def post(self, request, *args, **kwargs):
try:
binding, cert = u2f.complete_register(self.request.session.pop('_u2f_enroll'),
request.POST.get('token'),
[self.app_id])
self.device.json_data = binding.json
self.device.confirmed = True
self.device.save()
self.request.user.log_action('pretix.user.settings.2fa.device.added', user=self.request.user, data={
'id': self.device.pk,
'devicetype': 'u2f',
'name': self.device.name,
})
self.request.user.send_security_notice([
_('A new two-factor authentication device has been added to your account.')
])
messages.success(request, _('The device has been verified and can now be used.'))
return redirect(reverse('control:user.settings.2fa'))
except Exception:
messages.error(request, _('The registration could not be completed. Please try again.'))
logger.exception('U2F registration failed')
return redirect(reverse('control:user.settings.2fa.confirm.u2f', kwargs={
'device': self.device.pk
}))
def try_enroll(self, enrollment_data, response_data, device_name=None):
binding, cert = u2f.complete_register(enrollment_data, response_data,
self.u2f_facets)
devices = self.config.setdefault('devices', [])
devices.append({
'name': device_name or 'Security Key',
'ts': int(time.time()),
'binding': dict(binding),
})
def try_enroll(self, enrollment_data, response_data, device_name=None):
binding, cert = u2f.complete_register(enrollment_data, response_data,
self.u2f_facets)
devices = self.config.setdefault('devices', [])
devices.append({
'name': device_name or 'Security Key',
'ts': int(time.time()),
'binding': dict(binding),
})
def try_enroll(self, response_data):
# XXX: handle error
enrollment_data = self.config.get('enrollment')
if enrollment_data is None:
raise RuntimeError('This authenticator is not in a state that '
'permits user enrollment.')
binding, cert = u2f.complete_register(enrollment_data, response_data,
self.u2f_facets)
self.config['device'] = dict(binding)
def bind(self, username, data):
user = self.users[username]
binding, cert = complete_register(user.pop('_u2f_enroll_'), data,
[self.facet])
devices = map(DeviceRegistration.wrap, user.get('_u2f_devices_', []))
devices.append(binding)
user['_u2f_devices_'] = [d.json for d in devices]
log.info("U2F device enrolled. Username: %s", username)
log.debug("Attestation certificate:\n%s", cert.as_text())
return json.dumps(True)
def bind(self, username, data):
user = self.users[username]
binding, cert = complete_register(user.pop('_u2f_enroll_'), data,
[self.facet])
devices = map(DeviceRegistration.wrap, user.get('_u2f_devices_', []))
devices.append(binding)
user['_u2f_devices_'] = [d.json for d in devices]
log.info("U2F device enrolled. Username: %s", username)
log.debug("Attestation certificate:\n%s", cert.as_text())
return json.dumps(True)
def post(self, request, *args, **kwargs):
try:
binding, cert = u2f.complete_register(
self.request.session.pop('_u2f_enroll'),
request.POST.get('token'), [self.app_id])
self.device.json_data = binding.json
self.device.confirmed = True
self.device.save()
self.request.user.log_action(
'pretix.user.settings.2fa.device.added',
user=self.request.user,
data={
'id': self.device.pk,
'devicetype': 'u2f',
'name': self.device.name,
})
notices = [
_('A new two-factor authentication device has been added to your account.'
)
]
activate = request.POST.get('activate', '')
if activate == 'on' and not self.request.user.require_2fa:
self.request.user.require_2fa = True
self.request.user.save()
self.request.user.log_action(
'pretix.user.settings.2fa.enabled', user=self.request.user)
notices.append(
_('Two-factor authentication has been enabled.'))
self.request.user.send_security_notice(notices)
note = ''
if not self.request.user.require_2fa:
note = ' ' + str(
_('Please note that you still need to enable two-factor authentication for your '
'account using the buttons below to make a second factor required for logging '
'into your account.'))
messages.success(
request,
str(_('The device has been verified and can now be used.')) +
note)
return redirect(reverse('control:user.settings.2fa'))
except Exception:
messages.error(
request,
_('The registration could not be completed. Please try again.')
