. 암호화되지 않음.
- nick: 별명.
- email: 이메일 주소.
- signature: 글 뒤에 붙는 시그.
- introduction: 회원 정보 페이지에 뜨는 자기 소개.
@type member: dict
@param member: 회원 정보 딕셔너리.
@rtype tuple
@return: 회원 등록 성공 여부(T/F)와 오류 코드(실패 시)를 포함하는 튜플.
"""
if not util.validate_username(member['username']):
return (False, _('INVALID_USERNAME'))
if _get_uid_from_username(member['username']) > 0:
return (False, _('ID_ALREADY_EXISTS'))
t = db.transaction()
try:
result = db.insert('Users', uNick = member['nick'], uEmail = member['email'],
uId = member['username'], uPasswd = generate_password(member['password']),
uDatetime = web.SQLLiteral('NOW()'), uSig = '', uPlan = '')
except:
t.rollback()
return (False, _('DATABASE_ERROR'))
else:
t.commit()
return (True, '')
def webauthn_begin_assertion():
'''
This url is called when the authentication process begins
'''
username = request.form.get('login_username')
if not util.validate_username(username):
return make_response(jsonify({'fail': 'Invalid username.'}), 401)
credentials = database.get_credentials(username)
user = database.get_user(username)
if not user:
return make_response(jsonify({'fail': 'User does not exist.'}), 401)
session.pop('challenge', None)
challenge = util.generate_challenge(32)
session['challenge'] = challenge.rstrip('=')
webauthn_users = []
for credential in credentials:
webauthn_users.append(
webauthn.WebAuthnUser(credential.ukey, credential.username,
credential.display_name, credential.icon_url,
credential.credential_id, credential.pub_key,
credential.sign_count, credential.rp_id))
webauthn_assertion_options = webauthn.WebAuthnAssertionOptions(
webauthn_users, challenge)
return jsonify(webauthn_assertion_options.assertion_dict)
def webauthn_begin_assertion():
username = request.form.get('login_username')
if not util.validate_username(username):
return make_response(jsonify({'fail': 'Invalid username.'}), 401)
user = User.query.filter_by(username=username).first()
if not user:
return make_response(jsonify({'fail': 'User does not exist.'}), 401)
if not user.credential_id:
return make_response(jsonify({'fail': 'Unknown credential ID.'}), 401)
session.pop('challenge', None)
challenge = util.generate_challenge(32)
# We strip the padding from the challenge stored in the session
# for the reasons outlined in the comment in webauthn_begin_activate.
session['challenge'] = challenge.rstrip('=')
webauthn_user = webauthn.WebAuthnUser(user.ukey, user.username,
user.display_name, user.icon_url,
user.credential_id, user.pub_key,
user.sign_count, user.rp_id)
webauthn_assertion_options = webauthn.WebAuthnAssertionOptions(
webauthn_user, challenge)
return jsonify(webauthn_assertion_options.assertion_dict)
def webauthn_begin_login():
username = request.form.get('login_username')
password = request.form.get('login_password')
if not util.validate_username(username):
return make_response(jsonify({'fail': 'Invalid username.'}), 401)
_, person = auth.getPerson(username)
if not person:
return make_response(jsonify({'fail': 'User does not exist.'}), 401)
if not person.credential_id:
return make_response(jsonify({'fail': 'Unknown credential ID.'}), 401)
session.pop('challenge', None)
session.pop('login_password', None)
challenge = util.generate_challenge(32)
# We strip the padding from the challenge stored in the session
# for the reasons outlined in the comment in webauthn_begin_activate.
session['challenge'] = challenge.rstrip('=')
session['login_password'] = password
webauthn_user = webauthn.WebAuthnUser(
person.ukey, person.username, person.display_name, person.icon_url,
person.credential_id, person.pub_key, person.sign_count, person.rp_id)
webauthn_assertion_options = webauthn.WebAuthnAssertionOptions(
webauthn_user, challenge)
return jsonify(webauthn_assertion_options.assertion_dict)
def scrape_upload_dir_outer(verbose=False, dev=False):
"""
TODO: consider implementing upload timeout
As currently implemented dokuwiki buffers files and writes them instantly
However might want to allow slower uploads such as through sftp
Consider verifying the file size is stable (say over 1 second)
"""
verbose and print("")
verbose and print("Scraping upload dir")
change = False
# Check main dir with username prefix
scrape_upload_dir_inner(env.SIPAGER_DIR, verbose=verbose)
# Check user dirs
for glob_dir in glob.glob(env.SIPAGER_DIR + "/*"):
fn_can = os.path.realpath(glob_dir)
if not os.path.isdir(fn_can):
continue
if fn_can in failed_upload_files:
continue
basename = os.path.basename(fn_can)
if basename == "done":
continue
user = basename
if not validate_username(user):
failed_upload_files.add(fn_can)
print("Invalid user name: %s" % user)
continue
scrape_upload_dir_inner(glob_dir, verbose=verbose, assume_user=user)
if change:
simapper.reindex_all(dev=dev)
def webauthn_begin_activate():
print("[ENTER] begin registration")
import pdb
pdb.set_trace()
# MakeCredentialOptions
username = request.form.get('register_username')
display_name = request.form.get('register_display_name')
if not util.validate_username(username):
return make_response(jsonify({'fail': 'Invalid username.'}), 401)
if not util.validate_display_name(display_name):
return make_response(jsonify({'fail': 'Invalid display name.'}), 401)
if User.query.filter_by(username=username).first():
return make_response(jsonify({'fail': 'User already exists.'}), 401)
#clear session variables prior to starting a new registration
session.pop('register_ukey', None)
session.pop('register_username', None)
session.pop('register_display_name', None)
session.pop('challenge', None)
session['register_username'] = username
session['register_display_name'] = display_name
challenge = util.generate_challenge(32)
print("[INFO] registration challenge ", challenge)
ukey = util.generate_ukey()
