beenull/simple-login
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Black formatted

Browse source
This commit is contained in:
devStorm 2020-05-07 02:53:28 -07:00
parent 0052dad13e
commit 9b8340f3e0
No known key found for this signature in database
GPG key ID: D52E1B66F336AC57
5 changed files with 62 additions and 40 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

41
app/auth/views/fido.py
View file

@ -40,26 +40,29 @@ def fido():
next_url = request.args.get("next") next_url = request.args.get("next")
webauthn_user = webauthn.WebAuthnUser( webauthn_user = webauthn.WebAuthnUser(
user.fido_uuid, user.email, user.name, False, user.fido_uuid,
user.fido_credential_id, user.fido_pk, user.fido_sign_count, RP_ID) user.email,
user.name,
False,
user.fido_credential_id,
user.fido_pk,
user.fido_sign_count,
RP_ID,
)
# Handling POST requests # Handling POST requests
if fido_token_form.validate_on_submit(): if fido_token_form.validate_on_submit():
try: try:
sk_assertion = json.loads(fido_token_form.sk_assertion.data) sk_assertion = json.loads(fido_token_form.sk_assertion.data)
except Exception as e: except Exception as e:
flash('Key verification failed. Error: Invalid Payload', "warning") flash("Key verification failed. Error: Invalid Payload", "warning")
return redirect(url_for("auth.login")) return redirect(url_for("auth.login"))
challenge = session['fido_challenge'] challenge = session["fido_challenge"]
credential_id = sk_assertion['id'] credential_id = sk_assertion["id"]
webauthn_assertion_response = webauthn.WebAuthnAssertionResponse( webauthn_assertion_response = webauthn.WebAuthnAssertionResponse(
webauthn_user, webauthn_user, sk_assertion, challenge, SITE_URL, uv_required=False
sk_assertion,
challenge,
SITE_URL,
uv_required=False
) )
is_webauthn_verified = False is_webauthn_verified = False
@ -67,8 +70,8 @@ def fido():
new_sign_count = webauthn_assertion_response.verify() new_sign_count = webauthn_assertion_response.verify()
is_webauthn_verified = True is_webauthn_verified = True
except Exception as e: except Exception as e:
LOG.error(f'An error occurred in WebAuthn verification process: {e}') LOG.error(f"An error occurred in WebAuthn verification process: {e}")
flash('Key verification failed.', "warning") flash("Key verification failed.", "warning")
if is_webauthn_verified: if is_webauthn_verified:
user.fido_sign_count = new_sign_count user.fido_sign_count = new_sign_count
@ -90,15 +93,19 @@ def fido():
pass pass
# Prepare information for key registration process # Prepare information for key registration process
session.pop('challenge', None) session.pop("challenge", None)
challenge = secrets.token_urlsafe(32) challenge = secrets.token_urlsafe(32)
session['fido_challenge'] = challenge.rstrip('=') session["fido_challenge"] = challenge.rstrip("=")
webauthn_assertion_options = webauthn.WebAuthnAssertionOptions( webauthn_assertion_options = webauthn.WebAuthnAssertionOptions(
webauthn_user, challenge) webauthn_user, challenge
)
webauthn_assertion_options = webauthn_assertion_options.assertion_dict webauthn_assertion_options = webauthn_assertion_options.assertion_dict
return render_template("auth/fido.html", fido_token_form=fido_token_form, return render_template(
"auth/fido.html",
fido_token_form=fido_token_form,
webauthn_assertion_options=webauthn_assertion_options, webauthn_assertion_options=webauthn_assertion_options,
enable_otp=user.enable_otp) enable_otp=user.enable_otp,
)

6
app/auth/views/mfa.py
View file

@ -55,4 +55,8 @@ def mfa():
else: else:
flash("Incorrect token", "warning") flash("Incorrect token", "warning")
return render_template("auth/mfa.html", otp_token_form=otp_token_form, enable_fido=(user.fido_uuid is not None)) return render_template(
"auth/mfa.html",
otp_token_form=otp_token_form,
enable_fido=(user.fido_uuid is not None),
)

4
app/dashboard/views/fido_cancel.py
View file

@ -34,4 +34,6 @@ def fido_cancel():
else: else:
flash("Incorrect password", "warning") flash("Incorrect password", "warning")
return render_template("dashboard/fido_cancel.html", password_check_form=password_check_form) return render_template(
"dashboard/fido_cancel.html", password_check_form=password_check_form
)

37
app/dashboard/views/fido_setup.py
View file

@ -33,25 +33,26 @@ def fido_setup():
try: try:
sk_assertion = json.loads(fido_token_form.sk_assertion.data) sk_assertion = json.loads(fido_token_form.sk_assertion.data)
except Exception as e: except Exception as e:
flash('Key registration failed. Error: Invalid Payload', "warning") flash("Key registration failed. Error: Invalid Payload", "warning")
return redirect(url_for("dashboard.index")) return redirect(url_for("dashboard.index"))
fido_uuid = session['fido_uuid'] fido_uuid = session["fido_uuid"]
challenge = session['fido_challenge'] challenge = session["fido_challenge"]
fido_reg_response = webauthn.WebAuthnRegistrationResponse( fido_reg_response = webauthn.WebAuthnRegistrationResponse(
RP_ID, RP_ID,
SITE_URL, SITE_URL,
sk_assertion, sk_assertion,
challenge, challenge,
trusted_attestation_cert_required = False, trusted_attestation_cert_required=False,
none_attestation_permitted = True) none_attestation_permitted=True,
)
try: try:
fido_credential = fido_reg_response.verify() fido_credential = fido_reg_response.verify()
except Exception as e: except Exception as e:
LOG.error(f'An error occurred in WebAuthn registration process: {e}') LOG.error(f"An error occurred in WebAuthn registration process: {e}")
flash('Key registration failed.', "warning") flash("Key registration failed.", "warning")
return redirect(url_for("dashboard.index")) return redirect(url_for("dashboard.index"))
current_user.fido_pk = str(fido_credential.public_key, "utf-8") current_user.fido_pk = str(fido_credential.public_key, "utf-8")
@ -69,18 +70,26 @@ def fido_setup():
challenge = secrets.token_urlsafe(32) challenge = secrets.token_urlsafe(32)
credential_create_options = webauthn.WebAuthnMakeCredentialOptions( credential_create_options = webauthn.WebAuthnMakeCredentialOptions(
challenge, 'SimpleLogin', RP_ID, fido_uuid, challenge,
current_user.email, current_user.name, False, attestation='none') "SimpleLogin",
RP_ID,
fido_uuid,
current_user.email,
current_user.name,
False,
attestation="none",
)
# Don't think this one should be used, but it's not configurable by arguments # Don't think this one should be used, but it's not configurable by arguments
# https://www.w3.org/TR/webauthn/#sctn-location-extension # https://www.w3.org/TR/webauthn/#sctn-location-extension
registration_dict = credential_create_options.registration_dict registration_dict = credential_create_options.registration_dict
del registration_dict['extensions']['webauthn.loc'] del registration_dict["extensions"]["webauthn.loc"]
session['fido_uuid'] = fido_uuid session["fido_uuid"] = fido_uuid
session['fido_challenge'] = challenge.rstrip('=') session["fido_challenge"] = challenge.rstrip("=")
return render_template( return render_template(
"dashboard/fido_setup.html", fido_token_form=fido_token_form, "dashboard/fido_setup.html",
credential_create_options=registration_dict fido_token_form=fido_token_form,
credential_create_options=registration_dict,
) )