1. Advisor
  2. webauthn
  3. functions
  4. webauthn.WebAuthnAssertionResponse
View all webauthn analysis

How to use the webauthn.WebAuthnAssertionResponse function in webauthn

To help you get started, we’ve selected a few webauthn examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github mimming / snippets / add-a-cat-to-that / app.py View on Github external
# Will raise an error if something isn't correct
    webauthn_user = webauthn.WebAuthnUser(
        user['id'],
        user['email'], # username
        user['email'], # display name
        '', # icon url
        this_key['credential_id'], # maybe issue here because of encoding string vs bytes?
        this_key['public_key'], # maybe issue here because of encoding string vs bytes?
        this_key['sign_count'],
        this_key['rp_id']
    )

    # Will raise an error if something isn't correct
    webauthn_assertion_response = webauthn.WebAuthnAssertionResponse(
        webauthn_user,
        assertion_response,
        challenge,
        ORIGIN,
        False)  # User Verification


    sign_count = webauthn_assertion_response.verify()

    # Update counter.
    this_key['sign_count'] = sign_count

    return redirect(url_for('admin_settings'))
github pretix / pretix / src / pretix / control / views / auth.py View on Github external
try:
                devices = [WebAuthnDevice.objects.get(user=self.user, credential_id=resp.get("id"))]
            except WebAuthnDevice.DoesNotExist:
                devices = U2FDevice.objects.filter(user=self.user)

            for d in devices:
                try:
                    wu = d.webauthnuser

                    if isinstance(d, U2FDevice):
                        # RP_ID needs to be appId for U2F devices, but we can't
                        # set it that way in U2FDevice.webauthnuser, since that
                        # breaks the frontend part.
                        wu.rp_id = settings.SITE_URL

                    webauthn_assertion_response = webauthn.WebAuthnAssertionResponse(
                        wu,
                        resp,
                        challenge,
                        settings.SITE_URL,
                        uv_required=False  # User Verification
                    )
                    sign_count = webauthn_assertion_response.verify()
                except Exception:
                    logger.exception('U2F login failed')
                else:
                    if isinstance(d, WebAuthnDevice):
                        d.sign_count = sign_count
                        d.save()
                    valid = True
                    break
        else:
github pretix / pretix / src / pretix / control / views / user.py View on Github external
try:
                devices = [WebAuthnDevice.objects.get(user=self.request.user, credential_id=resp.get("id"))]
            except WebAuthnDevice.DoesNotExist:
                devices = U2FDevice.objects.filter(user=self.request.user)

            for d in devices:
                try:
                    wu = d.webauthnuser

                    if isinstance(d, U2FDevice):
                        # RP_ID needs to be appId for U2F devices, but we can't
                        # set it that way in U2FDevice.webauthnuser, since that
                        # breaks the frontend part.
                        wu.rp_id = settings.SITE_URL

                    webauthn_assertion_response = webauthn.WebAuthnAssertionResponse(
                        wu,
                        resp,
                        challenge,
                        settings.SITE_URL,
                        uv_required=False  # User Verification
                    )
                    sign_count = webauthn_assertion_response.verify()
                except Exception:
                    logger.exception('U2F login failed')
                else:
                    if isinstance(d, WebAuthnDevice):
                        d.sign_count = sign_count
                        d.save()
                    valid = True
                    break
github Integreat / cms-django / src / cms / views / authentication / authentication_actions.py View on Github external
if 'mfa_user_id' not in request.session:
        return JsonResponse({'success': False, 'error': _('You need to log in first')})

    user = get_user_model().objects.get(id=request.session['mfa_user_id'])

    challenge = request.session['challenge']
    assertion_response = json.loads(request.body)
    credential_id = assertion_response['id']
    key = user.mfa_keys.get(key_id=credential_id.encode('ascii'))


    webauthn_user = webauthn.WebAuthnUser(
        user.id, user.username, '%s %s' % (user.first_name, user.last_name), '',
        str(key.key_id, "utf-8"), str(key.public_key, "utf-8"), key.sign_count, settings.HOSTNAME)

    webauthn_assertion_response = webauthn.WebAuthnAssertionResponse(
        webauthn_user,
        assertion_response,
        challenge,
        settings.BASE_URL)

    try:
        sign_count = webauthn_assertion_response.verify()
    # webauthn does not export AuthenticationRejectedException which directly extends Exception
    # as AuthenticationRejectedException is the only exception that can be raused by verify()
    # it should be okay to just except Exception
    # pylint: disable=broad-except
    except Exception as exception:
        return JsonResponse({'success': False, 'error': str(exception)})

    # Update counter.
    key.sign_count = sign_count

webauthn

Pythonic WebAuthn

GitHub
BSD-3-Clause
Latest version published 1 month ago

Package Health Score

76 / 100
Full package analysis

Popular webauthn functions

Similar packages