1. Advisor
  2. webauthn
  3. functions
  4. webauthn.const
View all webauthn analysis

How to use the webauthn.const function in webauthn

To help you get started, we’ve selected a few webauthn examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github duo-labs / py_webauthn / webauthn / webauthn.py View on Github external
# Verify that the User Present bit of the flags in authData
            # is set.

            # Authenticator data flags.
            # https://www.w3.org/TR/webauthn/#authenticator-data
            flags = struct.unpack('!B', auth_data[32:33])[0]

            if (flags & const.USER_PRESENT) != 0x01:
                raise RegistrationRejectedException(
                    'Malformed request received.')

            # Step 11.
            #
            # If user verification is required for this registration, verify
            # that the User Verified bit of the flags in authData is set.
            if (self.uv_required and (flags & const.USER_VERIFIED) != 0x04):
                raise RegistrationRejectedException(
                    'Malformed request received.')

            # Step 12.
            #
            # Verify that the values of the client extension outputs in
            # clientExtensionResults and the authenticator extension outputs
            # in the extensions in authData are as expected, considering the
            # client extension input values that were given as the extensions
            # option in the create() call. In particular, any extension
            # identifier values in the clientExtensionResults and the extensions
            # in authData MUST be also be present as extension identifier values
            # in the extensions member of options, i.e., no extensions are
            # present that were not requested. In the general case, the meaning
            # of "are as expected" is specific to the Relying Party and which
            # extensions are in use.
github duo-labs / py_webauthn / webauthn / webauthn.py View on Github external
auth_data_rp_id_hash = _get_auth_data_rp_id_hash(decoded_a_data)
            if not _verify_rp_id_hash(auth_data_rp_id_hash,
                                      self.webauthn_user.rp_id):
                raise AuthenticationRejectedException(
                    'Unable to verify RP ID hash.')

            # Step 12.
            #
            # Verify that the User Present bit of the flags in authData
            # is set.

            # Authenticator data flags.
            # https://www.w3.org/TR/webauthn/#authenticator-data
            flags = struct.unpack('!B', decoded_a_data[32:33])[0]

            if (flags & const.USER_PRESENT) != 0x01:
                raise AuthenticationRejectedException(
                    'Malformed request received.')

            # Step 13.
            #
            # If user verification is required for this assertion, verify that
            # the User Verified bit of the flags in authData is set.
            if (self.uv_required and (flags & const.USER_VERIFIED) != 0x04):
                raise RegistrationRejectedException(
                    'Malformed request received.')

            # Step 14.
            #
            # Verify that the values of the client extension outputs in
            # clientExtensionResults and the authenticator extension outputs
            # in the extensions in authData are as expected, considering the

webauthn

Pythonic WebAuthn

GitHub
BSD-3-Clause
Latest version published 4 months ago

Package Health Score

74 / 100
Full package analysis

Popular webauthn functions

Similar packages