def validateotp(uri): print("validating uri") result = False client_id = config.get('system', 'yubico_client_id') secret_key = config.get('system', 'yubico_secret_key') #token = raw_input('Enter OTP token: ') token = uri if not secret_key: secret_key = None client = Yubico(client_id, secret_key) try: status = client.verify(token) except yubico_exceptions.InvalidClientIdError: #e = sys.exc_info()[1] print('Client with id %s does not exist' % (e.client_id)) #sys.exit(1) except yubico_exceptions.SignatureVerificationError: print('Signature verification failed') #sys.exit(1) except yubico_exceptions.StatusCodeError: #e = sys.exc_info()[1] print('Negative status code was returned: %s' % (e.status_code)) #sys.exit(1) if status: print('Success, the provided OTP is valid') result = True else: print('No response from the servers or received other negative ' 'status code') return result
def _validate_yubikey_otp(self, code: str) -> bool: try: return Yubico(self._config[YUBICLOUD_CLIENT_ID]).verify( code, timestamp=True) except (YubicoError, Exception) as cause: logging.error(cause, exc_info=True) return False
def validate_yubikey_otp(self, value): value = value.strip() if settings.ALLOWED_SECOND_FACTORS and 'yubikey_otp' not in settings.ALLOWED_SECOND_FACTORS: # TODO Replace with SERVER_NOT_SUPPORT_YUBIKEY msg = _('The server does not allow Yubikeys.') raise exceptions.ValidationError(msg) if settings.YUBIKEY_CLIENT_ID is None or settings.YUBIKEY_SECRET_KEY is None: # TODO Replace with SERVER_NOT_SUPPORT_YUBIKEY msg = _('Server does not support Yubikeys') raise exceptions.ValidationError(msg) client = Yubico(settings.YUBIKEY_CLIENT_ID, settings.YUBIKEY_SECRET_KEY) try: yubikey_is_valid = client.verify(value) except: yubikey_is_valid = False if not yubikey_is_valid: # TODO Replace with YUBICO_TOKEN_INVALID msg = _('Yubikey token invalid') raise exceptions.ValidationError(msg) return value
def userLogin(args): user = args[USERNAME] # Yubikey OTP is 44-characters so if there's not at least 45 chars then # we assume there's only a single factor and fail them out of spite # also fail out of spite if the user does not have a yubikey in their password entry if user not in p.users: print(FAILED) logit("User not in table") return if (len(args['password']) < 45): print(FAILED) logit("Password too short to have yubi token") return if p.users[user]['yubikeyid'] is None: print(FAILED) logit("User has no yubi token in the passwd file") return # Otherwise split the first and second factors apart password = args['password'][0:-44] yubiotp = args['password'][-44:] userobject = p.users[user] # Check the first factor against the hash if not sha512_crypt.verify(password, userobject['hash']): print(FAILED) logit("First factor failed") return # does the yubikey belong to this user? # We should have pretty good assurance at this point that the userobject has a yubikeyid # value. Our check above should have promised that if yubiotp[0:12] != userobject['yubikeyid']: print(FAILED) logit( "Yubi token presented %s does not match what is on file %s" % (yubiotp[0:12], userobject['yubikeyid'])) return try: # Now FINALLY we go to yubicloud and ask yubi = Yubico(yubicloud_client_id, yubicloud_secret_key) if yubi.verify(yubiotp): print(SUCCESS) return except Exception as e: logging.error("Exception in yubi verify", e) print(FAILED) return # If we fall all the way out logit("Fell out the bottom") print(FAILED)
def __init__(self, client_id, secret_key, yubikey_id): Authenticator.__init__(self) try: import urllib3.contrib.pyopenssl urllib3.contrib.pyopenssl.inject_into_urllib3() except ImportError: pass from yubico_client import Yubico self._client = Yubico(client_id, secret_key) if len(yubikey_id) != 12: raise ValueError("invalid yubikey_id") self._yubikey_id = yubikey_id
