def verify_credential_info():
challenge = session['challenge']
username = session['register_username']
display_name = session['register_display_name']
ukey = session['register_ukey']
registration_response = request.form
trust_anchor_dir = os.path.join(os.path.dirname(os.path.abspath(__file__)),
TRUST_ANCHOR_DIR)
trusted_attestation_cert_required = True
self_attestation_permitted = False
none_attestation_permitted = True
webauthn_registration_response = webauthn.WebAuthnRegistrationResponse(
RP_ID,
ORIGIN,
registration_response,
challenge,
trust_anchor_dir,
trusted_attestation_cert_required,
self_attestation_permitted,
none_attestation_permitted,
uv_required=False) # User Verification
try:
webauthn_credential = webauthn_registration_response.verify()
except Exception as e:
return jsonify({'fail': 'Registration failed. Error: {}'.format(e)})
# Step 17.
#
# Check that the credentialId is not yet registered to any other user.
# If registration is requested for a credential that is already registered
# to a different user, the Relying Party SHOULD fail this registration
# ceremony, or it MAY decide to accept the registration, e.g. while deleting
# the older registration.
credential_id_exists = User.query.filter_by(
credential_id=webauthn_credential.credential_id).first()
if credential_id_exists:
return make_response(
jsonify({'fail': 'Credential ID already exists.'}), 401)
existing_user = User.query.filter_by(username=username).first()
if not existing_user:
user = User(ukey=ukey,
username=username,
display_name=display_name,
pub_key=webauthn_credential.public_key,
credential_id=webauthn_credential.credential_id,
sign_count=webauthn_credential.sign_count,
rp_id=RP_ID,
icon_url='https://example.com')
db.session.add(user)
db.session.commit()
else:
return make_response(jsonify({'fail': 'User already exists.'}), 401)
flash('Successfully registered as {}.'.format(username))
return jsonify({'success': 'User successfully registered.'})
def verify_credential_info():
challenge = session['challenge']
username = session['register_username']
display_name = session['register_display_name']
ukey = session['register_ukey']
registration_response = request.form
trust_anchor_dir = os.path.join(
os.path.dirname(os.path.abspath(__file__)), TRUST_ANCHOR_DIR)
trusted_attestation_cert_required = True
self_attestation_permitted = True
none_attestation_permitted = True
webauthn_registration_response = webauthn.WebAuthnRegistrationResponse(
RP_ID,
ORIGIN,
registration_response,
challenge,
trust_anchor_dir,
trusted_attestation_cert_required,
self_attestation_permitted,
none_attestation_permitted,
uv_required=False) # User Verification
try:
webauthn_credential = webauthn_registration_response.verify()
except Exception as e:
return jsonify({'fail': 'Registration failed. Error: {}'.format(e)})
# Step 17.
#
# Check that the credentialId is not yet registered to any other user.
# If registration is requested for a credential that is already registered
# to a different user, the Relying Party SHOULD fail this registration
# ceremony, or it MAY decide to accept the registration, e.g. while deleting
# the older registration.
credential_id_exists = mitglieder.query.filter_by(
credential_id=webauthn_credential.credential_id).first()
if credential_id_exists:
return make_response(
jsonify({
'fail': 'Credential ID already exists.'
}), 401)
if sys.version_info >= (3, 0):
webauthn_credential.credential_id = str(
webauthn_credential.credential_id, "utf-8")
webauthn_credential.public_key = str(
webauthn_credential.public_key, "utf-8")
current_user.ukey = ukey
current_user.pub_key=webauthn_credential.public_key
current_user.credential_id=webauthn_credential.credential_id
db.session.commit()
flash('Erfolgreich registriert als {}.'.format(username))
return jsonify({'success': 'User successfully registered.'})
def verify_credential_info():
challenge = session['challenge']
username = session['register_username']
display_name = session['register_display_name']
ukey = session['register_ukey']
registration_response = request.form
trust_anchor_dir = os.path.join(os.path.dirname(os.path.abspath(__file__)), TRUST_ANCHOR_DIR)
trusted_attestation_cert_required = True
self_attestation_permitted = False
none_attestation_permitted = True
webauthn_registration_response = webauthn.WebAuthnRegistrationResponse(
RP_ID,
ORIGIN,
registration_response,
challenge,
trust_anchor_dir,
trusted_attestation_cert_required,
self_attestation_permitted,
none_attestation_permitted)
try:
webauthn_credential = webauthn_registration_response.verify()
except Exception as e:
return jsonify({'fail': 'Registration failed. Error: {}'.format(e)})
existing_user = User.query.filter_by(
username=username).first()
if not existing_user:
user = User(
ukey=ukey,
username=username,
display_name=display_name,
pub_key=webauthn_credential.public_key,
credential_id=webauthn_credential.credential_id,
sign_count=webauthn_credential.sign_count,
rp_id=RP_ID,
icon_url='https://example.com')
db.session.add(user)
db.session.commit()
else:
return make_response(jsonify({'fail': 'User already exists.'}), 401)
flash('Successfully registered as {}.'.format(username))
return jsonify({'success': 'User successfully registered.'})
def verify_credential_info():
'''
This url is called to verify and register the token
'''
challenge = session['challenge']
username = session['register_username']
display_name = session['register_display_name']
ukey = session['register_ukey']
user_exists = database.user_exists(username)
