def test_verify_registration_response_failure(monkeypatch): response_obj = pretend.stub( verify=pretend.raiser(pywebauthn.webauthn.RegistrationRejectedException) ) response_cls = pretend.call_recorder(lambda *a, **kw: response_obj) monkeypatch.setattr(pywebauthn, "WebAuthnRegistrationResponse", response_cls) with pytest.raises(webauthn.RegistrationRejectedException): webauthn.verify_registration_response( {}, "not_a_real_challenge", rp_id="fake_rp_id", origin="fake_origin" )
def test_verify_registration_response_failure(monkeypatch): monkeypatch.setattr( pywebauthn, "verify_registration_response", pretend.raiser(pywebauthn.helpers.exceptions.InvalidRegistrationResponse), ) with pytest.raises(webauthn.RegistrationRejectedError): webauthn.verify_registration_response( ( '{"id": "foo", "rawId": "foo", "response": ' '{"attestationObject": "foo", "clientDataJSON": "bar"}}' ), b"not_a_real_challenge", rp_id="fake_rp_id", origin="fake_origin", )
def test_verify_registration_response(monkeypatch): fake_verified_registration = VerifiedRegistration( credential_id=b"foo", credential_public_key=b"bar", sign_count=0, aaguid="wutang", fmt=AttestationFormat.NONE, credential_type=PublicKeyCredentialType.PUBLIC_KEY, user_verified=False, attestation_object=b"foobar", ) mock_verify_registration_response = pretend.call_recorder( lambda *a, **kw: fake_verified_registration ) monkeypatch.setattr( pywebauthn, "verify_registration_response", mock_verify_registration_response ) resp = webauthn.verify_registration_response( ( '{"id": "foo", "rawId": "foo", "response": ' '{"attestationObject": "foo", "clientDataJSON": "bar"}}' ), b"not_a_real_challenge", rp_id="fake_rp_id", origin="fake_origin", ) assert mock_verify_registration_response.calls == [ pretend.call( credential=RegistrationCredential( id="foo", raw_id=b"~\x8a", response=AuthenticatorAttestationResponse( client_data_json=b"m\xaa", attestation_object=b"~\x8a" ), transports=None, type=PublicKeyCredentialType.PUBLIC_KEY, ), expected_challenge=bytes_to_base64url(b"not_a_real_challenge").encode(), expected_rp_id="fake_rp_id", expected_origin="fake_origin", require_user_verification=False, ) ] assert resp == fake_verified_registration
def verify_webauthn_credential(self, credential, *, challenge, rp_id, origin): """ Checks whether the given credential is valid, i.e. suitable for generating assertions during authentication. Returns the validated credential on success, raises webauthn.RegistrationRejectedException on failure. """ validated_credential = webauthn.verify_registration_response( credential, challenge=challenge, rp_id=rp_id, origin=origin) webauthn_cred = (self.db.query(WebAuthn).filter_by( credential_id=validated_credential.credential_id.decode()).first()) if webauthn_cred is not None: raise webauthn.RegistrationRejectedException( "Credential ID already in use") return validated_credential
def test_verify_registration_response(monkeypatch): response_obj = pretend.stub( verify=pretend.call_recorder(lambda: "not a real object") ) response_cls = pretend.call_recorder(lambda *a, **kw: response_obj) monkeypatch.setattr(pywebauthn, "WebAuthnRegistrationResponse", response_cls) resp = webauthn.verify_registration_response( {}, "not_a_real_challenge", rp_id="fake_rp_id", origin="fake_origin" ) assert response_cls.calls == [ pretend.call( "fake_rp_id", "fake_origin", {}, webauthn._webauthn_b64encode("not_a_real_challenge".encode()).decode(), self_attestation_permitted=True, ) ] assert resp == "not a real object"