def auth(username, password): ''' Authenticate against yubico server ''' _cred = __get_yubico_users(username) client = Yubico(_cred['id'], _cred['key']) try: return client.verify(password) except yubico_exceptions.StatusCodeError as e: log.info('Unable to verify YubiKey `%s`', e) return False
def auth(username, password): """ Authenticate against yubico server """ _cred = __get_yubico_users(username) client = Yubico(_cred["id"], _cred["key"]) try: return client.verify(password) except yubico_exceptions.StatusCodeError as e: log.info("Unable to verify YubiKey `%s`", e) return False
def __init__(self): self.db = DBHandler(db='yubiauth') self.pwd_context = CryptContext(**settings['CRYPT_CONTEXT']) if settings['USE_NATIVE_YKVAL']: # Native verify from .ykval import Validator self.ykval_client = Validator() else: # Using yubico_client to verify against remote server from yubico_client import Yubico self.ykval_client = Yubico(settings['YKVAL_CLIENT_ID'], settings['YKVAL_CLIENT_SECRET'], api_urls=settings['YKVAL_SERVERS'])
def post(self): data = parser.parse_args() print(data) current_user = User.find_by_username(data['username']) if not current_user: return { 'message': 'User {} Does Not Exist'.format(data['username']) } if current_user.check_password(data['password']): otp = data['yubikey'] if current_user.yubikey_id != otp[0:12]: return { 'message': 'Yubikey OTP ID not affiliated with user.' }, 403 client = Yubico(33781, None) status = False try: status = client.verify(otp) except yubico_exceptions.InvalidClientIdError: e = sys.exc_info()[1] print('Client with id %s does not exist' % (e.client_id)) sys.exit(1) except yubico_exceptions.SignatureVerificationError: print('Signature verification failed') sys.exit(1) except yubico_exceptions.StatusCodeError: e = sys.exc_info()[1] print('Negative status code was returned: %s' % (e.status_code)) sys.exit(1) if status: print('OTP: ' + str(status)) access_token = create_access_token(identity=data['username']) refresh_token = create_refresh_token(identity=data['username']) return { 'message': 'Logged in as {}'.format(data['username']), 'access_token': access_token, 'refresh_token': refresh_token } else: return {'message': "Invalid OTP"}, 403 else: return {'message': 'Invalid Credentials'}, 403
def auth(username, password): ''' Authentcate against yubico server ''' _cred = __get_yubico_users(username) client = Yubico(_cred['id'], _cred['key']) try: if client.verify(password): return True else: return False except yubico_exceptions.StatusCodeError, e: log.info('Unable to verify YubiKey `{0}`'.format(e)) return False
def verify_otp(token): yubikey_owner = read_from_s3(bucket='taybird-birdnest-creds', key='yubikey_key_id') yubico_creds = read_from_s3(bucket='taybird-birdnest-creds', key='yubico').split(',') yubikey_client = Yubico(yubico_creds[0], yubico_creds[1]) if not token[:12] == yubikey_owner: logging.warn('Denied unknown token: "{}"'.format(token)) raise ValueError if not yubikey_client.verify(token): logging.warn('Token failed to validate: "{}"'.format(token)) raise ValueError
def yubikey_authenticate(yubikey_otp): """ Checks a YubiKey OTP :param yubikey_otp: Yubikey OTP :type yubikey_otp: :return: True or False or None :rtype: bool """ if settings.YUBIKEY_CLIENT_ID is None or settings.YUBIKEY_SECRET_KEY is None: return None client = Yubico(settings.YUBIKEY_CLIENT_ID, settings.YUBIKEY_SECRET_KEY) try: yubikey_is_valid = client.verify(yubikey_otp) except: yubikey_is_valid = False return yubikey_is_valid
