app-MAIL-temp/app/dashboard/views/fido_setup.py

import uuid
import json
import secrets
import webauthn
from app.config import RP_ID
from urllib.parse import urlparse

from flask import render_template, flash, redirect, url_for, session
from flask_login import login_required, current_user
from flask_wtf import FlaskForm
from wtforms import HiddenField, validators

from app.dashboard.base import dashboard_bp
from app.extensions import db
from app.log import LOG


class FidoTokenForm(FlaskForm):
    sk_assertion = HiddenField("sk_assertion", validators=[validators.DataRequired()])


@dashboard_bp.route("/fido_setup", methods=["GET", "POST"])
@login_required
def fido_setup():
    if current_user.fido_enabled():
        flash("You have already registered your security key", "warning")
        return redirect(url_for("dashboard.index"))

    fido_token_form = FidoTokenForm()

    # Handling POST requests
    if fido_token_form.validate_on_submit():
        try:
            sk_assertion = json.loads(fido_token_form.sk_assertion.data)
        except Exception as e:
            flash("Key registration failed. Error: Invalid Payload", "warning")
            return redirect(url_for("dashboard.index"))

        fido_uuid = session["fido_uuid"]
        challenge = session["fido_challenge"]

        fido_reg_response = webauthn.WebAuthnRegistrationResponse(
            RP_ID,
            SITE_URL,
            sk_assertion,
            challenge,
            trusted_attestation_cert_required=False,
            none_attestation_permitted=True,
        )

        try:
            fido_credential = fido_reg_response.verify()
        except Exception as e:
            LOG.error(f"An error occurred in WebAuthn registration process: {e}")
            flash("Key registration failed.", "warning")
            return redirect(url_for("dashboard.index"))

        current_user.fido_pk = str(fido_credential.public_key, "utf-8")
        current_user.fido_uuid = fido_uuid
        current_user.fido_sign_count = fido_credential.sign_count
        current_user.fido_credential_id = str(fido_credential.credential_id, "utf-8")
        db.session.commit()

        flash("Security key has been activated", "success")

        return redirect(url_for("dashboard.index"))

    # Prepare information for key registration process
    fido_uuid = str(uuid.uuid4())
    challenge = secrets.token_urlsafe(32)

    credential_create_options = webauthn.WebAuthnMakeCredentialOptions(
        challenge,
        "SimpleLogin",
        RP_ID,
        fido_uuid,
        current_user.email,
        current_user.name,
        False,
        attestation="none",
    )

    # Don't think this one should be used, but it's not configurable by arguments
    # https://www.w3.org/TR/webauthn/#sctn-location-extension
    registration_dict = credential_create_options.registration_dict
    del registration_dict["extensions"]["webauthn.loc"]

    session["fido_uuid"] = fido_uuid
    session["fido_challenge"] = challenge.rstrip("=")

    return render_template(
        "dashboard/fido_setup.html",
        fido_token_form=fido_token_form,
        credential_create_options=registration_dict,
    )
Security key setup page (front-end) 2020-05-05 10:32:49 +02:00			`import uuid`
			`import json`
			`import secrets`
			`import webauthn`
Calculate RP_ID in config 2020-05-07 11:39:30 +02:00			`from app.config import RP_ID`
Security key setup page (front-end) 2020-05-05 10:32:49 +02:00			`from urllib.parse import urlparse`

			`from flask import render_template, flash, redirect, url_for, session`
			`from flask_login import login_required, current_user`
			`from flask_wtf import FlaskForm`
			`from wtforms import HiddenField, validators`

			`from app.dashboard.base import dashboard_bp`
			`from app.extensions import db`
			`from app.log import LOG`


			`class FidoTokenForm(FlaskForm):`
			`sk_assertion = HiddenField("sk_assertion", validators=[validators.DataRequired()])`


			`@dashboard_bp.route("/fido_setup", methods=["GET", "POST"])`
			`@login_required`
			`def fido_setup():`
model - fido_enabled 2020-05-07 14:32:52 +02:00			`if current_user.fido_enabled():`
Security key setup page (front-end) 2020-05-05 10:32:49 +02:00			`flash("You have already registered your security key", "warning")`
			`return redirect(url_for("dashboard.index"))`

