def test_verify_assertion_invalid(self):
user_service = pretend.stub(
verify_webauthn_credential=pretend.raiser(
webauthn.RegistrationRejectedException("Fake exception")
),
get_webauthn_by_label=pretend.call_recorder(lambda *a: None),
)
form = forms.ProvisionWebAuthnForm(
data={"credential": "{}", "label": "fake label"},
user_service=user_service,
user_id=pretend.stub(),
challenge=pretend.stub(),
rp_id=pretend.stub(),
origin=pretend.stub(),
)
assert not form.validate()
assert form.credential.errors.pop() == "Fake exception"
def verify_webauthn_credential(self, credential, *, challenge, rp_id,
origin):
"""
Checks whether the given credential is valid, i.e. suitable for generating
assertions during authentication.
Returns the validated credential on success, raises
webauthn.RegistrationRejectedException on failure.
"""
validated_credential = webauthn.verify_registration_response(
credential, challenge=challenge, rp_id=rp_id, origin=origin)
webauthn_cred = (self.db.query(WebAuthn).filter_by(
credential_id=validated_credential.credential_id.decode()).first())
if webauthn_cred is not None:
raise webauthn.RegistrationRejectedException(
"Credential ID already in use")
return validated_credential