def post(self, request, *args, **kwargs):
token = request.POST.get('token', '').strip().replace(' ', '')
valid = False
if '_u2f_challenge' in self.request.session and token.startswith('{'):
devices = [DeviceRegistration.wrap(device.json_data)
for device in U2FDevice.objects.filter(confirmed=True, user=self.user)]
challenge = self.request.session.pop('_u2f_challenge')
try:
u2f.verify_authenticate(devices, challenge, token, [self.app_id])
valid = True
except Exception:
logger.exception('U2F login failed')
else:
valid = match_token(self.user, token)
if valid:
auth_login(request, self.user)
request.session['pretix_auth_login_time'] = int(time.time())
del request.session['pretix_auth_2fa_user']
del request.session['pretix_auth_2fa_time']
if "next" in request.GET and is_safe_url(request.GET.get("next"), allowed_hosts=None):
return redirect(request.GET.get("next"))
return redirect(reverse('control:index'))
else:
messages.error(request, _('Invalid code, please try again.'))
return redirect('control:auth.login.2fa')
def post(self, request, *args, **kwargs):
password = request.POST.get("password", "")
valid = False
if '_u2f_challenge' in self.request.session and password.startswith(
'{'):
devices = [
DeviceRegistration.wrap(device.json_data)
for device in U2FDevice.objects.filter(confirmed=True,
user=self.request.user)
]
challenge = self.request.session.pop('_u2f_challenge')
try:
u2f.verify_authenticate(devices, challenge, password,
[self.app_id])
valid = True
except Exception:
logger.exception('U2F login failed')
valid = valid or request.user.check_password(password)
if valid:
t = int(time.time())
request.session['pretix_auth_login_time'] = t
request.session['pretix_auth_last_used'] = t
if "next" in request.GET and is_safe_url(request.GET.get("next")):
return redirect(request.GET.get("next"))
return redirect(reverse('control:index'))
else:
messages.error(
request,
_('The password you entered was invalid, please try again.'))
return self.get(request, *args, **kwargs)
def post(self, request, *args, **kwargs):
password = request.POST.get("password", "")
valid = False
if '_u2f_challenge' in self.request.session and password.startswith('{'):
devices = [DeviceRegistration.wrap(device.json_data)
for device in U2FDevice.objects.filter(confirmed=True, user=self.request.user)]
challenge = self.request.session.pop('_u2f_challenge')
try:
u2f.verify_authenticate(devices, challenge, password, [self.app_id])
valid = True
except Exception:
logger.exception('U2F login failed')
valid = valid or request.user.check_password(password)
if valid:
t = int(time.time())
request.session['pretix_auth_login_time'] = t
request.session['pretix_auth_last_used'] = t
if "next" in request.GET and is_safe_url(request.GET.get("next"), allowed_hosts=None):
return redirect(request.GET.get("next"))
return redirect(reverse('control:index'))
else:
messages.error(request, _('The password you entered was invalid, please try again.'))
return self.get(request, *args, **kwargs)
def post(self, request, *args, **kwargs):
token = request.POST.get('token', '').strip().replace(' ', '')
valid = False
if '_u2f_challenge' in self.request.session and token.startswith('{'):
devices = [
DeviceRegistration.wrap(device.json_data)
for device in U2FDevice.objects.filter(confirmed=True,
user=self.user)
]
challenge = self.request.session.pop('_u2f_challenge')
try:
u2f.verify_authenticate(devices, challenge, token,
[self.app_id])
valid = True
except Exception:
logger.exception('U2F login failed')
else:
valid = match_token(self.user, token)
if valid:
auth_login(request, self.user)
request.session['pretix_auth_login_time'] = int(time.time())
del request.session['pretix_auth_2fa_user']
del request.session['pretix_auth_2fa_time']
if "next" in request.GET and is_safe_url(request.GET.get("next")):
return redirect(request.GET.get("next"))
return redirect(reverse('control:index'))
else:
messages.error(request, _('Invalid code, please try again.'))
