def test_client_data(self):
client_data = ClientData(
b'{"typ":"navigator.id.finishEnrollment","challenge":"vqrS6WXDe1JUs5_c3i4-LkKIHRr-3XVb3azuA5TifHo","cid_pubkey":{"kty":"EC","crv":"P-256","x":"HzQwlfXX7Q4S5MtCCnZUNBw3RMzPO9tOyWjBqRl4tJ8","y":"XVguGFLIZx1fXg3wNqfdbn75hi4-_7-BxhMljw42Ht4"},"origin":"http://example.com"}'
) # noqa
self.assertEqual(
client_data.hash,
a2b_hex(
'4142d21c00d94ffb9d504ada8f99b721f4b191ae4e37ca0140f696b6983cfacb'
)) # noqa
self.assertEqual(client_data.get('origin'), 'http://example.com')
self.assertEqual(client_data, ClientData.from_b64(client_data.b64))
self.assertEqual(
client_data.data, {
'typ': 'navigator.id.finishEnrollment',
'challenge': 'vqrS6WXDe1JUs5_c3i4-LkKIHRr-3XVb3azuA5TifHo',
'cid_pubkey': {
'kty': 'EC',
'crv': 'P-256',
'x': 'HzQwlfXX7Q4S5MtCCnZUNBw3RMzPO9tOyWjBqRl4tJ8',
'y': 'XVguGFLIZx1fXg3wNqfdbn75hi4-_7-BxhMljw42Ht4'
},
'origin': 'http://example.com'
})
def test_client_data(self):
client_data = ClientData(
b'{"typ":"navigator.id.finishEnrollment","challenge":"vqrS6WXDe1JUs5_c3i4-LkKIHRr-3XVb3azuA5TifHo","cid_pubkey":{"kty":"EC","crv":"P-256","x":"HzQwlfXX7Q4S5MtCCnZUNBw3RMzPO9tOyWjBqRl4tJ8","y":"XVguGFLIZx1fXg3wNqfdbn75hi4-_7-BxhMljw42Ht4"},"origin":"http://example.com"}' # noqa E501
)
self.assertEqual(
client_data.hash,
a2b_hex(
"4142d21c00d94ffb9d504ada8f99b721f4b191ae4e37ca0140f696b6983cfacb"
),
)
self.assertEqual(client_data.get("origin"), "http://example.com")
self.assertEqual(client_data, ClientData.from_b64(client_data.b64))
self.assertEqual(
client_data.data,
{
"typ": "navigator.id.finishEnrollment",
"challenge": "vqrS6WXDe1JUs5_c3i4-LkKIHRr-3XVb3azuA5TifHo",
"cid_pubkey": {
"kty": "EC",
"crv": "P-256",
"x": "HzQwlfXX7Q4S5MtCCnZUNBw3RMzPO9tOyWjBqRl4tJ8",
"y": "XVguGFLIZx1fXg3wNqfdbn75hi4-_7-BxhMljw42Ht4",
},
"origin": "http://example.com",
},
)
def page(self) -> CBORPageResult:
assert user.id is not None
user.need_permission("general.manage_2fa")
raw_data = request.get_data()
logger.debug("Raw request: %r", raw_data)
data: dict[str, object] = cbor.decode(raw_data)
client_data = ClientData(data["clientDataJSON"])
att_obj = AttestationObject(data["attestationObject"])
logger.debug("Client data: %r", client_data)
logger.debug("Attestation object: %r", att_obj)
try:
auth_data = make_fido2_server().register_complete(
session.session_info.webauthn_action_state, client_data,
att_obj)
except ValueError as e:
if "Invalid origin in ClientData" in str(e):
raise MKGeneralException(
"The origin %r is not valid. You need to access the UI via HTTPS "
"and you need to use a valid host or domain name. See werk #13325 for "
"further information" % client_data.get("origin")) from e
raise
ident = auth_data.credential_data.credential_id.hex()
credentials = load_two_factor_credentials(user.id, lock=True)
if ident in credentials["webauthn_credentials"]:
raise MKGeneralException(
_("Your WebAuthn credential is already in use"))
credentials["webauthn_credentials"][ident] = WebAuthnCredential({
"credential_id":
ident,
"registered_at":
int(time.time()),
"alias":
"",
"credential_data":
bytes(auth_data.credential_data),
})
save_two_factor_credentials(user.id, credentials)
flash(_("Registration successful"))
return {"status": "OK"}