def fido2_keys_user_validate(user_id):
keys = list_fido2_keys(user_id)
credentials = list(map(lambda k: pickle.loads(base64.b64decode(k.key)), keys))
data = request.get_json()
cbor_data = cbor.decode(base64.b64decode(data["payload"]))
credential_id = cbor_data['credentialId']
client_data = ClientData(cbor_data['clientDataJSON'])
auth_data = AuthenticatorData(cbor_data['authenticatorData'])
signature = cbor_data['signature']
Config.FIDO2_SERVER.authenticate_complete(
get_fido2_session(user_id),
credentials,
credential_id,
client_data,
auth_data,
signature
)
user_to_verify = get_user_by_id(user_id=user_id)
user_to_verify.current_session_id = str(uuid.uuid4())
user_to_verify.logged_in_at = datetime.utcnow()
user_to_verify.failed_login_count = 0
save_model_user(user_to_verify)
return jsonify({'status': 'OK'})
def create_fido2_keys_user(user_id):
user = get_user_and_accounts(user_id)
data = request.get_json()
cbor_data = cbor.decode(base64.b64decode(data["payload"]))
validate(data, fido2_key_schema)
id = uuid.uuid4()
key = decode_and_register(cbor_data, get_fido2_session(user_id))
save_fido2_key(Fido2Key(id=id, user_id=user_id, name=cbor_data["name"], key=key))
_update_alert(user, changes={'security_key_created': None})
return jsonify({"id": id})
def test_get_fido2_key_returns_and_deletes_an_existing_session(sample_user):
create_fido2_session(sample_user.id, "abcd")
session = get_fido2_session(sample_user.id)
assert Fido2Session.query.count() == 0
assert session == "abcd"
