def webauthn_begin_login():
username = request.form.get('login_username')
password = request.form.get('login_password')
if not util.validate_username(username):
return make_response(jsonify({'fail': 'Invalid username.'}), 401)
_, person = auth.getPerson(username)
if not person:
return make_response(jsonify({'fail': 'User does not exist.'}), 401)
if not person.credential_id:
return make_response(jsonify({'fail': 'Unknown credential ID.'}), 401)
session.pop('challenge', None)
session.pop('login_password', None)
challenge = util.generate_challenge(32)
# We strip the padding from the challenge stored in the session
# for the reasons outlined in the comment in webauthn_begin_activate.
session['challenge'] = challenge.rstrip('=')
session['login_password'] = password
webauthn_user = webauthn.WebAuthnUser(
person.ukey, person.username, person.display_name, person.icon_url,
person.credential_id, person.pub_key, person.sign_count, person.rp_id)
webauthn_assertion_options = webauthn.WebAuthnAssertionOptions(
webauthn_user, challenge)
return jsonify(webauthn_assertion_options.assertion_dict)
def transfer(sender, recipient, zoobars):
persondb, senderp = auth.getPerson(sender)
_, recipientp = auth.getPerson(sender, db=persondb)
senderp.zoobars -= zoobars
recipientp.zoobars += zoobars
# Make sure no balances went negative
if senderp.zoobars < 0 or recipientp.zoobars < 0:
raise ValueError()
persondb.commit()
transfer = Transfer()
transfer.sender = sender
transfer.recipient = recipient
transfer.amount = zoobars
transfer.time = time.asctime()
transferdb = transfer_setup()
transferdb.add(transfer)
transferdb.commit()
def users():
args = {}
args['req_user'] = Markup(request.args.get('user', ''))
if 'user' in request.values:
_, user = auth.getPerson(request.values['user'])
if user:
p = user.profile
p_markup = Markup("<b>%s</b>" % p)
args['profile'] = p_markup
args['user'] = user
args['user_zoobars'] = bank.balance(user.username)
args['transfers'] = bank.get_log(user.username)
else:
args['warning'] = "Cannot find that user."
return render_template('users.html', **args)
def balance(username):
db, person = auth.getPerson(username)
return person.zoobars
def setPerson(self, username, token):
db, person = auth.getPerson(username)
self.person = person
self.token = token
self.zoobars = bank.balance(username)