if not user_exists or not current_user.is_authenticated or not username == current_user.id:
return make_response(jsonify({'fail': 'User not logged in.'}), 401)
registration_response = request.form
trust_anchor_dir = os.path.join(os.path.dirname(os.path.abspath(__file__)),
TRUST_ANCHOR_DIR)
trusted_attestation_cert_required = True
self_attestation_permitted = True
none_attestation_permitted = True
webauthn_registration_response = webauthn.WebAuthnRegistrationResponse(
RP_ID,
ORIGIN,
registration_response,
challenge,
trust_anchor_dir,
trusted_attestation_cert_required,
self_attestation_permitted,
none_attestation_permitted,
uv_required=False) # User Verification
try:
webauthn_credential = webauthn_registration_response.verify()
except Exception as e:
return jsonify({'fail': 'Registration failed. Error: {}'.format(e)})
credential_id_exists = database.credential_exists(
webauthn_credential.credential_id)
if credential_id_exists:
return make_response(
jsonify({'fail': 'Credential ID already exists.'}), 401)
existing_user = database.user_exists(username)
credential = Credential()
if not existing_user or True:
if sys.version_info >= (3, 0):
webauthn_credential.credential_id = str(
webauthn_credential.credential_id, "utf-8")
webauthn_credential.public_key = str(
webauthn_credential.public_key, "utf-8")
credential.id = randint(1, 100000)
credential.ukey = ukey
credential.username = username
credential.display_name = display_name
credential.pub_key = webauthn_credential.public_key
credential.credential_id = webauthn_credential.credential_id
credential.sign_count = webauthn_credential.sign_count
credential.rp_id = RP_ID
credential.icon_url = 'https://example.com'
database.save_credential(credential)
database.turn_on(credential.username)
else:
return make_response(jsonify({'fail': 'User already exists.'}), 401)
satosa_request = Request()
satosa_request.userId = credential.username
database.make_success(satosa_request)
user = database.get_user(credential.username)
login_user(user)
return jsonify({'success': 'User successfully registered.'})
def attestation_verify_response():
logger = webauthn.WebAuthnLogger()
app.logger.debug(
'----- [Registration] Authenticator Response (Native) from Authenticator/Client -----'
)
app.logger.debug(str(request.form.to_dict()))
app.logger.debug('----- End -----')
challenge = session['challenge']
username = session['register_username']
display_name = session['register_display_name']
ukey = session['register_ukey']
att_option = session['att_option']
registration_response = request.form
stringlyResponse = request.form['stringlyResponse']
trust_anchor_dir = os.path.join(os.path.dirname(os.path.abspath(__file__)),
TRUST_ANCHOR_DIR)
trusted_attestation_cert_required = True
self_attestation_permitted = True
none_attestation_permitted = True
webauthn_registration_response = webauthn.WebAuthnRegistrationResponse(
RP_ID,
ORIGIN,
registration_response,
challenge,
trust_anchor_dir,
trusted_attestation_cert_required,
self_attestation_permitted,
none_attestation_permitted,
uv_required=False) # User Verification
logger.add('----- [Registration] Server Received Data -----')
try:
logger.add(
'----- [Registration] Authenticator Response (Decoded) from Authenticator/Client -----'
)
webauthn_tools = webauthn.WebAuthnTools()
decoded_attestation_response = webauthn_tools.view_attestation(
registration_response)
logger.add(json.dumps(decoded_attestation_response, indent=4))
logger.add('----- End -----')
except Exception as e:
app.logger.debug('Attestation view failed. Error: {}'.format(e))
logger.add('Attestation view failed. Error: {}'.format(e))
return make_response(
jsonify({
'fail': 'Attestation view failed. Error: {}'.format(e),
'debug_log': logger.get()
}), 500)
try:
logger.add('----- [Registration] [Verify] Start -----')
webauthn_credential = webauthn_registration_response.verify()
logger.add(webauthn_registration_response.getLog())
logger.add('----- [Registration] [Verify] End -----')
except Exception as e:
app.logger.debug('Registration failed. Error: {}'.format(e))
logger.add('Registration failed. Error: {}'.format(e))
return jsonify({
'fail': 'Registration failed. Error: {}'.format(e),
'debug_log': logger.get()
})
# Step 17.
#
# Check that the credentialId is not yet registered to any other user.
# If registration is requested for a credential that is already registered
# to a different user, the Relying Party SHOULD fail this registration
# ceremony, or it MAY decide to accept the registration, e.g. while deleting
# the older registration.
credential_id_exists = Users.query.filter_by(
credential_id=webauthn_credential.credential_id).first()
if credential_id_exists:
app.logger.debug('Credential ID already exists.')
logger.add('Credential ID already exists.')
return make_response(
jsonify({
'fail': 'Credential ID already exists.',
'debug_log': logger.get()
}), 409)
user = Users(ukey=ukey,
username=username,
display_name=display_name,
pub_key=webauthn_credential.public_key,
credential_id=webauthn_credential.credential_id,
sign_count=webauthn_credential.sign_count,
att_option=att_option,
response=stringlyResponse,
response_dec=json.dumps(decoded_attestation_response,
indent=4),
rp_id=RP_ID,
icon_url='https://example.com')
db.session.add(user)
db.session.commit()
logger.add('----- [Registration] Server Successfully Return. -----')
return make_response(
jsonify({
'success':
'User ({}) successfully registered.'.format(username),
'debug_log':
logger.get()
}), 200)