app-MAIL-temp/app/dashboard/views/fido_setup.py

import uuid
import json
import secrets
import webauthn
from app.config import RP_ID
from urllib.parse import urlparse

from flask import render_template, flash, redirect, url_for, session
from flask_login import login_required, current_user
from flask_wtf import FlaskForm
from wtforms import HiddenField, validators

from app.dashboard.base import dashboard_bp
from app.extensions import db
from app.log import LOG


class FidoTokenForm(FlaskForm):
    sk_assertion = HiddenField("sk_assertion", validators=[validators.DataRequired()])


@dashboard_bp.route("/fido_setup", methods=["GET", "POST"])
@login_required
def fido_setup():
    if current_user.fido_uuid is not None:
        flash("You have already registered your security key", "warning")
        return redirect(url_for("dashboard.index"))

    fido_token_form = FidoTokenForm()

    # Handling POST requests
    if fido_token_form.validate_on_submit():
        try:
            sk_assertion = json.loads(fido_token_form.sk_assertion.data)
        except Exception as e:
            flash('Key registration failed. Error: Invalid Payload', "warning")
            return redirect(url_for("dashboard.index"))
                    
        fido_uuid = session['fido_uuid']
        challenge = session['fido_challenge']

        fido_reg_response = webauthn.WebAuthnRegistrationResponse(
            RP_ID,
            SITE_URL,
            sk_assertion,
            challenge,
            trusted_attestation_cert_required = False,
            none_attestation_permitted = True)

        try:
            fido_credential = fido_reg_response.verify()
        except Exception as e:
            LOG.error(f'An error occurred in WebAuthn registration process: {e}')
            flash('Key registration failed.', "warning")
            return redirect(url_for("dashboard.index"))

        current_user.fido_pk = str(fido_credential.public_key, "utf-8")
        current_user.fido_uuid = fido_uuid
        current_user.fido_sign_count = fido_credential.sign_count
        current_user.fido_credential_id = str(fido_credential.credential_id, "utf-8")
        db.session.commit()

        flash("Security key has been activated", "success")

        return redirect(url_for("dashboard.index"))
    
    # Prepare information for key registration process
    fido_uuid = str(uuid.uuid4())
    challenge = secrets.token_urlsafe(32)

    credential_create_options = webauthn.WebAuthnMakeCredentialOptions(
        challenge, 'SimpleLogin', RP_ID, fido_uuid,
        current_user.email, current_user.name, False, attestation='none')

    # Don't think this one should be used, but it's not configurable by arguments
    # https://www.w3.org/TR/webauthn/#sctn-location-extension
    registration_dict = credential_create_options.registration_dict
    del registration_dict['extensions']['webauthn.loc']

    session['fido_uuid'] = fido_uuid
    session['fido_challenge'] = challenge.rstrip('=')

    return render_template(
        "dashboard/fido_setup.html", fido_token_form=fido_token_form, 
        credential_create_options=registration_dict
    )
Security key setup page (front-end) 2020-05-05 10:32:49 +02:00			`import uuid`
			`import json`
			`import secrets`
			`import webauthn`
Calculate RP_ID in config 2020-05-07 11:39:30 +02:00			`from app.config import RP_ID`
Security key setup page (front-end) 2020-05-05 10:32:49 +02:00			`from urllib.parse import urlparse`

			`from flask import render_template, flash, redirect, url_for, session`
			`from flask_login import login_required, current_user`
			`from flask_wtf import FlaskForm`
			`from wtforms import HiddenField, validators`

			`from app.dashboard.base import dashboard_bp`
			`from app.extensions import db`
			`from app.log import LOG`


			`class FidoTokenForm(FlaskForm):`
			`sk_assertion = HiddenField("sk_assertion", validators=[validators.DataRequired()])`


			`@dashboard_bp.route("/fido_setup", methods=["GET", "POST"])`
			`@login_required`
			`def fido_setup():`
			`if current_user.fido_uuid is not None:`
			`flash("You have already registered your security key", "warning")`
			`return redirect(url_for("dashboard.index"))`

			`fido_token_form = FidoTokenForm()`
Key registration (Backend) 2020-05-05 10:58:42 +02:00
			`# Handling POST requests`
			`if fido_token_form.validate_on_submit():`
			`try:`
			`sk_assertion = json.loads(fido_token_form.sk_assertion.data)`
			`except Exception as e:`
			`flash('Key registration failed. Error: Invalid Payload', "warning")`
			`return redirect(url_for("dashboard.index"))`

			`fido_uuid = session['fido_uuid']`
			`challenge = session['fido_challenge']`

			`fido_reg_response = webauthn.WebAuthnRegistrationResponse(`
Make RP_ID a constant 2020-05-07 11:33:24 +02:00			`RP_ID,`
Key registration (Backend) 2020-05-05 10:58:42 +02:00			`SITE_URL,`
			`sk_assertion,`
			`challenge,`
			`trusted_attestation_cert_required = False,`
			`none_attestation_permitted = True)`

			`try:`
			`fido_credential = fido_reg_response.verify()`
			`except Exception as e:`
Do not show full error msg to user 2020-05-07 11:48:56 +02:00			`LOG.error(f'An error occurred in WebAuthn registration process: {e}')`
			`flash('Key registration failed.', "warning")`
Key registration (Backend) 2020-05-05 10:58:42 +02:00			`return redirect(url_for("dashboard.index"))`

FIDO login middleware 2020-05-05 14:03:29 +02:00			`current_user.fido_pk = str(fido_credential.public_key, "utf-8")`
			`current_user.fido_uuid = fido_uuid`
Store sign count 2020-05-05 12:16:52 +02:00			`current_user.fido_sign_count = fido_credential.sign_count`
Key registration (Backend) 2020-05-05 10:58:42 +02:00			`current_user.fido_credential_id = str(fido_credential.credential_id, "utf-8")`
			`db.session.commit()`

			`flash("Security key has been activated", "success")`

			`return redirect(url_for("dashboard.index"))`
Security key setup page (front-end) 2020-05-05 10:32:49 +02:00
typo 'infomation' 2020-05-07 11:31:42 +02:00			`# Prepare information for key registration process`
Security key setup page (front-end) 2020-05-05 10:32:49 +02:00			`fido_uuid = str(uuid.uuid4())`
			`challenge = secrets.token_urlsafe(32)`

			`credential_create_options = webauthn.WebAuthnMakeCredentialOptions(`
fix SimpleLogin brand name 2020-05-07 11:34:19 +02:00			`challenge, 'SimpleLogin', RP_ID, fido_uuid,`
Security key setup page (front-end) 2020-05-05 10:32:49 +02:00			`current_user.email, current_user.name, False, attestation='none')`

			`# Don't think this one should be used, but it's not configurable by arguments`
			`# https://www.w3.org/TR/webauthn/#sctn-location-extension`
			`registration_dict = credential_create_options.registration_dict`
			`del registration_dict['extensions']['webauthn.loc']`

			`session['fido_uuid'] = fido_uuid`
			`session['fido_challenge'] = challenge.rstrip('=')`

			`return render_template(`
			`"dashboard/fido_setup.html", fido_token_form=fido_token_form,`
			`credential_create_options=registration_dict`
			`)`