def _parse_credential(self, data):
credential = Credential()
for row in data:
credential.id = row["id"]
credential.ukey = row["ukey"]
credential.credential_id = row["credential_id"]
credential.display_name = row["display_name"]
credential.pub_key = row["pub_key"]
credential.sign_count = row["sign_count"]
credential.username = row["username"]
credential.rp_id = row["rp_id"]
credential.icon_url = row["icon_url"]
return credential
def verify_credential_info():
'''
This url is called to verify and register the token
'''
challenge = session['challenge']
username = session['register_username']
display_name = session['register_display_name']
ukey = session['register_ukey']
user_exists = database.user_exists(username)
if not user_exists or not current_user.is_authenticated or not username == current_user.id:
return make_response(jsonify({'fail': 'User not logged in.'}), 401)
registration_response = request.form
trust_anchor_dir = os.path.join(os.path.dirname(os.path.abspath(__file__)),
TRUST_ANCHOR_DIR)
trusted_attestation_cert_required = True
self_attestation_permitted = True
none_attestation_permitted = True
webauthn_registration_response = webauthn.WebAuthnRegistrationResponse(
RP_ID,
ORIGIN,
registration_response,
challenge,
trust_anchor_dir,
trusted_attestation_cert_required,
self_attestation_permitted,
none_attestation_permitted,
uv_required=False) # User Verification
try:
webauthn_credential = webauthn_registration_response.verify()
except Exception as e:
return jsonify({'fail': 'Registration failed. Error: {}'.format(e)})
credential_id_exists = database.credential_exists(
webauthn_credential.credential_id)
if credential_id_exists:
return make_response(
jsonify({'fail': 'Credential ID already exists.'}), 401)
existing_user = database.user_exists(username)
credential = Credential()
if not existing_user or True:
if sys.version_info >= (3, 0):
webauthn_credential.credential_id = str(
webauthn_credential.credential_id, "utf-8")
webauthn_credential.public_key = str(
webauthn_credential.public_key, "utf-8")
credential.id = randint(1, 100000)
credential.ukey = ukey
credential.username = username
credential.display_name = display_name
credential.pub_key = webauthn_credential.public_key
credential.credential_id = webauthn_credential.credential_id
credential.sign_count = webauthn_credential.sign_count
credential.rp_id = RP_ID
credential.icon_url = 'https://example.com'
database.save_credential(credential)
database.turn_on(credential.username)
else:
return make_response(jsonify({'fail': 'User already exists.'}), 401)
satosa_request = Request()
satosa_request.userId = credential.username
database.make_success(satosa_request)
user = database.get_user(credential.username)
login_user(user)
return jsonify({'success': 'User successfully registered.'})