Key registration (Backend)

2020-05-05 01:58:42 -07:00 · 2020-05-05 01:58:42 -07:00 · a32b69078f
parent 3ce4dfb371
commit a32b69078f
2 changed files with 38 additions and 13 deletions
--- a/app/dashboard/views/fido_setup.py
+++ b/app/dashboard/views/fido_setup.py
@ -27,9 +27,44 @@ def fido_setup():
        return redirect(url_for("dashboard.index"))

    fido_token_form = FidoTokenForm()
+
+    rp_id = urlparse(SITE_URL).hostname
+
+    # Handling POST requests
+    if fido_token_form.validate_on_submit():
+        try:
+            sk_assertion = json.loads(fido_token_form.sk_assertion.data)
+        except Exception as e:
+            flash('Key registration failed. Error: Invalid Payload', "warning")
+            return redirect(url_for("dashboard.index"))
+                    
+        fido_uuid = session['fido_uuid']
+        challenge = session['fido_challenge']
+
+        fido_reg_response = webauthn.WebAuthnRegistrationResponse(
+            rp_id,
+            SITE_URL,
+            sk_assertion,
+            challenge,
+            trusted_attestation_cert_required = False,
+            none_attestation_permitted = True)
+
+        try:
+            fido_credential = fido_reg_response.verify()
+        except Exception as e:
+            flash('Key registration failed. Error: {}'.format(e), "warning")
+            return redirect(url_for("dashboard.index"))
+
+        current_user.fido_pk = fido_uuid
+        current_user.fido_uuid = str(fido_credential.public_key, "utf-8")
+        current_user.fido_credential_id = str(fido_credential.credential_id, "utf-8")
+        db.session.commit()
+
+        flash("Security key has been activated", "success")
+
+        return redirect(url_for("dashboard.index"))
    
    # Prepare infomation for key registration process
-    rp_id = urlparse(SITE_URL).hostname
    fido_uuid = str(uuid.uuid4())
    challenge = secrets.token_urlsafe(32)

@ -45,17 +80,6 @@ def fido_setup():
    session['fido_uuid'] = fido_uuid
    session['fido_challenge'] = challenge.rstrip('=')

-    if fido_token_form.validate_on_submit():
-        sk_assertion = fido_token_form.sk_assertion.data
-        LOG.d(sk_assertion)
-        # if totp.verify(token):
-        #     current_user.enable_otp = True
-        #     db.session.commit()
-        #     flash("Security key has been activated", "success")
-        #     return redirect(url_for("dashboard.index"))
-        # else:
-        #     flash("Incorrect challenge", "warning")
-
    return render_template(
        "dashboard/fido_setup.html", fido_token_form=fido_token_form, 
        credential_create_options=registration_dict
--- a/app/models.py
+++ b/app/models.py
@ -136,7 +136,8 @@ class User(db.Model, ModelMixin, UserMixin):

    # Fields for WebAuthn
    fido_uuid = db.Column(db.String(), nullable=True, unique=True)
-    fido_pk = db.Column(db.String(), nullable=True)
+    fido_credential_id = db.Column(db.String(), nullable=True, unique=True)
+    fido_pk = db.Column(db.String(), nullable=True, unique=True)

    # some users could have lifetime premium
    lifetime = db.Column(db.Boolean, default=False, nullable=False, server_default="0")