			`fido_token_form = FidoTokenForm()`
Key registration (Backend) 2020-05-05 10:58:42 +02:00
			`# Handling POST requests`
			`if fido_token_form.validate_on_submit():`
			`try:`
			`sk_assertion = json.loads(fido_token_form.sk_assertion.data)`
			`except Exception as e:`
Black formatted 2020-05-07 11:53:28 +02:00			`flash("Key registration failed. Error: Invalid Payload", "warning")`
Key registration (Backend) 2020-05-05 10:58:42 +02:00			`return redirect(url_for("dashboard.index"))`
Black formatted 2020-05-07 11:53:28 +02:00
			`fido_uuid = session["fido_uuid"]`
			`challenge = session["fido_challenge"]`
Key registration (Backend) 2020-05-05 10:58:42 +02:00
			`fido_reg_response = webauthn.WebAuthnRegistrationResponse(`
Make RP_ID a constant 2020-05-07 11:33:24 +02:00			`RP_ID,`
Key registration (Backend) 2020-05-05 10:58:42 +02:00			`SITE_URL,`
			`sk_assertion,`
			`challenge,`
Black formatted 2020-05-07 11:53:28 +02:00			`trusted_attestation_cert_required=False,`
			`none_attestation_permitted=True,`
			`)`
Key registration (Backend) 2020-05-05 10:58:42 +02:00
			`try:`
			`fido_credential = fido_reg_response.verify()`
			`except Exception as e:`
Black formatted 2020-05-07 11:53:28 +02:00			`LOG.error(f"An error occurred in WebAuthn registration process: {e}")`
			`flash("Key registration failed.", "warning")`
Key registration (Backend) 2020-05-05 10:58:42 +02:00			`return redirect(url_for("dashboard.index"))`

FIDO login middleware 2020-05-05 14:03:29 +02:00			`current_user.fido_pk = str(fido_credential.public_key, "utf-8")`
			`current_user.fido_uuid = fido_uuid`
Store sign count 2020-05-05 12:16:52 +02:00			`current_user.fido_sign_count = fido_credential.sign_count`
Key registration (Backend) 2020-05-05 10:58:42 +02:00			`current_user.fido_credential_id = str(fido_credential.credential_id, "utf-8")`
			`db.session.commit()`

			`flash("Security key has been activated", "success")`

			`return redirect(url_for("dashboard.index"))`
Black formatted 2020-05-07 11:53:28 +02:00
typo 'infomation' 2020-05-07 11:31:42 +02:00			`# Prepare information for key registration process`
Security key setup page (front-end) 2020-05-05 10:32:49 +02:00			`fido_uuid = str(uuid.uuid4())`
			`challenge = secrets.token_urlsafe(32)`

			`credential_create_options = webauthn.WebAuthnMakeCredentialOptions(`
Black formatted 2020-05-07 11:53:28 +02:00			`challenge,`
			`"SimpleLogin",`
			`RP_ID,`
			`fido_uuid,`
			`current_user.email,`
			`current_user.name,`
			`False,`
			`attestation="none",`
			`)`
Security key setup page (front-end) 2020-05-05 10:32:49 +02:00
			`# Don't think this one should be used, but it's not configurable by arguments`
			`# https://www.w3.org/TR/webauthn/#sctn-location-extension`
			`registration_dict = credential_create_options.registration_dict`
Black formatted 2020-05-07 11:53:28 +02:00			`del registration_dict["extensions"]["webauthn.loc"]`
Security key setup page (front-end) 2020-05-05 10:32:49 +02:00
Black formatted 2020-05-07 11:53:28 +02:00			`session["fido_uuid"] = fido_uuid`
			`session["fido_challenge"] = challenge.rstrip("=")`
Security key setup page (front-end) 2020-05-05 10:32:49 +02:00
			`return render_template(`
Black formatted 2020-05-07 11:53:28 +02:00			`"dashboard/fido_setup.html",`
			`fido_token_form=fido_token_form,`
			`credential_create_options=registration_dict,`
Security key setup page (front-end) 2020-05-05 10:32:49 +02:00			`)`