def create_request_body(user, url, cmd=None): info = urlparse.urlparse(url) host = info.netloc pw_hash = verify_password(user.identity, user.pw) if not pw_hash: raise Exception('Invalid password') salt = crypto_generichash(user.identity.salt) original_masterkey = xor_masterkey(user.identity.masterkey, pw_hash, salt) seed = crypto_generichash(host, k=original_masterkey) pk, sk = generate_site_keypair(original_masterkey, host) req = libsqrl.SqrlRequestBody() req.server = url req.client.cmd = cmd req.client.idk = pk clientval = req.client.serialize() serverval = base64url.encode(req.server) m = clientval + serverval req.ids = base64url.encode(crypto_sign(m, sk)) return req
def create_request_body(user, url, cmd=None): info = urlparse.urlparse(url) host = info.netloc pw_hash = verify_password(user.identity, user.pw) if not pw_hash: raise Exception('Invalid password') salt = crypto_generichash(user.identity.salt) original_masterkey = xor_masterkey( user.identity.masterkey, pw_hash, salt) seed = crypto_generichash(host, k=original_masterkey) pk, sk = generate_site_keypair(original_masterkey, host) req = libsqrl.SqrlRequestBody() req.server = url req.client.cmd = cmd req.client.idk = pk clientval = req.client.serialize() serverval = base64url.encode(req.server) m = clientval + serverval req.ids = base64url.encode(crypto_sign(m, sk)) return req
def serialize(self): return base64url.encode('&'.join([ 'ver=' + str(self.ver), 'cmd=' + str(self.cmd), 'idk=' + base64url.encode(self.idk), 'pidk=' + (base64url.encode(self.pidk) if len(self.pidk) > 0 else ''), 'suk=' + (base64url.encode(self.suk) if len(self.suk) > 0 else ''), 'vuk=' + (base64url.encode(self.vuk) if len(self.vuk) > 0 else '') ]))
def serialize(self): return '&'.join([ 'client=' + self.client.serialize(), 'server=' + base64url.encode(self.server), 'ids=' + base64url.encode(self.ids), 'pids=' + (base64url.encode(self.pids) if len(self.pids) > 0 else ''), 'urs=' + (base64url.encode(self.urs) if len(self.urs) > 0 else '') ])
def index(): try: session_id = unicode(session['session_id']) except KeyError: session_id = base64url.encode(crypto_stream(8L)) session['session_id'] = session_id user = get_user_by_session(session_id) if user: return render_template('logged_in.html', idk=user.idk) else: login_url = generate_login_url(session_id) qr_code = base64url.encode(login_url) return render_template('login.html', login_url=login_url, qr_code=qr_code)
def login(identity, pw, url): info = urlparse.urlparse(url) if info.scheme not in ['qrl', 'sqrl']: raise Exception('Url schema not supported.') secure = info.scheme == 'sqrl' host = info.netloc headers = { 'User-Agent': 'SQRL/1' } if '@' in host: userpass, host = host.split('@') headers['Authentication'] = userpass pw_hash = create_pw_hash(pw, identity.salt, identity.pw_iterations) original_masterkey = xor_masterkey(identity.masterkey, pw_hash, identity.salt) pk, sk = generate_site_keypair(original_masterkey, host) clientargs = dict( ver=1, cmd='login', idk=base64url.encode(pk) ) clientval = base64url.encode('&'.join('%s=%s' % (k, v) for k, v in clientargs.iteritems())) serverval = base64url.encode(url) m = clientval + serverval ids = base64url.encode(crypto_sign(m, sk)) args = { 'client': clientval, 'server': serverval, 'ids': ids } payload = '&'.join('%s=%s' % (k, v) for k, v in args.iteritems()) if secure: post_url = url.replace('sqrl://', 'https://') else: post_url = url.replace('qrl://', 'http://') r = requests.post(post_url, data=payload, headers=headers) print r.text return r
