From 29a60b3fa41f1302a61156b7396d83cc563046e4 Mon Sep 17 00:00:00 2001
From: Julian Rother <julianr@fsmpi.rwth-aachen.de>
Date: Mon, 5 Oct 2020 11:25:05 +0200
Subject: [PATCH] cleaned up webauthn model

---
 uffd/mfa/models.py | 14 +++++++-------
 uffd/mfa/views.py  |  8 ++++----
 2 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/uffd/mfa/models.py b/uffd/mfa/models.py
index d48c8d3b..176c96f1 100644
--- a/uffd/mfa/models.py
+++ b/uffd/mfa/models.py
@@ -6,7 +6,7 @@ import crypt
 from flask import request, current_app
 from sqlalchemy import Column, Integer, Enum, Boolean, String, DateTime, Text
 
-from fido2.ctap2 import AuthenticatorData
+from fido2.ctap2 import AttestedCredentialData
 
 from uffd.database import db
 from uffd.user.models import User
@@ -131,15 +131,15 @@ class WebauthnMethod(MFAMethod):
 		'polymorphic_identity': MFAType.WEBAUTHN
 	}
 
-	def __init__(self, user, cred_data, name=None):
+	def __init__(self, user, cred, name=None):
 		super().__init__(user, name)
-		self.cred_data = cred_data
+		self.cred = cred
 
 	@property
-	def cred_data(self):
-		return AuthenticatorData(base64.b64decode(self._cred))
+	def cred(self):
+		return AttestedCredentialData(base64.b64decode(self._cred))
 
-	@cred_data.setter
-	def cred_data(self, d):
+	@cred.setter
+	def cred(self, d):
 		self._cred = base64.b64encode(bytes(d))
 
diff --git a/uffd/mfa/views.py b/uffd/mfa/views.py
index a0259797..35a3a905 100644
--- a/uffd/mfa/views.py
+++ b/uffd/mfa/views.py
@@ -113,7 +113,7 @@ def setup_webauthn_begin():
 	if not RecoveryCodeMethod.query.filter_by(dn=user.dn).all():
 		abort(403)
 	methods = WebauthnMethod.query.filter_by(dn=user.dn).all()
-	creds = [method.cred_data.credential_data for method in methods]
+	creds = [method.cred for method in methods]
 	server = get_webauthn_server()
 	registration_data, state = server.register_begin(
 		{
@@ -137,7 +137,7 @@ def setup_webauthn_complete():
 	client_data = ClientData(data["clientDataJSON"])
 	att_obj = AttestationObject(data["attestationObject"])
 	auth_data = server.register_complete(session["webauthn-state"], client_data, att_obj)
-	method = WebauthnMethod(user, auth_data, name=data['name'])
+	method = WebauthnMethod(user, auth_data.credential_data, name=data['name'])
 	db.session.add(method)
 	db.session.commit()
 	return cbor.dumps({"status": "OK"})
@@ -157,7 +157,7 @@ def auth_webauthn_begin():
 	user = get_current_user()
 	server = get_webauthn_server()
 	methods = WebauthnMethod.query.filter_by(dn=user.dn).all()
-	creds = [method.cred_data.credential_data for method in methods]
+	creds = [method.cred for method in methods]
 	if not creds:
 		abort(404)
 	auth_data, state = server.authenticate_begin(creds, user_verification='discouraged')
@@ -169,7 +169,7 @@ def auth_webauthn_complete():
 	user = get_current_user()
 	server = get_webauthn_server()
 	methods = WebauthnMethod.query.filter_by(dn=user.dn).all()
-	creds = [method.cred_data.credential_data for method in methods]
+	creds = [method.cred for method in methods]
 	if not creds:
 		abort(404)
 	data = cbor.loads(request.get_data())[0]
-- 
GitLab