From 419aa95f1f64906abbf8620dd8519e6c808ff4a3 Mon Sep 17 00:00:00 2001
From: devStorm <59678453+developStorm@users.noreply.github.com>
Date: Mon, 18 May 2020 01:02:58 -0700
Subject: [PATCH] more verify

---
 app/auth/views/fido.py | 51 ++++++++++++++++++++++++++----------------
 server.py              |  4 ++--
 2 files changed, 34 insertions(+), 21 deletions(-)

diff --git a/app/auth/views/fido.py b/app/auth/views/fido.py
index 0b1395ef..a752e962 100644
--- a/app/auth/views/fido.py
+++ b/app/auth/views/fido.py
@@ -40,21 +40,6 @@ def fido():
 
     next_url = request.args.get("next")
 
-    fido_model = FIDO.filter_by(uuid=user.fido_uuid).all()
-    webauthn_users = []
-    for record in fido_model:
-        webauthn_users.append(
-            webauthn.WebAuthnUser(
-                user.fido_uuid,
-                user.email,
-                user.name if user.name else user.email,
-                False,
-                record.credential_id,
-                record.public_key,
-                record.sign_count,
-                RP_ID,
-            )
-        )
 
     # Handling POST requests
     if fido_token_form.validate_on_submit():
@@ -66,11 +51,23 @@ def fido():
 
         challenge = session["fido_challenge"]
 
-        webauthn_assertion_response = webauthn.WebAuthnAssertionResponse(
-            webauthn_users, sk_assertion, challenge, URL, uv_required=False
-        )
-
         try:
+            fido_key = FIDO.get_by(
+                uuid=user.fido_uuid, credential_id=sk_assertion["id"]
+            )
+            webauthn_user = webauthn.WebAuthnUser(
+                user.fido_uuid,
+                user.email,
+                user.name if user.name else user.email,
+                False,
+                fido_key.credential_id,
+                fido_key.public_key,
+                fido_key.sign_count,
+                RP_ID,
+            )
+            webauthn_assertion_response = webauthn.WebAuthnAssertionResponse(
+                webauthn_user, sk_assertion, challenge, URL, uv_required=False
+            )
             new_sign_count = webauthn_assertion_response.verify()
         except Exception as e:
             LOG.error(f"An error occurred in WebAuthn verification process: {e}")
@@ -98,6 +95,22 @@ def fido():
 
     session["fido_challenge"] = challenge.rstrip("=")
 
+    fido_model = FIDO.filter_by(uuid=user.fido_uuid).all()
+    webauthn_users = []
+    for record in fido_model:
+        webauthn_users.append(
+            webauthn.WebAuthnUser(
+                user.fido_uuid,
+                user.email,
+                user.name if user.name else user.email,
+                False,
+                record.credential_id,
+                record.public_key,
+                record.sign_count,
+                RP_ID,
+            )
+        )
+    
     webauthn_assertion_options = webauthn.WebAuthnAssertionOptions(
         webauthn_users, challenge
     )
diff --git a/server.py b/server.py
index 3e20335e..a219b23d 100644
--- a/server.py
+++ b/server.py
@@ -154,9 +154,9 @@ def fake_data():
         sign_count=1,
     )
     FIDO.create(
-        credential_id="1mR9q5vX61XG7vh7gi8wT0gJ9LkYwHKSzDL5vhtZs3o",
+        credential_id="4SaUPugJ2sAErSnZil6_5_wXIL-Sk6QdFmNm94IL-_g",
         uuid="59576167-6c37-4d67-943b-4683b24ff821",
-        public_key="1QECAyYgASFYIEjQg3TOuUZJxylLE6gJDNHcNyYVW5hOAZ-vGOY9I_TDIlggfJqIh07bj3n6RVmrEsuozsYPYM6VeJKCeduz0DFp8AY",
+        public_key="pQECAyYgASFYILfse0JIp0a7Gz7n1K8b75_OgV-iliKr52FB-BGzv2R2IlggsPcViY5Dma8XooLWUHtx7X2_px0MsFR_7VRMwT2OHKg",
         sign_count=1,
     )
     db.session.commit()