diff --git a/pyproject.toml b/pyproject.toml index 532a6bfe6..e275f9cf8 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -85,7 +85,6 @@ dependencies = [ "pypdf==3.9.*", "python-bidi==0.4.*", # Support for Arabic in reportlab "python-dateutil==2.8.*", - "python-u2flib-server==4.*", "pytz", "pytz-deprecation-shim==0.1.*", "pyuca", diff --git a/src/pretix/base/models/auth.py b/src/pretix/base/models/auth.py index a9c0fa909..c7c63b1d5 100644 --- a/src/pretix/base/models/auth.py +++ b/src/pretix/base/models/auth.py @@ -53,13 +53,11 @@ from django.utils.timezone import now from django.utils.translation import gettext_lazy as _ from django_otp.models import Device from django_scopes import scopes_disabled -from u2flib_server.utils import ( - pub_key_from_der, websafe_decode, websafe_encode, -) from pretix.base.i18n import language from pretix.helpers.urls import build_absolute_uri +from ...helpers.u2f import pub_key_from_der, websafe_decode, websafe_encode from .base import LoggingMixin diff --git a/src/pretix/helpers/u2f.py b/src/pretix/helpers/u2f.py new file mode 100644 index 000000000..f2626639f --- /dev/null +++ b/src/pretix/helpers/u2f.py @@ -0,0 +1,76 @@ +# +# This file is part of pretix (Community Edition). +# +# Copyright (C) 2014-2020 Raphael Michel and contributors +# Copyright (C) 2020-2021 rami.io GmbH and contributors +# +# This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General +# Public License as published by the Free Software Foundation in version 3 of the License. +# +# ADDITIONAL TERMS APPLY: Pursuant to Section 7 of the GNU Affero General Public License, additional terms are +# applicable granting you additional permissions and placing additional restrictions on your usage of this software. +# Please refer to the pretix LICENSE file to obtain the full terms applicable to this work. If you did not receive +# this file, see . +# +# This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more +# details. +# +# You should have received a copy of the GNU Affero General Public License along with this program. If not, see +# . +# + +# Backwards compatibility for old U2F key material, with code taken from +# +# https://github.com/Yubico/python-u2flib-server/blob/python-u2flib-server-4.0.1/u2flib_server/utils.py +# +# Copyright (c) 2013 Yubico AB +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or +# without modification, are permitted provided that the following +# conditions are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS +# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, +# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN +# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +# POSSIBILITY OF SUCH DAMAGE. +from base64 import urlsafe_b64decode, urlsafe_b64encode + +from cryptography.hazmat.backends import default_backend +from cryptography.hazmat.primitives.serialization import load_der_public_key + +PUB_KEY_DER_PREFIX = b'\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01' \ + b'\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00' + + +def pub_key_from_der(der): + return load_der_public_key(PUB_KEY_DER_PREFIX + der, default_backend()) + + +def websafe_decode(data): + if isinstance(data, str): + data = data.encode('ascii') + data += b'=' * (-len(data) % 4) + return urlsafe_b64decode(data) + + +def websafe_encode(data): + if isinstance(data, str): + data = data.encode('ascii') + return urlsafe_b64encode(data).replace(b'=', b'').decode('ascii')