File size: 4,011 Bytes
020c337 | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 | import json
from json import JSONDecodeError
from typing import List, Optional, Union
from .base64url_to_bytes import base64url_to_bytes
from .exceptions import InvalidJSONStructure, InvalidAuthenticationOptions
from .structs import (
AuthenticatorTransport,
PublicKeyCredentialDescriptor,
PublicKeyCredentialRequestOptions,
UserVerificationRequirement,
)
def parse_authentication_options_json(
json_val: Union[str, dict]
) -> PublicKeyCredentialRequestOptions:
"""
Parse a JSON form of authentication options, as either stringified JSON or a plain dict, into an
instance of `PublicKeyCredentialRequestOptions`. Typically useful in mapping output from
`generate_authentication_options()`, that's been persisted as JSON via Redis/etc... back into
structured data.
"""
if isinstance(json_val, str):
try:
json_val = json.loads(json_val)
except JSONDecodeError:
raise InvalidJSONStructure("Unable to decode options as JSON")
if not isinstance(json_val, dict):
raise InvalidJSONStructure("Options were not a JSON object")
"""
Check challenge
"""
options_challenge = json_val.get("challenge")
if not isinstance(options_challenge, str):
raise InvalidJSONStructure("Options missing required challenge")
"""
Check timeout
"""
options_timeout = json_val.get("timeout")
mapped_timeout = None
if isinstance(options_timeout, int):
mapped_timeout = options_timeout
"""
Check rpId
"""
options_rp_id = json_val.get("rpId")
mapped_rp_id = None
if isinstance(options_rp_id, str):
mapped_rp_id = options_rp_id
"""
Check userVerification
"""
options_user_verification = json_val.get("userVerification")
if not isinstance(options_user_verification, str):
raise InvalidJSONStructure("Options missing required userVerification")
try:
mapped_user_verification = UserVerificationRequirement(options_user_verification)
except ValueError as exc:
raise InvalidJSONStructure("Options userVerification was invalid value") from exc
"""
Check allowCredentials
"""
options_allow_credentials = json_val.get("allowCredentials")
mapped_allow_credentials: Optional[List[PublicKeyCredentialDescriptor]] = None
if isinstance(options_allow_credentials, list):
mapped_allow_credentials = []
for cred in options_allow_credentials:
_cred_id = cred.get("id")
if not isinstance(_cred_id, str):
raise InvalidJSONStructure("Options excludeCredentials entry missing required id")
_mapped = PublicKeyCredentialDescriptor(id=base64url_to_bytes(_cred_id))
_transports = cred.get("transports")
if _transports is not None:
if not isinstance(_transports, list):
raise InvalidJSONStructure(
"Options excludeCredentials entry transports was not list"
)
try:
_mapped.transports = [
AuthenticatorTransport(_transport) for _transport in _transports
]
except ValueError as exc:
raise InvalidJSONStructure(
"Options excludeCredentials entry transports had invalid value"
) from exc
mapped_allow_credentials.append(_mapped)
try:
authentication_options = PublicKeyCredentialRequestOptions(
challenge=base64url_to_bytes(options_challenge),
timeout=mapped_timeout,
rp_id=mapped_rp_id,
user_verification=mapped_user_verification,
allow_credentials=mapped_allow_credentials,
)
except Exception as exc:
raise InvalidAuthenticationOptions(
"Could not parse authentication options from JSON data"
) from exc
return authentication_options
|