Пример #1
0
 def add_token_to_user(self, eppn, credential_id, token_type):
     user = self.app.central_userdb.get_user_by_eppn(eppn)
     if token_type == 'u2f':
         mfa_token = U2F.from_dict(
             dict(
                 version='test',
                 keyhandle=credential_id,
                 public_key='test',
                 app_id='test',
                 attest_cert='test',
                 description='test',
                 created_by='test',
             ))
     else:
         mfa_token = Webauthn.from_dict(
             dict(
                 keyhandle=credential_id,
                 credential_data='test',
                 app_id='test',
                 attest_obj='test',
                 description='test',
                 created_by='test',
             ))
     user.credentials.add(mfa_token)
     self.request_user_sync(user)
     return mfa_token
Пример #2
0
 def add_token_to_user(self, eppn):
     user = self.app.central_userdb.get_user_by_eppn(eppn)
     u2f_token = U2F(version='version', keyhandle='keyHandle', app_id='appId',
                     public_key='publicKey', attest_cert='cert', description='description',
                     application='eduid_security', created_ts=True)
     user.credentials.add(u2f_token)
     self.app.central_userdb.save(user)
     return SecurityUser.from_user(user, self.app.private_userdb)
Пример #3
0
 def setUp(self):
     super(MFAActionPluginTests, self).setUp()
     u2f = U2F(version='U2F_V2',
               app_id='https://dev.eduid.se/u2f-app-id.json',
               keyhandle='test_key_handle',
               public_key='test_public_key',
               attest_cert='test_attest_cert',
               description='test_description',
               )
     self.user.credentials.add(u2f)
     self.app.central_userdb.save(self.user, check_sync=False)
Пример #4
0
    def test_action_webauthn_legacy_token(self, mock_complete_authn):
        # mock_complete_authn.return_value = ({'keyHandle': 'test_key_handle'},
        #        'dummy-touch', 'dummy-counter')
        #
        # Add a working U2F credential for this test
        u2f = U2F.from_dict(
            dict(
                version='U2F_V2',
                keyhandle=
                'V1vXqZcwBJD2RMIH2udd2F7R9NoSNlP7ZSPOtKHzS7n_rHFXcXbSpOoX__aUKyTR6jEC8Xv678WjXC5KEkvziA',
                public_key=
                'BHVTWuo3_D7ruRBe2Tw-m2atT2IOm_qQWSDreWShu3t21ne9c-DPSUdym-H-t7FcjV7rj1dSc3WSwaOJpFmkKxQ',
                app_id='https://dev.eduid.se/u2f-app-id.json',
                attest_cert='',
                description='unit test U2F token',
            ))
        self.user.credentials.add(u2f)
        self.app.central_userdb.save(self.user, check_sync=False)

        fido2_state = json.dumps(
            Fido2Server._make_internal_state(
                base64.b64decode(
                    '3h/EAZpY25xDdSJCOMx1ABZEA5Odz3yejUI3AUNTQWc='),
                'preferred'))
        self.app.config.fido2_rp_id = 'idp.dev.eduid.se'

        data1 = {
            'authenticatorData':
            'mZ9k6EPHoJxJZNA+UuvM0JVoutZHmqelg9kXe/DSefgBAAAA/w==',
            'clientDataJSON':
            ('eyJjaGFsbGVuZ2UiOiIzaF9FQVpwWTI1eERkU0pDT014MUFCWkVBNU9k'
             'ejN5ZWpVSTNBVU5UUVdjIiwib3JpZ2luIjoiaHR0cHM6Ly9pZHAuZGV2LmVkdWlkLnNlIiwidH'
             'lwZSI6IndlYmF1dGhuLmdldCJ9'),
            'credentialId':
            ('V1vXqZcwBJD2RMIH2udd2F7R9NoSNlP7ZSPOtKHzS7n/rHFXcXbSpOoX//aUKyTR6jEC8Xv678WjXC5KEkvziA=='
             ),
            'signature':
            ('MEYCIQC5gM8inamJGUFKu3bNo4fT0jmJQuw33OSSXc242NCuiwIhAIWnVw2Spow72j6J92KaY2rLR6qSXEbLam09ZXbSkBnQ'
             ),
        }

        response = self._action(data1=data1, fido2_state=fido2_state)

        self.assertEqual(response.status_code, 200)
        self.assertEqual(
            len(self.app.actions_db.get_actions(self.user.eppn,
                                                'mock-session')), 1)
Пример #5
0
    def test_action_webauthn_legacy_token(self, mock_complete_authn):
        #mock_complete_authn.return_value = ({'keyHandle': 'test_key_handle'},
        #        'dummy-touch', 'dummy-counter')
        #
        # Add a working U2F credential for this test
        u2f = U2F(version='U2F_V2',
                  keyhandle='V1vXqZcwBJD2RMIH2udd2F7R9NoSNlP7ZSPOtKHzS7n_rHFXcXbSpOoX__aUKyTR6jEC8Xv678WjXC5KEkvziA',
                  public_key='BHVTWuo3_D7ruRBe2Tw-m2atT2IOm_qQWSDreWShu3t21ne9c-DPSUdym-H-t7FcjV7rj1dSc3WSwaOJpFmkKxQ',
                  app_id='https://dev.eduid.se/u2f-app-id.json',
                  attest_cert='',
                  description='unit test U2F token'
                  )
        self.user.credentials.add(u2f)
        self.app.central_userdb.save(self.user, check_sync=False)

