def fido2_keys_user_validate(user_id):
keys = list_fido2_keys(user_id)
credentials = list(map(lambda k: pickle.loads(base64.b64decode(k.key)), keys))
data = request.get_json()
cbor_data = cbor.decode(base64.b64decode(data["payload"]))
credential_id = cbor_data['credentialId']
client_data = ClientData(cbor_data['clientDataJSON'])
auth_data = AuthenticatorData(cbor_data['authenticatorData'])
signature = cbor_data['signature']
Config.FIDO2_SERVER.authenticate_complete(
get_fido2_session(user_id),
credentials,
credential_id,
client_data,
auth_data,
signature
)
user_to_verify = get_user_by_id(user_id=user_id)
user_to_verify.current_session_id = str(uuid.uuid4())
user_to_verify.logged_in_at = datetime.utcnow()
user_to_verify.failed_login_count = 0
save_model_user(user_to_verify)
return jsonify({'status': 'OK'})
def fido2_keys_user_authenticate(user_id):
keys = list_fido2_keys(user_id)
credentials = list(map(lambda k: pickle.loads(base64.b64decode(k.key)), keys))
auth_data, state = Config.FIDO2_SERVER.authenticate_begin(credentials)
create_fido2_session(user_id, state)
# API Client only like JSON
return jsonify({"data": base64.b64encode(cbor.encode(auth_data)).decode('utf8')})
def fido2_keys_user_authenticate(user_id):
keys = list_fido2_keys(user_id)
# It is safe to do pickle.loads as we ensure the data represents FIDO key when storing
credentials = list(
map(lambda k: pickle.loads(base64.b64decode(k.key)), keys)) # nosec
auth_data, state = Config.FIDO2_SERVER.authenticate_begin(credentials)
create_fido2_session(user_id, state)
# API Client only like JSON
return jsonify(
{"data": base64.b64encode(cbor.encode(auth_data)).decode('utf8')})
def fido2_keys_user_register(user_id):
user = get_user_and_accounts(user_id)
keys = list_fido2_keys(user_id)
credentials = list(map(lambda k: pickle.loads(base64.b64decode(k.key)), keys))
registration_data, state = Config.FIDO2_SERVER.register_begin({
'id': user.id.bytes,
'name': user.name,
'displayName': user.name,
}, credentials, user_verification='discouraged')
create_fido2_session(user_id, state)
# API Client only like JSON
return jsonify({"data": base64.b64encode(cbor.encode(registration_data)).decode('utf8')})
def list_fido2_keys_user(user_id):
data = list_fido2_keys(user_id)
return jsonify(list(map(lambda o: o.serialize(), data)))
def test_list_fido2_keys(sample_fido2_key):
Fido2Key(**{'user': sample_fido2_key.user, 'name': "Name", 'key': "Key"})
keys = list_fido2_keys(sample_fido2_key.user.id)
assert len(keys) == 2
def test_list_fido2_keys(sample_fido2_key):
Fido2Key(**{"user": sample_fido2_key.user, "name": "Name", "key": "Key"})
keys = list_fido2_keys(sample_fido2_key.user.id)
assert len(keys) == 2
