def fido2_keys_user_validate(user_id): keys = list_fido2_keys(user_id) credentials = list(map(lambda k: pickle.loads(base64.b64decode(k.key)), keys)) data = request.get_json() cbor_data = cbor.decode(base64.b64decode(data["payload"])) credential_id = cbor_data['credentialId'] client_data = ClientData(cbor_data['clientDataJSON']) auth_data = AuthenticatorData(cbor_data['authenticatorData']) signature = cbor_data['signature'] Config.FIDO2_SERVER.authenticate_complete( get_fido2_session(user_id), credentials, credential_id, client_data, auth_data, signature ) user_to_verify = get_user_by_id(user_id=user_id) user_to_verify.current_session_id = str(uuid.uuid4()) user_to_verify.logged_in_at = datetime.utcnow() user_to_verify.failed_login_count = 0 save_model_user(user_to_verify) return jsonify({'status': 'OK'})
def fido2_keys_user_authenticate(user_id): keys = list_fido2_keys(user_id) credentials = list(map(lambda k: pickle.loads(base64.b64decode(k.key)), keys)) auth_data, state = Config.FIDO2_SERVER.authenticate_begin(credentials) create_fido2_session(user_id, state) # API Client only like JSON return jsonify({"data": base64.b64encode(cbor.encode(auth_data)).decode('utf8')})
def fido2_keys_user_authenticate(user_id): keys = list_fido2_keys(user_id) # It is safe to do pickle.loads as we ensure the data represents FIDO key when storing credentials = list( map(lambda k: pickle.loads(base64.b64decode(k.key)), keys)) # nosec auth_data, state = Config.FIDO2_SERVER.authenticate_begin(credentials) create_fido2_session(user_id, state) # API Client only like JSON return jsonify( {"data": base64.b64encode(cbor.encode(auth_data)).decode('utf8')})
def fido2_keys_user_register(user_id): user = get_user_and_accounts(user_id) keys = list_fido2_keys(user_id) credentials = list(map(lambda k: pickle.loads(base64.b64decode(k.key)), keys)) registration_data, state = Config.FIDO2_SERVER.register_begin({ 'id': user.id.bytes, 'name': user.name, 'displayName': user.name, }, credentials, user_verification='discouraged') create_fido2_session(user_id, state) # API Client only like JSON return jsonify({"data": base64.b64encode(cbor.encode(registration_data)).decode('utf8')})
def list_fido2_keys_user(user_id): data = list_fido2_keys(user_id) return jsonify(list(map(lambda o: o.serialize(), data)))
def test_list_fido2_keys(sample_fido2_key): Fido2Key(**{'user': sample_fido2_key.user, 'name': "Name", 'key': "Key"}) keys = list_fido2_keys(sample_fido2_key.user.id) assert len(keys) == 2
def test_list_fido2_keys(sample_fido2_key): Fido2Key(**{"user": sample_fido2_key.user, "name": "Name", "key": "Key"}) keys = list_fido2_keys(sample_fido2_key.user.id) assert len(keys) == 2