return redirect('control:auth.login.2fa')
def verify(self, username, data):
user = self.users[username]
devices = map(DeviceRegistration.wrap, user.get('_u2f_devices_', []))
challenge = user.pop('_u2f_challenge_')
c, t = verify_authenticate(devices, challenge, data, [self.facet])
return json.dumps({'touch': t, 'counter': c})
def verify(self, user_name, object_dn, key):
# Do we have read permissions for the requested attribute
self.__check_acl(user_name, object_dn, "r")
# Get the object for the given dn
user = ObjectProxy(object_dn)
factor_method = self.get_method_from_user(user)
user_settings = self.__settings[user.uuid] if user.uuid in self.__settings else {}
if factor_method == "otp":
totp = TOTP(user_settings.get('otp_secret'))
return totp.verify(key)
elif factor_method == "u2f":
devices = [DeviceRegistration.wrap(device)
for device in user_settings.get('_u2f_devices_', [])]
challenge = user_settings.pop('_u2f_challenge_')
data = loads(key)
c, t = verify_authenticate(devices, challenge, data, [self.facet])
return {
'touch': t,
'counter': c
}
elif factor_method is None:
return True
return False
def verify(self, user_name, object_dn, key):
# Do we have read permissions for the requested attribute
self.__check_acl(user_name, object_dn, "r")
# Get the object for the given dn
user = ObjectProxy(object_dn)
factor_method = self.get_method_from_user(user)
user_settings = self.__settings[
user.uuid] if user.uuid in self.__settings else {}
if factor_method == "otp":
totp = TOTP(user_settings.get('otp_secret'))
return totp.verify(key)
elif factor_method == "u2f":
devices = [
DeviceRegistration.wrap(device)
for device in user_settings.get('_u2f_devices_', [])
]
challenge = user_settings.pop('_u2f_challenge_')
data = loads(key)
c, t = verify_authenticate(devices, challenge, data, [self.facet])
return {'touch': t, 'counter': c}
elif factor_method is None:
return True
return False
def validate_response(self, request, challenge, response):
try:
counter, touch = u2f.verify_authenticate(self.get_u2f_devices(),
challenge, response,
self.u2f_facets)
except (InvalidSignature, InvalidKey, StopIteration):
return False
return True
def validate_response(self, request, challenge, response):
try:
counter, touch = u2f.verify_authenticate(self.get_u2f_devices(),
challenge, response,
self.u2f_facets)
except (InvalidSignature, InvalidKey, StopIteration):
return False
return True
def verify(self, username, data):
user = self.users[username]
devices = map(DeviceRegistration.wrap, user.get('_u2f_devices_', []))
challenge = user.pop('_u2f_challenge_')
c, t = verify_authenticate(devices, challenge, data, [self.facet])
return json.dumps({
'touch': t,
'counter': c
})
def test_authenticate_single_soft_u2f(self):
# Register
device, token = register_token()
# Authenticate
sign_request = u2f.start_authenticate([device])
response1 = token.getAssertion(
sign_request.authenticateRequests[0].json, FACET)
assert u2f.verify_authenticate([device], sign_request, response1)
def verify(self, username, data):
user = self.users[username]
devices = [DeviceRegistration.wrap(device)
for device in user.get('_u2f_devices_', [])]
challenge = user.pop('_u2f_challenge_')
counter, touch = verify_authenticate(devices, challenge, data, self.facets)
return json.dumps({
'touch': bool(touch),
'counter': counter
})
def test_authenticate_multiple_soft_u2f(self):
# Register
device1, token1 = register_token()
device2, token2 = register_token([device1])
# Authenticate
auth_request_data = u2f.start_authenticate([device1, device2])
response = token1.getAssertion(
auth_request_data.authenticateRequests[0].json, FACET)
assert u2f.verify_authenticate([device1, device2], auth_request_data,
response)
def test_authenticate_single_soft_u2f(self):
# Register
device, token = register_token()
# Authenticate
sign_request = u2f.start_authenticate([device])
response1 = token.getAssertion(
sign_request.authenticateRequests[0].json,
FACET
)
assert u2f.verify_authenticate([device], sign_request, response1)
def userVerify(id):
try:
user = User().getObjectsByKey("_id", id)[0]
except Exception as e:
return abort(404)
try:
devices = map(DeviceRegistration.wrap, user.u2f_devices)
except:
devices = []
challenge = user.u2f_challenge
c, t = verify_authenticate(devices, challenge, data)
return json.dumps({'touch': t, 'counter': c})
def test_authenticate_multiple_soft_u2f(self):
# Register
device1, token1 = register_token()
device2, token2 = register_token([device1])
# Authenticate
auth_request_data = u2f.start_authenticate([device1, device2])
response = token1.getAssertion(
auth_request_data.authenticateRequests[0].json,
FACET
)
assert u2f.verify_authenticate([device1, device2],
auth_request_data,
response)