async def authenticate_code(code): # Check the code is in the correct length # 32 character OTP + 2-16 character identifier if len(code) < 34 or len(code) > 48: display.print('-NO-') display.show() await asyncio.sleep(2) launch_control.auth_failure() return # Grab config with open(CONFIG_FILE) as f: config = json.load(f) try: display.print('YUBI') client = Yubico(config['client_id'], config['api_secret']) status = client.verify(code) except yubico_exceptions.InvalidClientIdError: e = sys.exc_info()[1] logger.info('Client with id %s does not exist', (e.client_id)) except yubico_exceptions.SignatureVerificationError: logger.info('Signature verification failed') except yubico_exceptions.StatusCodeError: e = sys.exc_info()[1] logger.info('Negative status code was returned: %s', (e.status_code)) if status: global authenticated_user authenticated_user = code[1:-32] logger.debug("Successful authentication for user %s", authenticated_user) launch_control.authenticate() else: display.print('FAIL') display.show() await asyncio.sleep(2) launch_control.auth_failure()
def post(self, request): key = request.POST.get('key', None) if key is None: response = JsonResponse({'error': _('No YubiKey found')}, status=400) return response # Make sure only acceptable characters in the key pattern = r'[^0-9a-zA-Z]' key = re.sub(pattern, '', key) if len(key) != 44: return JsonResponse( {'error': _('Does not appear to be a valid YubiKey')}, status=400) try: client = Yubico(settings.YUBIKEY_CLIENT_ID, settings.YUBIKEY_CLIENT_SECRET) verify = client.verify(key) if verify: public_id = key[:12] yubikey = Yubikey.objects.get(public_id=public_id) user = yubikey.user request.session['yubikey_user_id'] = user.id request.session['incorrect_user'] = False except ObjectDoesNotExist: return JsonResponse({'error': _('That YubiKey is unrecognized.')}, status=400) except Exception as e: return JsonResponse({'error': str(e)}, status=400) output = { "verify": verify, } return JsonResponse(output)
def get_client(): return Yubico(YUBICO_AUTH_CLIENT_ID, YUBICO_AUTH_SECRET_KEY)
kwargs = {} urls_no_proto = [ url[8:] if url.startswith('https://') else url[7:] if url.startswith('http://') else url for url in settings['ykval'] ] use_https = all(url.startswith('https://') for url in settings['ykval']) if version < (1, 8, 0): # No URL passing, except through hack. yubico_constants.API_URLS = urls_no_proto elif version < (1, 9, 0): # 1.8.0 introduces URL passing, without protocol. kwargs['api_urls'] = urls_no_proto else: # 1.9.0 or later kwargs['api_urls'] = settings['ykval'] if version < (1, 9, 0): # 1.9.0 removes use_https parameter. kwargs['use_https'] = use_https yubico = Yubico(settings['ykval_id'], settings['ykval_secret'], **kwargs) MODHEX = 'cbdefghijklnrtuv' def validate_otp(otp): try: return yubico.verify(otp) except: pass return False
def prepare(self): self.yubico = Yubico(options.yubico_api_id, options.yubico_api_key)
def _validate_yubikey_otp(self, code): client = Yubico(self.conf['YUBICLOUD_CLIENT_ID']) try: return client.verify(code, timestamp=True) except (YubicoError, Exception): return False
import os import re import base64 from flask import Flask, render_template, request, redirect, session, flash from mysqlconnection import connectToMySQL from flask_bcrypt import Bcrypt from yubico_client import Yubico, otp, yubico_exceptions from yubico_client.py3 import b EMAIL_REGEX = re.compile(r'^[a-zA-Z0-9.+_-]+@[a-zA-Z0-9._-]+\.[a-zA-Z]+$') yubi_client_id = "51542" yubi_secret_key = "B2Q6oZvOHQIAMxxEDVXM+XaN5D8=" rand_str = b(os.urandom(30)) nonce = base64.b64encode(rand_str, b('xz'))[:25].decode('utf-8') yubi_client = Yubico(yubi_client_id, yubi_secret_key) app = Flask(__name__) app.secret_key = 'keep it secret, keep it safe' bcrypt = Bcrypt(app) @app.route('/') def index(): return render_template("index.html") @app.route('/create_user', methods=['POST']) def create(): is_valid = True # assume True if len(request.form['fname']) < 1: is_valid = False