        with self.session_cookie(self.browser) as client:
            self.prepare(client, Plugin, 'mfa', action_dict=MFA_ACTION)
            with self.app.test_request_context():
                with client.session_transaction() as sess:
                    fido2_state = Fido2Server._make_internal_state(
                        base64.b64decode('3h/EAZpY25xDdSJCOMx1ABZEA5Odz3yejUI3AUNTQWc='), 'preferred')
                    sess['eduid_action.mfa.webauthn.state'] = json.dumps(fido2_state)
                    csrf_token = sess.get_csrf_token()

                data = json.dumps({'csrf_token': csrf_token,
                                   'authenticatorData': 'mZ9k6EPHoJxJZNA+UuvM0JVoutZHmqelg9kXe/DSefgBAAAA/w==',
                                   'clientDataJSON': 'eyJjaGFsbGVuZ2UiOiIzaF9FQVpwWTI1eERkU0pDT014MUFCWkVBNU9k'+\
                                   'ejN5ZWpVSTNBVU5UUVdjIiwib3JpZ2luIjoiaHR0cHM6Ly9pZHAuZGV2LmVkdWlkLnNlIiwidH'+\
                                   'lwZSI6IndlYmF1dGhuLmdldCJ9',
                                   'credentialId': 'V1vXqZcwBJD2RMIH2udd2F7R9NoSNlP7ZSPOtKHzS7n/rHFXcXbSpOoX//'+\
                                                   'aUKyTR6jEC8Xv678WjXC5KEkvziA==',
                                   'signature': 'MEYCIQC5gM8inamJGUFKu3bNo4fT0jmJQuw33OSSXc242NCuiwIhAIWnVw2Sp'+\
                                                'ow72j6J92KaY2rLR6qSXEbLam09ZXbSkBnQ'}
                                  )

                self.app.config['FIDO2_RP_ID'] = 'idp.dev.eduid.se'
                response = client.post('/post-action', data=data, content_type=self.content_type_json)
                self.assertEquals(response.status_code, 200)
                data = json.loads(response.data)
                self.assertEquals(len(self.app.actions_db.get_actions(self.user.eppn, 'mock-session')), 1)
                mock_idp_app = MockIdPApp(self.app.actions_db)
                mock_idp_app.logger = self.app.logger
                add_actions(mock_idp_app, self.user, MockTicket('mock-session'))
                self.assertEquals(len(self.app.actions_db.get_actions(self.user.eppn, 'mock-session')), 0)
Пример #6
0
    def test_add_mfa_action_old_key(self):
        self.actions.remove_action_by_id(self.test_action.action_id)
        u2f = U2F.from_dict(
            dict(
                version='U2F_V2',
                app_id='https://dev.eduid.se/u2f-app-id.json',
                keyhandle='test_key_handle',
                public_key='test_public_key',
                attest_cert='test_attest_cert',
                description='test_description',
            ))
        self.test_user.credentials.add(u2f)
        self.amdb.save(self.user, check_sync=False)
        from eduid_idp.mfa_action import add_actions

        mock_ticket = make_login_ticket(req_class_ref=SWAMID_AL2,
                                        context=self.idp_app.context,
                                        key='mock-session')
        add_actions(self.idp_app.context, self.test_user, mock_ticket)
        self.assertEqual(
            len(self.actions.get_actions(self.test_user.eppn, 'mock-session')),
            1)
Пример #7
0
def bind(user, version, registration_data, client_data, description=''):
    security_user = SecurityUser.from_user(user, current_app.private_userdb)
    enrollment_data = session.pop('_u2f_enroll_', None)
    if not enrollment_data:
        current_app.logger.error('Found no U2F enrollment data in session.')
        return error_response(message=SecurityMsg.missing_data)

    data = {
        'version': version,
        'registrationData': registration_data,
        'clientData': client_data
    }
    device, der_cert = complete_registration(enrollment_data, data,
                                             current_app.config.u2f_facets)

    cert = x509.load_der_x509_certificate(der_cert, default_backend())
    pem_cert = crypto.dump_certificate(crypto.FILETYPE_PEM, cert)
    if not isinstance(pem_cert, six.string_types):
        pem_cert = pem_cert.decode('utf-8')

    u2f_token = U2F.from_dict(
        dict(
            version=device['version'],
            keyhandle=device['keyHandle'],
            app_id=device['appId'],
            public_key=device['publicKey'],
            attest_cert=pem_cert,
            description=description,
            created_by='eduid_security',
            created_ts=True,
        ))
    security_user.credentials.add(u2f_token)
    save_and_sync_user(security_user)
    current_app.stats.count(name='u2f_token_bind')
    credentials = compile_credential_list(security_user)
    return success_response(payload=dict(credentials=credentials),
                            message=SecurityMsg.u2f_registered)