def webauthn_begin_activate():
print("[ENTER] begin registration")
import pdb
pdb.set_trace()
# MakeCredentialOptions
username = request.form.get('register_username')
display_name = request.form.get('register_display_name')
if not util.validate_username(username):
return make_response(jsonify({'fail': 'Invalid username.'}), 401)
if not util.validate_display_name(display_name):
return make_response(jsonify({'fail': 'Invalid display name.'}), 401)
if User.query.filter_by(username=username).first():
return make_response(jsonify({'fail': 'User already exists.'}), 401)
#clear session variables prior to starting a new registration
session.pop('register_ukey', None)
session.pop('register_username', None)
session.pop('register_display_name', None)
session.pop('challenge', None)
session['register_username'] = username
session['register_display_name'] = display_name
challenge = util.generate_challenge(32)
print("[INFO] registration challenge ", challenge)
ukey = util.generate_ukey()
# We strip the saved challenge of padding, so that we can do a byte
# comparison on the URL-safe-without-padding challenge we get back
# from the browser.
# We will still pass the padded version down to the browser so that the JS
# can decode the challenge into binary without too much trouble.
session['challenge'] = challenge.rstrip('=')
print("[INFO] challenge.rstrip('=') ", session['challenge'])
session['register_ukey'] = ukey
make_credential_options = webauthn.WebAuthnMakeCredentialOptions(
challenge, RP_NAME, RP_ID, ukey, username, display_name,
'https://example.com')
js = make_credential_options.registration_dict
pprint.pprint(js)
print("[EXIT] begin registration\n")
return jsonify(js)
def webauthn_begin_register():
# MakeCredentialOptions
username = request.form.get('register_username')
display_name = request.form.get('register_display_name')
password = request.form.get('register_password')
if not util.validate_username(username):
return make_response(jsonify({'fail': 'Invalid username.'}), 401)
if not util.validate_display_name(display_name):
return make_response(jsonify({'fail': 'Invalid display name.'}), 401)
if auth.isRegistered(username):
return make_response(jsonify({'fail': 'User already exists.'}), 401)
#clear session variables prior to starting a new registration
session.pop('register_ukey', None)
session.pop('register_username', None)
session.pop('register_display_name', None)
session.pop('register_password', None)
session.pop('challenge', None)
session['register_username'] = username
session['register_display_name'] = display_name
# TODO: I am not sure if this is safe to do?!?!?
session['register_password'] = password
challenge = util.generate_challenge(32)
ukey = util.generate_ukey()
# We strip the saved challenge of padding, so that we can do a byte
# comparison on the URL-safe-without-padding challenge we get back
# from the browser.
# We will still pass the padded version down to the browser so that the JS
# can decode the challenge into binary without too much trouble.
session['challenge'] = challenge.rstrip('=')
session['register_ukey'] = ukey
make_credential_options = webauthn.WebAuthnMakeCredentialOptions(
challenge, RP_NAME, RP_ID, ukey, username, display_name,
ORIGIN, attestation='none')
return jsonify(make_credential_options.registration_dict)
def webauthn_begin_activate():
# MakeCredentialOptions
username = request.form.get('username')
display_name = request.form.get('displayName')
if not util.validate_username(username):
return make_response(jsonify({'fail': 'Invalid username.'}), 401)
if not util.validate_display_name(display_name):
return make_response(jsonify({'fail': 'Invalid display name.'}), 401)
if User.query.filter_by(username=username).first():
return make_response(jsonify({'fail': 'User already exists.'}), 401)
if 'register_ukey' in session:
del session['register_ukey']
if 'register_username' in session:
del session['register_username']
if 'register_display_name' in session:
del session['register_display_name']
if 'challenge' in session:
del session['challenge']
session['register_username'] = username
session['register_display_name'] = display_name
rp_name = 'localhost'
challenge = util.generate_challenge(32)
ukey = util.generate_ukey()
session['challenge'] = challenge
session['register_ukey'] = ukey
make_credential_options = webauthn.WebAuthnMakeCredentialOptions(
challenge,
rp_name,
RP_ID,
ukey,
username,
display_name,
'https://example.com')
return jsonify(make_credential_options.registration_dict)
