def test_verify_assertion_invalid(self): user_service = pretend.stub( verify_webauthn_credential=pretend.raiser( webauthn.RegistrationRejectedException("Fake exception") ), get_webauthn_by_label=pretend.call_recorder(lambda *a: None), ) form = forms.ProvisionWebAuthnForm( data={"credential": "{}", "label": "fake label"}, user_service=user_service, user_id=pretend.stub(), challenge=pretend.stub(), rp_id=pretend.stub(), origin=pretend.stub(), ) assert not form.validate() assert form.credential.errors.pop() == "Fake exception"
def verify_webauthn_credential(self, credential, *, challenge, rp_id, origin): """ Checks whether the given credential is valid, i.e. suitable for generating assertions during authentication. Returns the validated credential on success, raises webauthn.RegistrationRejectedException on failure. """ validated_credential = webauthn.verify_registration_response( credential, challenge=challenge, rp_id=rp_id, origin=origin) webauthn_cred = (self.db.query(WebAuthn).filter_by( credential_id=validated_credential.credential_id.decode()).first()) if webauthn_cred is not None: raise webauthn.RegistrationRejectedException( "Credential ID already in use") return validated_credential