def verify_credential_info(): challenge = session['challenge'] username = session['register_username'] display_name = session['register_display_name'] ukey = session['register_ukey'] registration_response = request.form trust_anchor_dir = os.path.join(os.path.dirname(os.path.abspath(__file__)), TRUST_ANCHOR_DIR) trusted_attestation_cert_required = True self_attestation_permitted = False none_attestation_permitted = True webauthn_registration_response = webauthn.WebAuthnRegistrationResponse( RP_ID, ORIGIN, registration_response, challenge, trust_anchor_dir, trusted_attestation_cert_required, self_attestation_permitted, none_attestation_permitted, uv_required=False) # User Verification try: webauthn_credential = webauthn_registration_response.verify() except Exception as e: return jsonify({'fail': 'Registration failed. Error: {}'.format(e)}) # Step 17. # # Check that the credentialId is not yet registered to any other user. # If registration is requested for a credential that is already registered # to a different user, the Relying Party SHOULD fail this registration # ceremony, or it MAY decide to accept the registration, e.g. while deleting # the older registration. credential_id_exists = User.query.filter_by( credential_id=webauthn_credential.credential_id).first() if credential_id_exists: return make_response( jsonify({'fail': 'Credential ID already exists.'}), 401) existing_user = User.query.filter_by(username=username).first() if not existing_user: user = User(ukey=ukey, username=username, display_name=display_name, pub_key=webauthn_credential.public_key, credential_id=webauthn_credential.credential_id, sign_count=webauthn_credential.sign_count, rp_id=RP_ID, icon_url='https://example.com') db.session.add(user) db.session.commit() else: return make_response(jsonify({'fail': 'User already exists.'}), 401) flash('Successfully registered as {}.'.format(username)) return jsonify({'success': 'User successfully registered.'})
def verify_credential_info(): challenge = session['challenge'] username = session['register_username'] display_name = session['register_display_name'] ukey = session['register_ukey'] registration_response = request.form trust_anchor_dir = os.path.join( os.path.dirname(os.path.abspath(__file__)), TRUST_ANCHOR_DIR) trusted_attestation_cert_required = True self_attestation_permitted = True none_attestation_permitted = True webauthn_registration_response = webauthn.WebAuthnRegistrationResponse( RP_ID, ORIGIN, registration_response, challenge, trust_anchor_dir, trusted_attestation_cert_required, self_attestation_permitted, none_attestation_permitted, uv_required=False) # User Verification try: webauthn_credential = webauthn_registration_response.verify() except Exception as e: return jsonify({'fail': 'Registration failed. Error: {}'.format(e)}) # Step 17. # # Check that the credentialId is not yet registered to any other user. # If registration is requested for a credential that is already registered # to a different user, the Relying Party SHOULD fail this registration # ceremony, or it MAY decide to accept the registration, e.g. while deleting # the older registration. credential_id_exists = mitglieder.query.filter_by( credential_id=webauthn_credential.credential_id).first() if credential_id_exists: return make_response( jsonify({ 'fail': 'Credential ID already exists.' }), 401) if sys.version_info >= (3, 0): webauthn_credential.credential_id = str( webauthn_credential.credential_id, "utf-8") webauthn_credential.public_key = str( webauthn_credential.public_key, "utf-8") current_user.ukey = ukey current_user.pub_key=webauthn_credential.public_key current_user.credential_id=webauthn_credential.credential_id db.session.commit() flash('Erfolgreich registriert als {}.'.format(username)) return jsonify({'success': 'User successfully registered.'})
def verify_credential_info(): challenge = session['challenge'] username = session['register_username'] display_name = session['register_display_name'] ukey = session['register_ukey'] registration_response = request.form trust_anchor_dir = os.path.join(os.path.dirname(os.path.abspath(__file__)), TRUST_ANCHOR_DIR) trusted_attestation_cert_required = True self_attestation_permitted = False none_attestation_permitted = True webauthn_registration_response = webauthn.WebAuthnRegistrationResponse( RP_ID, ORIGIN, registration_response, challenge, trust_anchor_dir, trusted_attestation_cert_required, self_attestation_permitted, none_attestation_permitted) try: webauthn_credential = webauthn_registration_response.verify() except Exception as e: return jsonify({'fail': 'Registration failed. Error: {}'.format(e)}) existing_user = User.query.filter_by( username=username).first() if not existing_user: user = User( ukey=ukey, username=username, display_name=display_name, pub_key=webauthn_credential.public_key, credential_id=webauthn_credential.credential_id, sign_count=webauthn_credential.sign_count, rp_id=RP_ID, icon_url='https://example.com') db.session.add(user) db.session.commit() else: return make_response(jsonify({'fail': 'User already exists.'}), 401) flash('Successfully registered as {}.'.format(username)) return jsonify({'success': 'User successfully registered.'})