# We strip the saved challenge of padding, so that we can do a byte
# comparison on the URL-safe-without-padding challenge we get back
# from the browser.
# We will still pass the padded version down to the browser so that the JS
# can decode the challenge into binary without too much trouble.
session['challenge'] = challenge.rstrip('=')
print("[INFO] challenge.rstrip('=') ", session['challenge'])
session['register_ukey'] = ukey
make_credential_options = webauthn.WebAuthnMakeCredentialOptions(
challenge, RP_NAME, RP_ID, ukey, username, display_name,
'https://example.com')
js = make_credential_options.registration_dict
pprint.pprint(js)
print("[EXIT] begin registration\n")
return jsonify(js)
def webauthn_begin_register():
# MakeCredentialOptions
username = request.form.get('register_username')
display_name = request.form.get('register_display_name')
password = request.form.get('register_password')
if not util.validate_username(username):
return make_response(jsonify({'fail': 'Invalid username.'}), 401)
if not util.validate_display_name(display_name):
return make_response(jsonify({'fail': 'Invalid display name.'}), 401)
if auth.isRegistered(username):
return make_response(jsonify({'fail': 'User already exists.'}), 401)
#clear session variables prior to starting a new registration
session.pop('register_ukey', None)
session.pop('register_username', None)
session.pop('register_display_name', None)
session.pop('register_password', None)
session.pop('challenge', None)
session['register_username'] = username
session['register_display_name'] = display_name
# TODO: I am not sure if this is safe to do?!?!?
session['register_password'] = password
challenge = util.generate_challenge(32)
ukey = util.generate_ukey()
# We strip the saved challenge of padding, so that we can do a byte
# comparison on the URL-safe-without-padding challenge we get back
# from the browser.
# We will still pass the padded version down to the browser so that the JS
# can decode the challenge into binary without too much trouble.
session['challenge'] = challenge.rstrip('=')
session['register_ukey'] = ukey
make_credential_options = webauthn.WebAuthnMakeCredentialOptions(
challenge, RP_NAME, RP_ID, ukey, username, display_name,
ORIGIN, attestation='none')
return jsonify(make_credential_options.registration_dict)
def webauthn_begin_activate():
# MakeCredentialOptions
username = request.form.get('username')
display_name = request.form.get('displayName')
if not util.validate_username(username):
return make_response(jsonify({'fail': 'Invalid username.'}), 401)
if not util.validate_display_name(display_name):
return make_response(jsonify({'fail': 'Invalid display name.'}), 401)
if User.query.filter_by(username=username).first():
return make_response(jsonify({'fail': 'User already exists.'}), 401)
if 'register_ukey' in session:
del session['register_ukey']
if 'register_username' in session:
del session['register_username']
if 'register_display_name' in session:
del session['register_display_name']
if 'challenge' in session:
del session['challenge']
session['register_username'] = username
session['register_display_name'] = display_name
rp_name = 'localhost'
challenge = util.generate_challenge(32)
ukey = util.generate_ukey()
session['challenge'] = challenge
session['register_ukey'] = ukey
make_credential_options = webauthn.WebAuthnMakeCredentialOptions(
challenge,
rp_name,
RP_ID,
ukey,
username,
display_name,
'https://example.com')
return jsonify(make_credential_options.registration_dict)
def webauthn_begin_assertion():
username = request.form.get('login_username')
print("[ENTER] begin authentcation for user ", username)
import pdb
pdb.set_trace()
if not util.validate_username(username):
print("[ERROR] Invalid username.")
return make_response(jsonify({'fail': 'Invalid username.'}), 401)
user = User.query.filter_by(username=username).first()
if not user:
print("[ERROR] User does not exist.")
return make_response(jsonify({'fail': 'User does not exist.'}), 401)
if not user.credential_id:
print("[ERROR] Unknown credential ID.")
