def authenticate(self, request: HttpRequest, user: Optional[AbstractBaseUser], fido2_server: Fido2Server, fido2_state: Dict[str, bytes], fido2_response: Dict[str, Any]) -> Optional[AbstractBaseUser]: """Authenticate using FIDO 2.""" user_handle = fido2_response['user_handle'] try: device = Authenticator.objects.get(user_handle=user_handle) user = device.user credentials = [device.credential] fido2_server.authenticate_complete( fido2_state, credentials, fido2_response['credential_id'], fido2_response['client_data'], fido2_response['authenticator_data'], fido2_response['signature']) except ValueError as error: _LOGGER.info("FIDO 2 authentication failed with error: %r", error) return None except Authenticator.DoesNotExist: _LOGGER.info("FIDO 2 authentication could not find user handle: %s", user_handle) return None try: self.mark_device_used(device, fido2_response['authenticator_data'].counter) except ValueError: # Raise `PermissionDenied` to stop the authentication process and skip remaining backends. messages.error(request, self.counter_error_message) raise PermissionDenied("Counter didn't increase.") return user
def authenticate( self, request: HttpRequest, user: AbstractBaseUser, fido2_server: Fido2Server, fido2_state: Dict[str, bytes], fido2_response: Dict[str, Any]) -> Optional[AbstractBaseUser]: """Authenticate using FIDO 2.""" credentials = [a.credential for a in user.authenticators.all()] try: credential = fido2_server.authenticate_complete( fido2_state, credentials, fido2_response['credential_id'], fido2_response['client_data'], fido2_response['authenticator_data'], fido2_response['signature']) except ValueError as error: _LOGGER.info("FIDO 2 authentication failed with error: %r", error) return None device = user.authenticators.get(credential_id_data=base64.b64encode( credential.credential_id).decode('utf-8')) try: self.mark_device_used(device, fido2_response['authenticator_data'].counter) except ValueError: # Raise `PermissionDenied` to stop the authentication process and skip remaining backends. messages.error(request, self.counter_error_message) raise PermissionDenied("Counter didn't increase.") return user