def verify_credential_info(): ''' This url is called to verify and register the token ''' challenge = session['challenge'] username = session['register_username'] display_name = session['register_display_name'] ukey = session['register_ukey'] user_exists = database.user_exists(username) if not user_exists or not current_user.is_authenticated or not username == current_user.id: return make_response(jsonify({'fail': 'User not logged in.'}), 401) registration_response = request.form trust_anchor_dir = os.path.join(os.path.dirname(os.path.abspath(__file__)), TRUST_ANCHOR_DIR) trusted_attestation_cert_required = True self_attestation_permitted = True none_attestation_permitted = True webauthn_registration_response = webauthn.WebAuthnRegistrationResponse( RP_ID, ORIGIN, registration_response, challenge, trust_anchor_dir, trusted_attestation_cert_required, self_attestation_permitted, none_attestation_permitted, uv_required=False) # User Verification try: webauthn_credential = webauthn_registration_response.verify() except Exception as e: return jsonify({'fail': 'Registration failed. Error: {}'.format(e)}) credential_id_exists = database.credential_exists( webauthn_credential.credential_id) if credential_id_exists: return make_response( jsonify({'fail': 'Credential ID already exists.'}), 401) existing_user = database.user_exists(username) credential = Credential() if not existing_user or True: if sys.version_info >= (3, 0): webauthn_credential.credential_id = str( webauthn_credential.credential_id, "utf-8") webauthn_credential.public_key = str( webauthn_credential.public_key, "utf-8") credential.id = randint(1, 100000) credential.ukey = ukey credential.username = username credential.display_name = display_name credential.pub_key = webauthn_credential.public_key credential.credential_id = webauthn_credential.credential_id credential.sign_count = webauthn_credential.sign_count credential.rp_id = RP_ID credential.icon_url = 'https://example.com' database.save_credential(credential) database.turn_on(credential.username) else: return make_response(jsonify({'fail': 'User already exists.'}), 401) satosa_request = Request() satosa_request.userId = credential.username database.make_success(satosa_request) user = database.get_user(credential.username) login_user(user) return jsonify({'success': 'User successfully registered.'})
def attestation_verify_response(): logger = webauthn.WebAuthnLogger() app.logger.debug( '----- [Registration] Authenticator Response (Native) from Authenticator/Client -----' ) app.logger.debug(str(request.form.to_dict())) app.logger.debug('----- End -----') challenge = session['challenge'] username = session['register_username'] display_name = session['register_display_name'] ukey = session['register_ukey'] att_option = session['att_option'] registration_response = request.form stringlyResponse = request.form['stringlyResponse'] trust_anchor_dir = os.path.join(os.path.dirname(os.path.abspath(__file__)), TRUST_ANCHOR_DIR) trusted_attestation_cert_required = True self_attestation_permitted = True none_attestation_permitted = True webauthn_registration_response = webauthn.WebAuthnRegistrationResponse( RP_ID, ORIGIN, registration_response, challenge, trust_anchor_dir, trusted_attestation_cert_required, self_attestation_permitted, none_attestation_permitted, uv_required=False) # User Verification logger.add('----- [Registration] Server Received Data -----') try: logger.add( '----- [Registration] Authenticator Response (Decoded) from Authenticator/Client -----' ) webauthn_tools = webauthn.WebAuthnTools() decoded_attestation_response = webauthn_tools.view_attestation( registration_response) logger.add(json.dumps(decoded_attestation_response, indent=4)) logger.add('----- End -----') except Exception as e: app.logger.debug('Attestation view failed. Error: {}'.format(e)) logger.add('Attestation view failed. Error: {}'.format(e)) return make_response( jsonify({ 'fail': 'Attestation view failed. Error: {}'.format(e), 'debug_log': logger.get() }), 500) try: logger.add('----- [Registration] [Verify] Start -----') webauthn_credential = webauthn_registration_response.verify() logger.add(webauthn_registration_response.getLog()) logger.add('----- [Registration] [Verify] End -----') except Exception as e: app.logger.debug('Registration failed. Error: {}'.format(e)) logger.add('Registration failed. Error: {}'.format(e)) return jsonify({ 'fail': 'Registration failed. Error: {}'.format(e), 'debug_log': logger.get() }) # Step 17. # # Check that the credentialId is not yet registered to any other user. # If registration is requested for a credential that is already registered # to a different user, the Relying Party SHOULD fail this registration # ceremony, or it MAY decide to accept the registration, e.g. while deleting # the older registration. credential_id_exists = Users.query.filter_by( credential_id=webauthn_credential.credential_id).first() if credential_id_exists: app.logger.debug('Credential ID already exists.') logger.add('Credential ID already exists.') return make_response( jsonify({ 'fail': 'Credential ID already exists.', 'debug_log': logger.get() }), 409) user = Users(ukey=ukey, username=username, display_name=display_name, pub_key=webauthn_credential.public_key, credential_id=webauthn_credential.credential_id, sign_count=webauthn_credential.sign_count, att_option=att_option, response=stringlyResponse, response_dec=json.dumps(decoded_attestation_response, indent=4), rp_id=RP_ID, icon_url='https://example.com') db.session.add(user) db.session.commit() logger.add('----- [Registration] Server Successfully Return. -----') return make_response( jsonify({ 'success': 'User ({}) successfully registered.'.format(username), 'debug_log': logger.get() }), 200)