| import json |
| from json import JSONDecodeError |
| from typing import List, Optional, Union |
|
|
| from .base64url_to_bytes import base64url_to_bytes |
| from .exceptions import InvalidJSONStructure, InvalidAuthenticationOptions |
| from .structs import ( |
| AuthenticatorTransport, |
| PublicKeyCredentialDescriptor, |
| PublicKeyCredentialRequestOptions, |
| UserVerificationRequirement, |
| ) |
|
|
|
|
| def parse_authentication_options_json( |
| json_val: Union[str, dict] |
| ) -> PublicKeyCredentialRequestOptions: |
| """ |
| Parse a JSON form of authentication options, as either stringified JSON or a plain dict, into an |
| instance of `PublicKeyCredentialRequestOptions`. Typically useful in mapping output from |
| `generate_authentication_options()`, that's been persisted as JSON via Redis/etc... back into |
| structured data. |
| """ |
| if isinstance(json_val, str): |
| try: |
| json_val = json.loads(json_val) |
| except JSONDecodeError: |
| raise InvalidJSONStructure("Unable to decode options as JSON") |
|
|
| if not isinstance(json_val, dict): |
| raise InvalidJSONStructure("Options were not a JSON object") |
|
|
| """ |
| Check challenge |
| """ |
| options_challenge = json_val.get("challenge") |
| if not isinstance(options_challenge, str): |
| raise InvalidJSONStructure("Options missing required challenge") |
|
|
| """ |
| Check timeout |
| """ |
| options_timeout = json_val.get("timeout") |
| mapped_timeout = None |
| if isinstance(options_timeout, int): |
| mapped_timeout = options_timeout |
|
|
| """ |
| Check rpId |
| """ |
| options_rp_id = json_val.get("rpId") |
| mapped_rp_id = None |
| if isinstance(options_rp_id, str): |
| mapped_rp_id = options_rp_id |
|
|
| """ |
| Check userVerification |
| """ |
| options_user_verification = json_val.get("userVerification") |
| if not isinstance(options_user_verification, str): |
| raise InvalidJSONStructure("Options missing required userVerification") |
|
|
| try: |
| mapped_user_verification = UserVerificationRequirement(options_user_verification) |
| except ValueError as exc: |
| raise InvalidJSONStructure("Options userVerification was invalid value") from exc |
|
|
| """ |
| Check allowCredentials |
| """ |
| options_allow_credentials = json_val.get("allowCredentials") |
| mapped_allow_credentials: Optional[List[PublicKeyCredentialDescriptor]] = None |
| if isinstance(options_allow_credentials, list): |
| mapped_allow_credentials = [] |
| for cred in options_allow_credentials: |
| _cred_id = cred.get("id") |
| if not isinstance(_cred_id, str): |
| raise InvalidJSONStructure("Options excludeCredentials entry missing required id") |
|
|
| _mapped = PublicKeyCredentialDescriptor(id=base64url_to_bytes(_cred_id)) |
|
|
| _transports = cred.get("transports") |
| if _transports is not None: |
| if not isinstance(_transports, list): |
| raise InvalidJSONStructure( |
| "Options excludeCredentials entry transports was not list" |
| ) |
| try: |
| _mapped.transports = [ |
| AuthenticatorTransport(_transport) for _transport in _transports |
| ] |
| except ValueError as exc: |
| raise InvalidJSONStructure( |
| "Options excludeCredentials entry transports had invalid value" |
| ) from exc |
|
|
| mapped_allow_credentials.append(_mapped) |
|
|
| try: |
| authentication_options = PublicKeyCredentialRequestOptions( |
| challenge=base64url_to_bytes(options_challenge), |
| timeout=mapped_timeout, |
| rp_id=mapped_rp_id, |
| user_verification=mapped_user_verification, |
| allow_credentials=mapped_allow_credentials, |
| ) |
| except Exception as exc: |
| raise InvalidAuthenticationOptions( |
| "Could not parse authentication options from JSON data" |
| ) from exc |
|
|
| return authentication_options |
|
|
