diff --git a/aleksis/apps/kort/models/sdm.py b/aleksis/apps/kort/models/sdm.py index 19de0e74e382e933202ae76ed595ca01dd80dd18..55aed0f10433d7cd404bdb2bfed8be0faca131df 100644 --- a/aleksis/apps/kort/models/sdm.py +++ b/aleksis/apps/kort/models/sdm.py @@ -1,10 +1,10 @@ from binascii import unhexlify from django.core.exceptions import BadRequest -from django.core.http import Request +from django.http import HttpRequest from libsdm import EncMode, InvalidMessage, decrypt_sun_message -from libsdm.derive import derive_undiversified_key, derive_tag_key +from libsdm.derive import derive_tag_key, derive_undiversified_key from libsdm.util import parse_parameters from aleksis.core.mixins import ExtensibleModel, ObjectAuthenticator @@ -15,13 +15,18 @@ from .cards import Card class NfcSdmAuthenticator(ObjectAuthenticator): """Object authenticator using NFC SDM.""" + name = "nfc_sdm" require_lrp = False - def authenticate(self, request: Request, obj: ExtensibleModel): + def authenticate(self, request: HttpRequest, obj: ExtensibleModel): """SUN decrypting authenticator""" - master_key = unhexlify(get_site_preferences()["nfc__sdm_master_key"]) - param_mode, picc_enc_data, enc_file_data, sdmmac = parse_parameters(request.GET) + master_key = unhexlify(get_site_preferences()["kort__sdm_master_key"]) + try: + param_mode, picc_enc_data, enc_file_data, sdmmac = parse_parameters(request.GET) + except ValueError as e: + raise BadRequest(**e.args) + try: res = decrypt_sun_message( param_mode=param_mode, @@ -40,13 +45,13 @@ class NfcSdmAuthenticator(ObjectAuthenticator): try: card = Card.objects.get(chip_number__iexact=res["uid"].hex()) - except Card.DoesNotExact: + except Card.DoesNotExist: return False if card.person != obj: raise BadRequest("Card is not linked to identified object") - if card.last_read_counter <= res["read_ctr"]: + if card.last_read_counter >= res["read_ctr"]: raise BadRequest("Read counter went backwards, possible replay attack") card.last_read_counter = res["read_ctr"] card.save()