From 7072a85d794813e8fc6086f05179d1962eab2e84 Mon Sep 17 00:00:00 2001 From: Jarrod Johnson Date: Thu, 26 May 2022 16:34:18 -0400 Subject: [PATCH] Transition to multi-authenticator support Provide a way to store a plurality of keys for a user. This enables use of 'backup' authenticators. --- confluent_server/confluent/webauthn.py | 21 +++++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) diff --git a/confluent_server/confluent/webauthn.py b/confluent_server/confluent/webauthn.py index a11984c7..17d63579 100644 --- a/confluent_server/confluent/webauthn.py +++ b/confluent_server/confluent/webauthn.py @@ -18,6 +18,20 @@ class TestBackend(pywarp.backends.CredentialStorageBackend): except Exception: pass + def get_credential_ids_by_email(self, email): + if not isinstance(email, str): + email = email.decode('utf8') + for cid in creds[email]: + yield base64.b64decode(cid) + + def get_credential_by_email_id(self, email, id): + if not isinstance(email, str): + email = email.decode('utf8') + cid = base64.b64encode(id).decode('utf8') + pk = creds[email][cid]['cpk'] + pk = base64.b64decode(pk) + return pywarp.credentials.Credential(credential_id=id, credential_public_key=pk) + def get_credential_by_email(self, email): if not isinstance(email, str): email = email.decode('utf8') @@ -29,8 +43,11 @@ class TestBackend(pywarp.backends.CredentialStorageBackend): def save_credential_for_user(self, email, credential): if not isinstance(email, str): email = email.decode('utf8') - credential = {'cid': base64.b64encode(credential.id).decode('utf8'), 'cpk': base64.b64encode(bytes(credential.public_key)).decode('utf8')} - creds[email] = credential + cid = base64.b64encode(credential.id).decode('utf8') + credential = {'cid': cid, 'cpk': base64.b64encode(bytes(credential.public_key)).decode('utf8')} + if email not in creds: + creds[email] = {} + creds[email][cid] = credential with open('/tmp/mycreds.json', 'w') as jo: json.dump(creds, jo)