def test_client_data(self): client_data = ClientData( b'{"typ":"navigator.id.finishEnrollment","challenge":"vqrS6WXDe1JUs5_c3i4-LkKIHRr-3XVb3azuA5TifHo","cid_pubkey":{"kty":"EC","crv":"P-256","x":"HzQwlfXX7Q4S5MtCCnZUNBw3RMzPO9tOyWjBqRl4tJ8","y":"XVguGFLIZx1fXg3wNqfdbn75hi4-_7-BxhMljw42Ht4"},"origin":"http://example.com"}' ) # noqa self.assertEqual( client_data.hash, a2b_hex( '4142d21c00d94ffb9d504ada8f99b721f4b191ae4e37ca0140f696b6983cfacb' )) # noqa self.assertEqual(client_data.get('origin'), 'http://example.com') self.assertEqual(client_data, ClientData.from_b64(client_data.b64)) self.assertEqual( client_data.data, { 'typ': 'navigator.id.finishEnrollment', 'challenge': 'vqrS6WXDe1JUs5_c3i4-LkKIHRr-3XVb3azuA5TifHo', 'cid_pubkey': { 'kty': 'EC', 'crv': 'P-256', 'x': 'HzQwlfXX7Q4S5MtCCnZUNBw3RMzPO9tOyWjBqRl4tJ8', 'y': 'XVguGFLIZx1fXg3wNqfdbn75hi4-_7-BxhMljw42Ht4' }, 'origin': 'http://example.com' })
def test_client_data(self): client_data = ClientData( b'{"typ":"navigator.id.finishEnrollment","challenge":"vqrS6WXDe1JUs5_c3i4-LkKIHRr-3XVb3azuA5TifHo","cid_pubkey":{"kty":"EC","crv":"P-256","x":"HzQwlfXX7Q4S5MtCCnZUNBw3RMzPO9tOyWjBqRl4tJ8","y":"XVguGFLIZx1fXg3wNqfdbn75hi4-_7-BxhMljw42Ht4"},"origin":"http://example.com"}' # noqa E501 ) self.assertEqual( client_data.hash, a2b_hex( "4142d21c00d94ffb9d504ada8f99b721f4b191ae4e37ca0140f696b6983cfacb" ), ) self.assertEqual(client_data.get("origin"), "http://example.com") self.assertEqual(client_data, ClientData.from_b64(client_data.b64)) self.assertEqual( client_data.data, { "typ": "navigator.id.finishEnrollment", "challenge": "vqrS6WXDe1JUs5_c3i4-LkKIHRr-3XVb3azuA5TifHo", "cid_pubkey": { "kty": "EC", "crv": "P-256", "x": "HzQwlfXX7Q4S5MtCCnZUNBw3RMzPO9tOyWjBqRl4tJ8", "y": "XVguGFLIZx1fXg3wNqfdbn75hi4-_7-BxhMljw42Ht4", }, "origin": "http://example.com", }, )
def page(self) -> CBORPageResult: assert user.id is not None user.need_permission("general.manage_2fa") raw_data = request.get_data() logger.debug("Raw request: %r", raw_data) data: dict[str, object] = cbor.decode(raw_data) client_data = ClientData(data["clientDataJSON"]) att_obj = AttestationObject(data["attestationObject"]) logger.debug("Client data: %r", client_data) logger.debug("Attestation object: %r", att_obj) try: auth_data = make_fido2_server().register_complete( session.session_info.webauthn_action_state, client_data, att_obj) except ValueError as e: if "Invalid origin in ClientData" in str(e): raise MKGeneralException( "The origin %r is not valid. You need to access the UI via HTTPS " "and you need to use a valid host or domain name. See werk #13325 for " "further information" % client_data.get("origin")) from e raise ident = auth_data.credential_data.credential_id.hex() credentials = load_two_factor_credentials(user.id, lock=True) if ident in credentials["webauthn_credentials"]: raise MKGeneralException( _("Your WebAuthn credential is already in use")) credentials["webauthn_credentials"][ident] = WebAuthnCredential({ "credential_id": ident, "registered_at": int(time.time()), "alias": "", "credential_data": bytes(auth_data.credential_data), }) save_two_factor_credentials(user.id, credentials) flash(_("Registration successful")) return {"status": "OK"}