cleaned up webauthn model

29a60b3f · Julian · 4b1539b3 · 29a60b3f · 29a60b3f
Commit 29a60b3f authored Oct 5, 2020 by Julian
--- a/uffd/mfa/models.py
+++ b/uffd/mfa/models.py
@@ -6,7 +6,7 @@ import crypt
 from flask import request, current_app
 from sqlalchemy import Column, Integer, Enum, Boolean, String, DateTime, Text

-from fido2.ctap2 import AuthenticatorData
+from fido2.ctap2 import AttestedCredentialData

 from uffd.database import db
 from uffd.user.models import User
@@ -131,15 +131,15 @@ class WebauthnMethod(MFAMethod):
 		'polymorphic_identity': MFAType.WEBAUTHN
 	}

-	def __init__(self, user, cred_data, name=None):
+	def __init__(self, user, cred, name=None):
 		super().__init__(user, name)
-		self.cred_data = cred_data
+		self.cred = cred

 	@property
-	def cred_data(self):
-		return AuthenticatorData(base64.b64decode(self._cred))
+	def cred(self):
+		return AttestedCredentialData(base64.b64decode(self._cred))

-	@cred_data.setter
-	def cred_data(self, d):
+	@cred.setter
+	def cred(self, d):
 		self._cred = base64.b64encode(bytes(d))

--- a/uffd/mfa/views.py
+++ b/uffd/mfa/views.py
@@ -113,7 +113,7 @@ def setup_webauthn_begin():
 	if not RecoveryCodeMethod.query.filter_by(dn=user.dn).all():
 		abort(403)
 	methods = WebauthnMethod.query.filter_by(dn=user.dn).all()
-	creds = [method.cred_data.credential_data for method in methods]
+	creds = [method.cred for method in methods]
 	server = get_webauthn_server()
 	registration_data, state = server.register_begin(
 		{
@@ -137,7 +137,7 @@ def setup_webauthn_complete():
 	client_data = ClientData(data["clientDataJSON"])
 	att_obj = AttestationObject(data["attestationObject"])
 	auth_data = server.register_complete(session["webauthn-state"], client_data, att_obj)
-	method = WebauthnMethod(user, auth_data, name=data['name'])
+	method = WebauthnMethod(user, auth_data.credential_data, name=data['name'])
 	db.session.add(method)
 	db.session.commit()
 	return cbor.dumps({"status": "OK"})
@@ -157,7 +157,7 @@ def auth_webauthn_begin():
 	user = get_current_user()
 	server = get_webauthn_server()
 	methods = WebauthnMethod.query.filter_by(dn=user.dn).all()
-	creds = [method.cred_data.credential_data for method in methods]
+	creds = [method.cred for method in methods]
 	if not creds:
 		abort(404)
 	auth_data, state = server.authenticate_begin(creds, user_verification='discouraged')
@@ -169,7 +169,7 @@ def auth_webauthn_complete():
 	user = get_current_user()
 	server = get_webauthn_server()
 	methods = WebauthnMethod.query.filter_by(dn=user.dn).all()
-	creds = [method.cred_data.credential_data for method in methods]
+	creds = [method.cred for method in methods]
 	if not creds:
 		abort(404)
 	data = cbor.loads(request.get_data())[0]