def get_user_by_idk(idk): vals = (base64url.encode(idk),) c = conn.cursor() c.execute(""" select id, idk, suk, vuk from sqrl_identity where idk = ? """, vals) row = c.fetchone() return sqrl_user(*row) if row else None
def get_user_by_idk(idk): vals = (base64url.encode(idk), ) c = conn.cursor() c.execute( """ select id, idk, suk, vuk from sqrl_identity where idk = ? """, vals) row = c.fetchone() return sqrl_user(*row) if row else None
def index(): login_url = generate_login_url() qr_data = base64url.encode(login_url) return '<p>Login url:</p><a href="' + login_url + '"><img src="/qr?' + qr_data + '" /></a><p>' + login_url + '</p>'
def handle_sqrl_request(): req = libsqrl.SqrlRequestBody.deserialize(request.data) # TODO: Verify signatures # TODO: Verify unchanged message contents info = urlparse.urlparse(req.server) qs = urlparse.parse_qs(info.query) session_id = qs['session_id'][0] user = get_user_by_idk(req.client.idk) tif = libsqrl.TIF.AccountCreationEnabled if user: tif |= libsqrl.TIF.IdMatch # TODO: Update TIF if 'setkey' in req.client.cmd: abort(505) if 'setlock' in req.client.cmd: abort(505) if 'disable' in req.client.cmd: abort(505) if 'enable' in req.client.cmd: abort(505) if 'delete' in req.client.cmd: abort(505) if 'create' in req.client.cmd: c = conn.cursor() vals = (base64url.encode(req.client.idk), \ base64url.encode(req.client.suk), \ base64url.encode(req.client.vuk)) c.execute(""" insert into sqrl_identity (idk, suk, vuk) values (?, ?, ?) """, vals) conn.commit() if user and 'login' in req.client.cmd: c = conn.cursor() vals = (session_id, user.identity_id, datetime.utcnow()) c.execute(""" insert into sqrl_session ( session_id, identity_id, created_date) values (?, ?, ?) """, vals) conn.commit() if 'logme' in req.client.cmd: abort(505) if 'logoff' in req.client.cmd: abort(505) # TODO: Attach nut res = libsqrl.SqrlResponse() res.tif = tif if user: res.suk = user.suk res.vuk = user.vuk return res.serialize()
def handle_sqrl_request(): req = libsqrl.SqrlRequestBody.deserialize(request.data) # TODO: Verify signatures # TODO: Verify unchanged message contents info = urlparse.urlparse(req.server) qs = urlparse.parse_qs(info.query) session_id = qs['session_id'][0] user = get_user_by_idk(req.client.idk) tif = libsqrl.TIF.AccountCreationEnabled if user: tif |= libsqrl.TIF.IdMatch # TODO: Update TIF if 'setkey' in req.client.cmd: abort(505) if 'setlock' in req.client.cmd: abort(505) if 'disable' in req.client.cmd: abort(505) if 'enable' in req.client.cmd: abort(505) if 'delete' in req.client.cmd: abort(505) if 'create' in req.client.cmd: c = conn.cursor() vals = (base64url.encode(req.client.idk), \ base64url.encode(req.client.suk), \ base64url.encode(req.client.vuk)) c.execute( """ insert into sqrl_identity (idk, suk, vuk) values (?, ?, ?) """, vals) conn.commit() if user and 'login' in req.client.cmd: c = conn.cursor() vals = (session_id, user.identity_id, datetime.utcnow()) c.execute( """ insert into sqrl_session ( session_id, identity_id, created_date) values (?, ?, ?) """, vals) conn.commit() if 'logme' in req.client.cmd: abort(505) if 'logoff' in req.client.cmd: abort(505) # TODO: Attach nut res = libsqrl.SqrlResponse() res.tif = tif if user: res.suk = user.suk res.vuk = user.vuk return res.serialize()
def serialize(self): return '&'.join([ 'tif=' + str(self.tif), 'suk=' + (base64url.encode(self.suk) if len(self.suk) > 0 else ''), 'vuk=' + (base64url.encode(self.vuk) if len(self.vuk) > 0 else '') ])
def generate_login_url(): return 'qrl://localhost:5000/sqrl?' + base64url.encode(crypto_stream(32L))