)
logger.exception('U2F registration failed')
return redirect(
reverse('control:user.settings.2fa.confirm.u2f',
kwargs={'device': self.device.pk}))
def bind(self, username, data):
user = self.users[username]
binding, cert = complete_register(user.pop('_u2f_enroll_'), data,
self.facets)
devices = [DeviceRegistration.wrap(device)
for device in user.get('_u2f_devices_', [])]
devices.append(binding)
user['_u2f_devices_'] = [d.json for d in devices]
log.info("U2F device enrolled. Username: %s", username)
log.debug("Attestation certificate:\n%s", cert.public_bytes(Encoding.PEM))
return json.dumps(True)
def completeU2FRegistration(self, user_name, object_dn, data):
# Do we have write permissions for the requested attribute
self.__check_acl(user_name, object_dn, "w")
user = ObjectProxy(object_dn)
user_settings = self.__settings[user.uuid]
data = loads(data)
binding, cert = complete_register(user_settings.pop('_u2f_enroll_'), data,
[self.facet])
devices = [DeviceRegistration.wrap(device)
for device in user_settings.get('_u2f_devices_', [])]
devices.append(binding)
user_settings['_u2f_devices_'] = [d.json for d in devices]
self.__save_settings()
self.__log.info("U2F device enrolled. Username: %s", user_name)
self.__log.debug("Attestation certificate:\n%s", cert.public_bytes(Encoding.PEM))
return True
def post(self, request, *args, **kwargs):
try:
binding, cert = u2f.complete_register(self.request.session.pop('_u2f_enroll'),
request.POST.get('token'),
[self.app_id])
self.device.json_data = binding.json
self.device.confirmed = True
self.device.save()
self.request.user.log_action('pretix.user.settings.2fa.device.added', user=self.request.user, data={
'id': self.device.pk,
'devicetype': 'u2f',
'name': self.device.name,
})
notices = [
_('A new two-factor authentication device has been added to your account.')
]
activate = request.POST.get('activate', '')
if activate == 'on' and not self.request.user.require_2fa:
self.request.user.require_2fa = True
self.request.user.save()
self.request.user.log_action('pretix.user.settings.2fa.enabled', user=self.request.user)
notices.append(
_('Two-factor authentication has been enabled.')
)
self.request.user.send_security_notice(notices)
note = ''
if not self.request.user.require_2fa:
note = ' ' + str(_('Please note that you still need to enable two-factor authentication for your '
'account using the buttons below to make a second factor required for logging '
'into your account.'))
messages.success(request, str(_('The device has been verified and can now be used.')) + note)
return redirect(reverse('control:user.settings.2fa'))
except Exception:
messages.error(request, _('The registration could not be completed. Please try again.'))
logger.exception('U2F registration failed')
return redirect(reverse('control:user.settings.2fa.confirm.u2f', kwargs={
'device': self.device.pk
}))
def userBind(id):
try:
user = User().getObjectsByKey("_id", id)[0]
except Exception as e:
return abort(404)
data = request.data.get("data", None)
enroll = user.u2f_enroll
binding, cert = complete_register(enroll, data, [])
try:
devices = map(DeviceRegistration.wrap, user.u2f_devices)
except:
devices = []
devices.append(binding)
user.u2f_devices = [d.json for d in devices]
print "U2F device enrolled. Username: %s" % user.username
print "Attestation certificate:\n%s" % cert.as_text()
return json.dumps(True)
def completeU2FRegistration(self, user_name, object_dn, data):
# Do we have write permissions for the requested attribute
self.__check_acl(user_name, object_dn, "w")
user = ObjectProxy(object_dn)
user_settings = self.__settings[user.uuid]
data = loads(data)
binding, cert = complete_register(user_settings.pop('_u2f_enroll_'),
data, [self.facet])
devices = [
DeviceRegistration.wrap(device)
for device in user_settings.get('_u2f_devices_', [])
]
devices.append(binding)
user_settings['_u2f_devices_'] = [d.json for d in devices]
self.__save_settings()
self.__log.info("U2F device enrolled. Username: %s", user_name)
self.__log.debug("Attestation certificate:\n%s",
cert.public_bytes(Encoding.PEM))
return True
def register_token(devices=[]):
token = SoftU2FDevice()
request_data = u2f.start_register(APP_ID, devices)
response = token.register(request_data.registerRequests[0].json, FACET)
device, cert = u2f.complete_register(request_data, response)
return device, token
def register_token(devices=[]):
token = SoftU2FDevice()
request_data = u2f.start_register(APP_ID, devices)
response = token.register(request_data.registerRequests[0].json, FACET)
device, cert = u2f.complete_register(request_data, response)
return device, token
def try_enroll(self, enrollment_data, response_data, device_name=None):
binding, cert = u2f.complete_register(enrollment_data, response_data, self.u2f_facets)
devices = self.config.setdefault("devices", [])
devices.append({"name": device_name or "Security Key", "ts": int(time.time()), "binding": dict(binding)})
