This commit is contained in:
aitzol 2023-11-26 18:14:50 +01:00
parent c20a8a0b2c
commit 490e9bb80c
2 changed files with 15 additions and 14 deletions

25
app.py
View File

@ -39,6 +39,7 @@ from user_agents import parse as ua_parse
from datetime import datetime
import cryptocode
import base64
import uuid
BASE_DIR = path.dirname(__file__)
LOG = logging.getLogger(__name__)
@ -160,12 +161,12 @@ def post_user():
#if(check_2fa_step1(form('username'))):
if(newSession().get()['secureAuth']):
# encrypt and store the credentials
sid = newSession().get()['id']
key = uuid.uuid4().hex
data = ';'.join([form('username'),form('password'),newSession().get()['authCode']])
data_enc = cryptocode.encrypt(data, newSession().get()['id'])
data_enc = cryptocode.encrypt(data, key)
data_to_url = base64.urlsafe_b64encode(str.encode(data_enc))
memo.get(data_enc)
memo.sid=sid
memo.data = data_enc
memo.key = key
logout(form('username'))
return index_tpl(two_factor_authentication=True, path=data_to_url, str=i18n.str)
except Error as e:
@ -185,7 +186,7 @@ def post_user_step2(path):
try:
# decrypt url
path = base64.urlsafe_b64decode(path)
path = cryptocode.decrypt(path.decode('utf-8'), memo.sid)
path = cryptocode.decrypt(path.decode('utf-8'), memo.key)
data = path.split(';')
username = data[0]
@ -230,7 +231,11 @@ def post_signup():
def error(msg):
return signup_tpl(alerts=[('error', msg, 'fadeOut')], str=i18n.str)
if not tools.code_is_valid(form('invite_code'), db):
try:
if not tools.code_is_valid(form('invite_code'), db):
return(error(i18n.msg[6]))
except Exception as e:
LOG.error(e)
return(error(i18n.msg[6]))
if len(form('username')) < 3:
@ -527,7 +532,6 @@ def login_user_ldap(conf, username, password):
c.bind()
if is_trusted_device(conf, user_dn):
newSession().set(get_user_data(user_dn, c))
newSession().data['id'] = tools.session_id()
#update timestamp + ip address
update_login_info(conf, user_dn)
LOG.debug("%s logged in to %s" % (username, conf['base']))
@ -1099,9 +1103,7 @@ class Error(Exception):
class tMemory(object):
def __init__(self):
self.data = None
self.sid = None
def get(self, data):
self.data = data
self.key = None
memo = tMemory()
@ -1113,6 +1115,7 @@ def newSession():
def __init__(self):
super(Session, self).__init__()
self.data = bottle.request.environ.get('beaker.session')
self.sid = self.data.id
#localization
self.lang = self.get_lang()
global i18n
@ -1159,6 +1162,8 @@ def newSession():
self.data['secureAuth'] = self.secureAuth
self.data['authCode'] = self.authCode
self.data['id'] = self.sid
def close(self):
self.data.pop('username')

View File

@ -6,7 +6,6 @@ from onetimepass import valid_totp
from secrets import choice
import segno
from os import path
import uuid
class Tools():
@ -70,7 +69,4 @@ class Tools():
print('Wrong otp, please try again.')
return False
def session_id(self):
return uuid.uuid4().hex
tools = Tools()