darkhelm/notifications-admin
1
0
Fork 0
mirror of https://github.com/GSA/notifications-admin.git synced 2026-02-05 10:53:28 -05:00
Code Issues Packages Projects Releases Wiki Activity

Remove webauthn hooks

Browse Source 
This changeset removes webauthn from the Notify.gov admin app.  We are not using webauthn at all in our implementation and will be looking at an entirely different authentication system in the near future.

Signed-off-by: Carlo Costino <carlo.costino@gsa.gov>
This commit is contained in:
Carlo Costino
2023-08-14 16:59:38 -04:00
parent a85b98ecb5
commit 9e609efa1c
44 changed files with 102 additions and 2594 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
app/models/user.py
View File

@@ -11,7 +11,6 @@ from app.event_handlers import (
)
from app.models import JSONModel, ModelList
from app.models.organization import Organization, Organizations
from app.models.webauthn_credential import WebAuthnCredentials
from app.notify_client import InviteTokenError
from app.notify_client.invite_api_client import invite_api_client
from app.notify_client.org_invite_api_client import org_invite_api_client
@@ -37,7 +36,6 @@ class User(JSONModel, UserMixin):
MAX_FAILED_LOGIN_COUNT = 10
ALLOWED_PROPERTIES = {
'can_use_webauthn',
'id',
'name',
'email_address',
@@ -180,10 +178,6 @@ class User(JSONModel, UserMixin):
def email_auth(self):
return self.auth_type == 'email_auth'
@property
def webauthn_auth(self):
return self.auth_type == 'webauthn_auth'
def reset_failed_login_count(self):
user_api_client.reset_failed_login_count(self.id)
@@ -371,15 +365,6 @@ class User(JSONModel, UserMixin):
'@nhs.uk', '.nhs.uk', '@nhs.net', '.nhs.net',
))
@property
def webauthn_credentials(self):
return WebAuthnCredentials(self.id)
def create_webauthn_credential(self, credential):
user_api_client.create_webauthn_credential_for_user(
self.id, credential
)
def serialize(self):
dct = {
"id": self.id,
@@ -456,9 +441,6 @@ class User(JSONModel, UserMixin):
self.id,
)
def complete_webauthn_login_attempt(self, is_successful=True):
return user_api_client.complete_webauthn_login_attempt(self.id, is_successful)
def is_editable_by(self, other_user):
if other_user == self:
return False

76
app/models/webauthn_credential.py
View File

@@ -1,76 +0,0 @@
import base64
from fido2 import cbor
from fido2.client import ClientData
from fido2.cose import UnsupportedKey
from fido2.ctap2 import AttestationObject, AttestedCredentialData
from flask import current_app
from app.models import JSONModel, ModelList
from app.notify_client.user_api_client import user_api_client
class RegistrationError(Exception):
pass
class WebAuthnCredential(JSONModel):
ALLOWED_PROPERTIES = {
'id',
'name',
'credential_data', # contains public key and credential ID for auth
'registration_response', # sent to API for later auditing (not used)
'created_at',
'updated_at'
}
@classmethod
def from_registration(cls, state, response):
server = current_app.webauthn_server
try:
auth_data = server.register_complete(
state,
ClientData(response["clientDataJSON"]),
AttestationObject(response["attestationObject"]),
)
except ValueError as e:
raise RegistrationError(e)
if isinstance(auth_data.credential_data.public_key, UnsupportedKey):
raise RegistrationError("Encryption algorithm not supported")
return cls({
'name': 'Unnamed key',
'credential_data': base64.b64encode(
cbor.encode(auth_data.credential_data),
).decode('utf-8'),
'registration_response': base64.b64encode(
cbor.encode(response),
).decode('utf-8')
})
def to_credential_data(self):
return AttestedCredentialData(
cbor.decode(base64.b64decode(self.credential_data.encode()))
)
def serialize(self):
return {
'name': self.name,
'credential_data': self.credential_data,
'registration_response': self.registration_response,
}
class WebAuthnCredentials(ModelList):
model = WebAuthnCredential
client_method = user_api_client.get_webauthn_credentials_for_user
@property
def as_cbor(self):
return [credential.to_credential_data() for credential in self]
def by_id(self, key_id):
return next((key for key in self if key.id == key_id), None)