Exemplo n.º 1
0
def webauthn_authentication_validate(request):
    if request.authenticated_userid is not None:
        return {"fail": {"errors": ["Already authenticated"]}}

    try:
        two_factor_data = _get_two_factor_data(request)
    except TokenException:
        request.session.flash(
            request._("Invalid or expired two factor login."), queue="error")
        return {
            "fail": {
                "errors": [request._("Invalid or expired two factor login.")]
            }
        }

    redirect_to = two_factor_data.get("redirect_to")
    userid = two_factor_data.get("userid")

    user_service = request.find_service(IUserService, context=None)
    form = WebAuthnAuthenticationForm(
        **request.POST,
        request=request,
        user_id=userid,
        user_service=user_service,
        challenge=request.session.get_webauthn_challenge(),
        origin=request.host_url,
        rp_id=request.domain,
    )

    request.session.clear_webauthn_challenge()

    if form.validate():
        webauthn = user_service.get_webauthn_by_credential_id(
            userid,
            bytes_to_base64url(form.validated_credential.credential_id))
        webauthn.sign_count = form.validated_credential.new_sign_count

        _login_user(
            request,
            userid,
            two_factor_method="webauthn",
            two_factor_label=webauthn.label,
        )

        request.response.set_cookie(
            USER_ID_INSECURE_COOKIE,
            hashlib.blake2b(str(userid).encode("ascii"),
                            person=b"warehouse.userid").hexdigest().lower(),
        )

        if not request.user.has_recovery_codes:
            send_recovery_code_reminder_email(request, request.user)

        return {
            "success": request._("Successful WebAuthn assertion"),
            "redirect_to": redirect_to,
        }

    errors = [str(error) for error in form.credential.errors]
    return {"fail": {"errors": errors}}
Exemplo n.º 2
0
def webauthn_authentication_validate(request):
    if request.authenticated_userid is not None:
        return {"fail": {"errors": ["Already authenticated"]}}

    try:
        two_factor_data = _get_two_factor_data(request)
    except TokenException:
        request.session.flash("Invalid or expired two factor login.",
                              queue="error")
        return {"fail": {"errors": ["Invalid two factor token"]}}

    redirect_to = two_factor_data.get("redirect_to")
    userid = two_factor_data.get("userid")

    user_service = request.find_service(IUserService, context=None)
    form = WebAuthnAuthenticationForm(
        **request.POST,
        user_id=userid,
        user_service=user_service,
        challenge=request.session.get_webauthn_challenge(),
        origin=request.host_url,
        icon_url=request.registry.settings.get("warehouse.domain",
                                               request.domain),
        rp_id=request.domain,
    )

    request.session.clear_webauthn_challenge()

    if form.validate():
        credential_id, sign_count = form.validated_credential
        webauthn = user_service.get_webauthn_by_credential_id(
            userid, credential_id)
        webauthn.sign_count = sign_count

        _login_user(request, userid)

        request.response.set_cookie(
            USER_ID_INSECURE_COOKIE,
            hashlib.blake2b(str(userid).encode("ascii"),
                            person=b"warehouse.userid").hexdigest().lower(),
        )
        return {
            "success": "Successful WebAuthn assertion",
            "redirect_to": redirect_to
        }

    errors = [str(error) for error in form.credential.errors]
    return {"fail": {"errors": errors}}