DB & Setup ready for multi-keys
This commit is contained in:
devStorm
parent
6300c0eaa1
commit
f2f6e13af7
|
|
@ -33,6 +33,8 @@
|
|||
JSON.parse('{{credential_create_options|tojson|safe}}')
|
||||
)
|
||||
|
||||
console.log(pkCredentialCreateOptions)
|
||||
|
||||
let credential
|
||||
try {
|
||||
credential = await navigator.credentials.create({
|
||||
|
|
|
|||
|
|
@ -12,6 +12,7 @@ from app.config import RP_ID, URL
|
|||
from app.dashboard.base import dashboard_bp
|
||||
from app.extensions import db
|
||||
from app.log import LOG
|
||||
from app.models import FIDO
|
||||
|
||||
|
||||
class FidoTokenForm(FlaskForm):
|
||||
|
|
@ -21,10 +22,6 @@ class FidoTokenForm(FlaskForm):
|
|||
@dashboard_bp.route("/fido_setup", methods=["GET", "POST"])
|
||||
@login_required
|
||||
def fido_setup():
|
||||
if current_user.fido_enabled():
|
||||
flash("You have already registered your security key", "warning")
|
||||
return redirect(url_for("dashboard.index"))
|
||||
|
||||
if not current_user.can_use_fido:
|
||||
flash(
|
||||
"This feature is currently in invitation-only beta. Please send us an email if you want to try",
|
||||
|
|
@ -32,6 +29,8 @@ def fido_setup():
|
|||
)
|
||||
return redirect(url_for("dashboard.index"))
|
||||
|
||||
fido_model = FIDO.filter_by(uuid=current_user.fido_uuid).all()
|
||||
|
||||
fido_token_form = FidoTokenForm()
|
||||
|
||||
# Handling POST requests
|
||||
|
|
@ -91,6 +90,13 @@ def fido_setup():
|
|||
registration_dict = credential_create_options.registration_dict
|
||||
del registration_dict["extensions"]["webauthn.loc"]
|
||||
|
||||
for record in fido_model:
|
||||
registration_dict["excludeCredentials"].append({
|
||||
'type': 'public-key',
|
||||
'id': record.credential_id,
|
||||
'transports': ['usb', 'nfc', 'ble', 'internal'],
|
||||
})
|
||||
|
||||
session["fido_uuid"] = fido_uuid
|
||||
session["fido_challenge"] = challenge.rstrip("=")
|
||||
|
||||
|
|
|
|||
|
|
@ -119,6 +119,12 @@ class AliasGeneratorEnum(EnumE):
|
|||
word = 1 # aliases are generated based on random words
|
||||
uuid = 2 # aliases are generated based on uuid
|
||||
|
||||
class FIDO(db.Model, ModelMixin):
|
||||
__tablename__ = "fido"
|
||||
credential_id = db.Column(db.String(), nullable=False, unique=True, index=True)
|
||||
uuid = db.Column(db.ForeignKey("users.fido_uuid", ondelete="cascade"), unique=False, nullable=False)
|
||||
public_key = db.Column(db.String(), nullable=False, unique=True)
|
||||
sign_count = db.Column(db.Integer(), nullable=False)
|
||||
|
||||
class User(db.Model, ModelMixin, UserMixin):
|
||||
__tablename__ = "users"
|
||||
|
|
@ -150,9 +156,6 @@ class User(db.Model, ModelMixin, UserMixin):
|
|||
|
||||
# Fields for WebAuthn
|
||||
fido_uuid = db.Column(db.String(), nullable=True, unique=True)
|
||||
fido_credential_id = db.Column(db.String(), nullable=True, unique=True)
|
||||
fido_pk = db.Column(db.String(), nullable=True, unique=True)
|
||||
fido_sign_count = db.Column(db.Integer(), nullable=True)
|
||||
|
||||
# whether user can use Fido
|
||||
can_use_fido = db.Column(
|
||||
|
|
|
|||
17
server.py
17
server.py
|
|
@ -38,6 +38,7 @@ from app.log import LOG
|
|||
from app.models import (
|
||||
Client,
|
||||
User,
|
||||
FIDO,
|
||||
ClientUser,
|
||||
Alias,
|
||||
RedirectUri,
|
||||
|
|
@ -142,8 +143,24 @@ def fake_data():
|
|||
otp_secret="base32secret3232",
|
||||
can_use_fido=True,
|
||||
intro_shown=True,
|
||||
fido_uuid="59576167-6c37-4d67-943b-4683b24ff821",
|
||||
)
|
||||
db.session.commit()
|
||||
|
||||
fido = FIDO.create(
|
||||
credential_id = "umR9q5vX61XG7vh7gi8wT0gJ9LkYwHKSzDL5vhtZs3o",
|
||||
uuid = "59576167-6c37-4d67-943b-4683b24ff821",
|
||||
public_key = "pQECAyYgASFYIEjQg3TOuUZJxylLE6gJDNHcNyYVW5hOAZ-vGOY9I_TDIlggfJqIh07bj3n6RVmrEsuozsYPYM6VeJKCeduz0DFp8AY",
|
||||
sign_count = 1,
|
||||
)
|
||||
fido = FIDO.create(
|
||||
credential_id = "1mR9q5vX61XG7vh7gi8wT0gJ9LkYwHKSzDL5vhtZs3o",
|
||||
uuid = "59576167-6c37-4d67-943b-4683b24ff821",
|
||||
public_key = "1QECAyYgASFYIEjQg3TOuUZJxylLE6gJDNHcNyYVW5hOAZ-vGOY9I_TDIlggfJqIh07bj3n6RVmrEsuozsYPYM6VeJKCeduz0DFp8AY",
|
||||
sign_count = 1,
|
||||
)
|
||||
db.session.commit()
|
||||
|
||||
user.trial_end = None
|
||||
|
||||
LifetimeCoupon.create(code="coupon", nb_used=10)
|
||||
|
|
|
|||
|
|
@ -56,7 +56,7 @@ const transformCredentialRequestOptions = (
|
|||
const transformCredentialCreateOptions = (
|
||||
credentialCreateOptionsFromServer
|
||||
) => {
|
||||
let { challenge, user } = credentialCreateOptionsFromServer;
|
||||
let { challenge, user, excludeCredentials } = credentialCreateOptionsFromServer;
|
||||
user.id = Uint8Array.from(
|
||||
atob(
|
||||
credentialCreateOptionsFromServer.user.id
|
||||
|
|
@ -75,10 +75,17 @@ const transformCredentialCreateOptions = (
|
|||
(c) => c.charCodeAt(0)
|
||||
);
|
||||
|
||||
excludeCredentials = excludeCredentials.map((credentialDescriptor) => {
|
||||
let { id } = credentialDescriptor;
|
||||
id = id.replace(/\_/g, "/").replace(/\-/g, "+");
|
||||
id = Uint8Array.from(atob(id), (c) => c.charCodeAt(0));
|
||||
return Object.assign({}, credentialDescriptor, { id });
|
||||
});
|
||||
|
||||
const transformedCredentialCreateOptions = Object.assign(
|
||||
{},
|
||||
credentialCreateOptionsFromServer,
|
||||
{ challenge, user }
|
||||
{ challenge, user, excludeCredentials }
|
||||
);
|
||||
|
||||
return transformedCredentialCreateOptions;
|
||||
|
|
|
|||
Loading…
Reference in New Issue