How to use the webauthn.webauthn.WebAuthnUserDataMissing function in webauthn

To help you get started, we’ve selected a few webauthn examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github duo-labs / py_webauthn / webauthn / webauthn.py View on Github external
def __init__(self, user_id, username, display_name, icon_url,
                 credential_id, public_key, sign_count, rp_id):

        if not credential_id:
            raise WebAuthnUserDataMissing("credential_id missing")

        if not rp_id:
            raise WebAuthnUserDataMissing("rp_id missing")

        self.user_id = user_id
        self.username = username
        self.display_name = display_name
        self.icon_url = icon_url
        self.credential_id = credential_id
        self.public_key = public_key
        self.sign_count = sign_count
        self.rp_id = rp_id
github duo-labs / py_webauthn / webauthn / webauthn.py View on Github external
#             private key may exist and are being used in parallel.
            #             Relying Parties should incorporate this information
            #             into their risk scoring. Whether the Relying Party
            #             updates the stored signature counter value in this
            #             case, or not, or fails the authentication ceremony
            #             or not, is Relying Party-specific.
            sc = decoded_a_data[33:37]
            sign_count = struct.unpack('!I', sc)[0]

            if not sign_count:
                raise AuthenticationRejectedException('Unable to parse sign_count.')

            if (isinstance(self.webauthn_user.sign_count, int) and
                    self.webauthn_user.sign_count < 0) or not isinstance(
                        self.webauthn_user.sign_count, int):
                raise WebAuthnUserDataMissing('sign_count missing from WebAuthnUser.')

            if sign_count <= self.webauthn_user.sign_count:
                raise AuthenticationRejectedException(
                    'Duplicate authentication detected.')

            # Step 18.
            #
            # If all the above steps are successful, continue with the
            # authentication ceremony as appropriate. Otherwise, fail the
            # authentication ceremony.
            return sign_count

        except Exception as e:
            raise AuthenticationRejectedException(
                'Authentication rejected. Error: {}.'.format(e))
github duo-labs / py_webauthn / webauthn / webauthn.py View on Github external
raise AuthenticationRejectedException(
                        'Invalid credential.')

            # Step 3.
            #
            # Using credential's id attribute (or the corresponding rawId, if
            # base64url encoding is inappropriate for your use case), look up
            # the corresponding credential public key.
            if not _validate_credential_id(self.webauthn_user.credential_id):
                raise AuthenticationRejectedException('Invalid credential ID.')

            if not isinstance(self.webauthn_user, WebAuthnUser):
                raise AuthenticationRejectedException('Invalid user type.')

            if not self.webauthn_user.public_key:
                raise WebAuthnUserDataMissing("public_key missing")

            credential_public_key = self.webauthn_user.public_key
            public_key_alg, user_pubkey = _load_cose_public_key(
                _webauthn_b64_decode(credential_public_key))

            # Step 4.
            #
            # Let cData, aData and sig denote the value of credential's
            # response's clientDataJSON, authenticatorData, and signature
            # respectively.
            c_data = self.assertion_response.get('clientData')
            a_data = self.assertion_response.get('authData')
            decoded_a_data = _webauthn_b64_decode(a_data)
            sig = binascii.unhexlify(self.assertion_response.get('signature'))

            # Step 5.
github duo-labs / py_webauthn / webauthn / webauthn.py View on Github external
# If the allowCredentials option was given when this authentication
            # ceremony was initiated, verify that credential.id identifies one
            # of the public key credentials that were listed in allowCredentials.
            cid = self.assertion_response.get('id')
            if self.allow_credentials:
                if cid not in self.allow_credentials:
                    raise AuthenticationRejectedException(
                        'Invalid credential.')

            # Step 2.
            #
            # If credential.response.userHandle is present, verify that the user
            # identified by this value is the owner of the public key credential
            # identified by credential.id.
            if not self.webauthn_user.username:
                raise WebAuthnUserDataMissing("username missing")

            user_handle = self.assertion_response.get('userHandle')
            if user_handle:
                if not user_handle == self.webauthn_user.username:
                    raise AuthenticationRejectedException(
                        'Invalid credential.')

            # Step 3.
            #
            # Using credential's id attribute (or the corresponding rawId, if
            # base64url encoding is inappropriate for your use case), look up
            # the corresponding credential public key.
            if not _validate_credential_id(self.webauthn_user.credential_id):
                raise AuthenticationRejectedException('Invalid credential ID.')

            if not isinstance(self.webauthn_user, WebAuthnUser):
github duo-labs / py_webauthn / webauthn / webauthn.py View on Github external
def __init__(self, user_id, username, display_name, icon_url,
                 credential_id, public_key, sign_count, rp_id):

        if not credential_id:
            raise WebAuthnUserDataMissing("credential_id missing")

        if not rp_id:
            raise WebAuthnUserDataMissing("rp_id missing")

        self.user_id = user_id
        self.username = username
        self.display_name = display_name
        self.icon_url = icon_url
        self.credential_id = credential_id
        self.public_key = public_key
        self.sign_count = sign_count
        self.rp_id = rp_id