import lock, shelve ids = { "interncccccc": 1, "interncccccd": 2, "internccccch": 3, "internccccci": 4, "internccccce": 5, "interncccccg": 6, "interncccccf": 7, "interncccccb": 8, "internccccck": 9, "interncccccj": 10 } while True: try: inp = input(">") id = ids[inp[:12]] with shelve.open("Settings.conf") as settings: client = Yubico(id, settings["keys"][id], api_urls=('http://localhost/wsapi/2.0/verify', )) client.verify(inp) except KeyboardInterrupt: break except: pass else: lock.switch(id)
#!/usr/bin/env python # -*- coding: utf-8 -*- import hashlib import os import sqlite3 import sys from yubico_client import Yubico from config import DB_PATH, HASH_ALGORITHM, YUBICO_CLIENT_ID, YUBICO_SECRET yubi_client = Yubico(YUBICO_CLIENT_ID, YUBICO_SECRET) hash_func = getattr(hashlib, HASH_ALGORITHM) conn = sqlite3.connect(DB_PATH) cursor = conn.cursor() yubi_otp = os.environ['password'][-44:] sent_password = os.environ['password'][:-44] cursor.execute( 'SELECT username, password FROM users WHERE username = ? AND yubi_public_id = ?;', ( os.environ['username'], yubi_otp[:12], )) result = cursor.fetchone() if result is None: sys.exit(1) username, password = result if hash_func(sent_password.encode("utf-8")).hexdigest() != password:
from yubico_client import Yubico from yubico_client import yubico_exceptions from yubico_client.py3 import PY3 if PY3: raw_input = input client_id = raw_input('Enter your client id: ') secret_key = raw_input('Enter your secret key (optional): ') token = raw_input('Enter OTP token: ') if not secret_key: secret_key = None client = Yubico(client_id, secret_key) try: status = client.verify(token) except yubico_exceptions.InvalidClientIdError: e = sys.exc_info()[1] print('Client with id %s does not exist' % (e.client_id)) sys.exit(1) except yubico_exceptions.SignatureVerificationError: print('Signature verification failed') sys.exit(1) except yubico_exceptions.StatusCodeError: e = sys.exc_info()[1] print('Negative status code was returned: %s' % (e.status_code)) sys.exit(1)
def AuthUser(username, password): # Extract the token from the encoded password if password.startswith('SCRV1:'): # Extract the actual password and token passwordSplit = password.split(':') password = b64decode(passwordSplit[1]) token = b64decode(passwordSplit[2]) else: # Invalid data return False # Check username and password are valid using PAM try: loginValid = pam.authenticate(username, password) except: loginValid = False if not loginValid: return False # The first 12 characters of the token is the unique public ID tokenId = token[:12] # Only accept the token assigned to the user. If this is the first time # a token has been used for a user, assign it to the user. if os.path.exists(self.dbPath): try: file = open(self.dbPath,'rb') tokenDb = pickle.load(file) file.close() except: tokenDb = {} else: tokenDb = {} updateDb = False if username in tokenDb.keys() and tokenDb[username] != tokenId: # The token being used does not match the token for the user return False else: tokenDb[username] = tokenId updateDb = True # Check that the token is valid using the Yubico Cloud service yubico = Yubico(self.clientID, self.secretKey) try: tokenValid = yubico.verify(token) except: tokenValid = False if not tokenValid: return False # Save the token database if necessary if updateDb: file = open(self.dbPath,'wb') pickle.dump(tokenDb, file, -1) file.close() return True
import requests r = requests.get("http://192.168.1.2:8080/ccapi/ver100/contents/sd/100CANON") r.json()["url"][-1] from PIL import Image from io import BytesIO i = Image.open(BytesIO(r.content)) i from simple_websocket_server import WebSocketServer, WebSocket import sys import yubico from yubico_client import Yubico try: yubikey = yubico.find_yubikey(debug=False) print( "Version : %s " % yubikey.version()) except yubico.yubico_exception.YubicoError as e: print( "ERROR: %s" % e.reason) sys.exit(1) client = Yubico('client id', 'secret key') client.verify('otp')