return make_response(jsonify({'fail': 'Unknown credential ID.'}), 401)
session.pop('challenge', None)
challenge = util.generate_challenge(32, True)
print("[INFO] authentication challenge ", challenge)
# print("[INFO] challenge type ", type(challenge))
# We strip the padding from the challenge stored in the session
# for the reasons outlined in the comment in webauthn_begin_activate.
session['challenge'] = challenge.rstrip('=')
webauthn_user = webauthn.WebAuthnUser(user.ukey, user.username,
user.display_name, user.icon_url,
user.credential_id, user.pub_key,
user.sign_count, user.rp_id)
webauthn_assertion_options = webauthn.WebAuthnAssertionOptions(
webauthn_user, challenge)
ad = webauthn_assertion_options.assertion_dict
pprint.pprint(ad)
print("[EXIT] begin authentcation\n")
return jsonify(ad)
def process(entry):
print("")
print(entry)
print("Validating URL file name...")
source_fn = entry.get("local_fn") or entry["url"]
url_check = entry.get("force_name") or source_fn
print("Parsing raw URL: %s" % (url_check, ))
# Patch up case errors server side
url_check = url_check.lower()
# Allow query strings at end (ex: for filebin)
url_check = url_check.split("?")[0]
print("Parsing simplified URL: %s" % (url_check, ))
fnbase, vendor, chipid, flavor = parse_image_name(url_check)
if not validate_username(entry["user"]):
print("Invalid user name: %s" % entry["user"])
entry["status"] = STATUS_ERROR
return
"""
script_fn = "/home/mcmaster/bin/map-%s" % entry["user"]
if not os.path.exists(script_fn):
print("Import script not found: %s" % script_fn)
entry["status"] = STATUS_ERROR
return
"""
print("Checking if exists..")
vendor_dir = "%s/%s/" % (
env.MAP_DIR,
vendor,
)
chipid_dir = env.MAP_DIR + "/" + vendor + "/" + chipid
single_dir = env.MAP_DIR + "/" + vendor + "/" + chipid + "/single"
single_fn = env.MAP_DIR + "/" + vendor + "/" + chipid + "/single/" + fnbase
map_fn = env.MAP_DIR + "/%s/%s/%s" % (vendor, chipid, flavor)
print("Checking %s...." % single_fn)
if os.path.exists(single_fn):
print("Collision (single): %s" % single_fn)
entry["status"] = STATUS_COLLISION
return
print("Checking %s...." % map_fn)
if os.path.exists(map_fn):
print("Collision (map): %s" % map_fn)
entry["status"] = STATUS_COLLISION
return
def cleanup():
if os.path.exists(single_fn):
print("WARNING: deleting map image failure: " + single_fn)
os.unlink(single_fn)
if os.path.exists(map_fn):
print("WARNING: deleting map dir on failure: " + map_fn)
shutil.rmtree(map_fn)
try:
print("Checking if directories exist....")
if not os.path.exists(vendor_dir):
print("Create %s" % vendor_dir)
os.mkdir(vendor_dir)
if not os.path.exists(chipid_dir):
print("Create %s" % chipid_dir)
os.mkdir(chipid_dir)
if not os.path.exists(single_dir):
print("Create %s" % single_dir)
os.mkdir(single_dir)
print("Fetching file...")
if "local_fn" in entry:
print("Local copy %s => %s" % (entry["local_fn"], single_fn))
shutil.copy(entry["local_fn"], single_fn)
else:
print("Downloading %s => %s" % (entry["url"], single_fn))
with urllib.request.urlopen(entry["url"]) as response:
# Note: this fixes case issue as we explicitly set output case lower
ftmp = open(single_fn, "wb")
shutil.copyfileobj(response, ftmp)
ftmp.close()
# Sanity check its image file / multimedia
# Mostly intended for failing faster on HTML in non-direct link
subprocess.check_call(["identify", single_fn])
print("Sanity check OK")
print("Converting...")
try:
map_user.run(user=entry["user"],
files=[single_fn],
run_img2doku=False)
except:
print("Conversion failed")
traceback.print_exc()
entry["status"] = STATUS_ERROR
return
_out_txt, wiki_page, wiki_url, map_chipid_url, wrote, exists = img2doku.run(
hi_fns=[single_fn],
collect=entry["user"],
write=True,
write_lazy=True,
www_dir=env.WWW_DIR)
print("wiki_page: " + wiki_page)
print("wiki_url: " + wiki_url)
print("map_chipid_url: " + map_chipid_url)
print("wrote: " + str(wrote))
print("exists: " + str(exists))
entry["map"] = map_chipid_url
entry["wiki"] = wiki_url
log_simapper_update(entry)
if "local_fn" in entry:
shift_done(entry)
entry["status"] = STATUS_DONE
finally:
if entry["status"] != STATUS_DONE:
print("Cleaning up on non-sucess")
cleanup()
import sys
import colorlabels as cl
from service.auth import register
from util import validate_password, validate_username
if __name__ == '__main__':
if len(sys.argv) < 3:
cl.warning('Usage: %s username password' % sys.argv[0])
sys.exit(-1)
username = sys.argv[1]
password = sys.argv[2]
r = validate_username(username)
if not r:
cl.error(str(r))
sys.exit(-1)
r = validate_password(password)
if not r:
cl.error(str(r))
sys.exit(-1)
if register(username, password):
cl.success('Successfully registered user %r.' % username)
else:
cl.error('User %r already exists!' % username)
