app/webauthn/rest.py

from flask import Blueprint, jsonify, request

from app.dao.users_dao import get_user_by_id
from app.dao.webauthn_credential_dao import (
    dao_create_webauthn_credential,
    dao_delete_webauthn_credential,
    dao_get_webauthn_credential_by_id,
    dao_update_webauthn_credential_name,
)
from app.errors import InvalidRequest, register_errors
from app.schema_validation import validate
from app.webauthn.webauthn_schema import (
    post_create_webauthn_credential_schema,
    post_update_webauthn_credential_schema,
)

webauthn_blueprint = Blueprint('webauthn', __name__, url_prefix='/user/<uuid:user_id>/webauthn')
register_errors(webauthn_blueprint)


@webauthn_blueprint.route('', methods=['GET'])
def get_webauthn_credentials(user_id):
    user = get_user_by_id(user_id)
    return jsonify(data=[cred.serialize() for cred in user.webauthn_credentials]), 200


@webauthn_blueprint.route('', methods=['POST'])
def create_webauthn_credential(user_id):
    data = request.get_json()
    validate(data, post_create_webauthn_credential_schema)
    webauthn_credential = dao_create_webauthn_credential(
        user_id=user_id,
        name=data['name'],
        credential_data=data['credential_data'],
        registration_response=data['registration_response']
    )

    return jsonify(data=webauthn_credential.serialize()), 201


@webauthn_blueprint.route('/<uuid:webauthn_credential_id>', methods=['POST'])
def update_webauthn_credential(user_id, webauthn_credential_id):
    data = request.get_json()
    validate(data, post_update_webauthn_credential_schema)

    webauthn_credential = dao_get_webauthn_credential_by_id(webauthn_credential_id)

    dao_update_webauthn_credential_name(webauthn_credential, data['name'])

    return jsonify(data=webauthn_credential.serialize()), 200


@webauthn_blueprint.route('/<uuid:webauthn_credential_id>', methods=['DELETE'])
def delete_webauthn_credential(user_id, webauthn_credential_id):
    webauthn_credential = dao_get_webauthn_credential_by_id(webauthn_credential_id)
    user = get_user_by_id(user_id)

    if webauthn_credential.user_id != user.id:
        raise InvalidRequest('Webauthn credential does not belong to this user', status_code=400)

    if len(user.webauthn_credentials) == 1:
        raise InvalidRequest('Cannot delete last remaining webauthn credential for user', status_code=400)

    dao_delete_webauthn_credential(webauthn_credential)

    return '', 204
add webauthn crud endpoints added some simple validation to the delete endpoint for sanity, but generally my assumption is that more validation will happen on the admin side. noteably im not checking whether the credentials are duplicated, nor is there a uniqueness constraint in the database - I'm not sure if the credential blob will always reliably be equivalent, and I believe the browser should hopefully take care of dupes. 2021-05-10 22:09:07 +01:00			`from flask import Blueprint, jsonify, request`

			`from app.dao.users_dao import get_user_by_id`
			`from app.dao.webauthn_credential_dao import (`
			`dao_create_webauthn_credential,`
			`dao_delete_webauthn_credential,`
			`dao_get_webauthn_credential_by_id,`
			`dao_update_webauthn_credential_name,`
			`)`
			`from app.errors import InvalidRequest, register_errors`
			`from app.schema_validation import validate`
			`from app.webauthn.webauthn_schema import (`
			`post_create_webauthn_credential_schema,`
			`post_update_webauthn_credential_schema,`
			`)`

			`webauthn_blueprint = Blueprint('webauthn', __name__, url_prefix='/user/<uuid:user_id>/webauthn')`
			`register_errors(webauthn_blueprint)`


			`@webauthn_blueprint.route('', methods=['GET'])`
			`def get_webauthn_credentials(user_id):`
			`user = get_user_by_id(user_id)`
			`return jsonify(data=[cred.serialize() for cred in user.webauthn_credentials]), 200`


			`@webauthn_blueprint.route('', methods=['POST'])`
			`def create_webauthn_credential(user_id):`
			`data = request.get_json()`
			`validate(data, post_create_webauthn_credential_schema)`
			`webauthn_credential = dao_create_webauthn_credential(`
			`user_id=user_id,`
			`name=data['name'],`
			`credential_data=data['credential_data'],`
			`registration_response=data['registration_response']`
			`)`

			`return jsonify(data=webauthn_credential.serialize()), 201`


			`@webauthn_blueprint.route('/<uuid:webauthn_credential_id>', methods=['POST'])`
			`def update_webauthn_credential(user_id, webauthn_credential_id):`
			`data = request.get_json()`
			`validate(data, post_update_webauthn_credential_schema)`

			`webauthn_credential = dao_get_webauthn_credential_by_id(webauthn_credential_id)`

			`dao_update_webauthn_credential_name(webauthn_credential, data['name'])`

			`return jsonify(data=webauthn_credential.serialize()), 200`


			`@webauthn_blueprint.route('/<uuid:webauthn_credential_id>', methods=['DELETE'])`
			`def delete_webauthn_credential(user_id, webauthn_credential_id):`
			`webauthn_credential = dao_get_webauthn_credential_by_id(webauthn_credential_id)`
			`user = get_user_by_id(user_id)`

			`if webauthn_credential.user_id != user.id:`
			`raise InvalidRequest('Webauthn credential does not belong to this user', status_code=400)`

			`if len(user.webauthn_credentials) == 1:`
			`raise InvalidRequest('Cannot delete last remaining webauthn credential for user', status_code=400)`

			`dao_delete_webauthn_credential(webauthn_credential)`

			`return '', 204`