2fa-0.9
This commit is contained in:
parent
7a7edc1f92
commit
7e7c599530
85
app.py
85
app.py
|
|
@ -37,6 +37,8 @@ from libs.helper import tools
|
|||
import random
|
||||
from user_agents import parse as ua_parse
|
||||
from datetime import datetime
|
||||
import cryptocode
|
||||
import base64
|
||||
|
||||
BASE_DIR = path.dirname(__file__)
|
||||
LOG = logging.getLogger(__name__)
|
||||
|
|
@ -46,9 +48,6 @@ VERSION = '0.0.2'
|
|||
@get('/')
|
||||
def get_index():
|
||||
try:
|
||||
while(newSession().get()['secureAuth'] and not newSession().secure_logged_in):
|
||||
logout(newSession().get()['username'])
|
||||
|
||||
return user_tpl(data=newSession().get(), str=i18n.str)
|
||||
except Exception as e:
|
||||
return index_tpl(str=i18n.str)
|
||||
|
|
@ -57,11 +56,6 @@ def get_index():
|
|||
def get_index():
|
||||
try:
|
||||
print(newSession().get())
|
||||
print(newSession().secure_logged_in)
|
||||
print(newSession().id);
|
||||
while(newSession().get()['secureAuth'] and not newSession().secure_logged_in):
|
||||
logout(newSession().get()['username'])
|
||||
|
||||
return user_tpl(data=newSession().get(), str=i18n.str)
|
||||
except Exception as e:
|
||||
return index_tpl(str=i18n.str)
|
||||
|
|
@ -161,36 +155,25 @@ def post_user():
|
|||
username = form('username')
|
||||
password = form('password')
|
||||
|
||||
'''
|
||||
try:
|
||||
if(check_2fa_step1(form('username'))):
|
||||
print('kk')
|
||||
#return index_tpl(two_factor_authentication=True, u=(form('username')), p=(form('password')), str=i18n.str)
|
||||
except Error as e:
|
||||
LOG.warning("Erabiltzailea ez da aurkitu???")
|
||||
'''
|
||||
|
||||
try:
|
||||
#th = threading.Thread(target=login, args=(form('username'), form('password')))
|
||||
#th.start()
|
||||
login(form('username'), form('password'))
|
||||
except Error as e:
|
||||
LOG.warning("Unsuccessful attempt to login %s: %s" % (form('username'), e))
|
||||
return error(str(e))
|
||||
|
||||
#print('N:',newSession().get()['id'])
|
||||
key = cryptocode.encrypt(form('password'), newSession().get()['id'])
|
||||
print(key)
|
||||
key = base64.urlsafe_b64encode(str.encode(key))
|
||||
print(key)
|
||||
|
||||
try:
|
||||
if(check_2fa_step1(form('username'))):
|
||||
print('kk')
|
||||
return index_tpl(two_factor_authentication=True, str=i18n.str)
|
||||
return index_tpl(two_factor_authentication=True, key=key, str=i18n.str)
|
||||
except Error as e:
|
||||
LOG.warning("Erabiltzailea ez da aurkitu???")
|
||||
|
||||
'''
|
||||
if(not newSession().get()['secureAuth']):
|
||||
return user_tpl(alerts=[('success', '%s %s' % (i18n.msg[1], form('username').capitalize()), 'fadeOut' )], data=newSession().get(), str=i18n.str)
|
||||
elif(newSession().get()['secureAuth']):
|
||||
return index_tpl(two_factor_authentication=True, str=i18n.str)
|
||||
'''
|
||||
|
||||
return user_tpl(alerts=[('success', '%s %s' % (i18n.msg[1], form('username').capitalize()), 'fadeOut' )], data=newSession().get(), str=i18n.str)
|
||||
|
||||
@post('/user')
|
||||
|
|
@ -220,18 +203,41 @@ def post_user():
|
|||
return index_tpl(two_factor_authentication=True, str=i18n.str)
|
||||
'''
|
||||
return user_tpl(alerts=[('success', '%s %s' % (i18n.msg[1], form('username').capitalize()), 'fadeOut' )], data=newSession().get(), str=i18n.str)
|
||||
@post('/user_step2')
|
||||
def post_user_step2():
|
||||
|
||||
@post('/user_step2/<key>')
|
||||
def post_user_step2(key):
|
||||
form = request.forms.getunicode
|
||||
|
||||
secret = newSession().get()['authCode']
|
||||
username = newSession().get()['username']
|
||||
password = base64.urlsafe_b64decode(key)
|
||||
print(password)
|
||||
password = cryptocode.decrypt(password.decode('utf-8'), newSession().get()['id'])
|
||||
print(password)
|
||||
#password = cryptocode.decrypt(key, newSession().get()['id'])
|
||||
|
||||
print('key:',key)
|
||||
print("sid:",newSession().get()['id'])
|
||||
print('pwd:',password)
|
||||
|
||||
logout(newSession().get()['username'])
|
||||
|
||||
def error(msg):
|
||||
return index_tpl(alerts=[('error', msg, 'fadeOut')], str=i18n.str)
|
||||
|
||||
if not tools._2fa_validation(form('code'), newSession().get()['authCode']):
|
||||
logout(newSession().get()['username'])
|
||||
#if not tools._2fa_validation(form('code'), newSession().get()['authCode']):
|
||||
if not tools._2fa_validation(form('code'), secret):
|
||||
#logout(newSession().get()['username'])
|
||||
logout(username)
|
||||
return error('Kode okerra. Saio hasierak huts egin du.')
|
||||
else:
|
||||
|
||||
newSession.secure_logged_in = True
|
||||
try:
|
||||
login(username, password)
|
||||
except Error as e:
|
||||
LOG.warning("Unsuccessful attempt to login %s: %s" % (form('username'), e))
|
||||
return error(str(e))
|
||||
print(newSession().get())
|
||||
return user_tpl(alerts=[('success', '%s %s' % (i18n.msg[1], newSession().get()['username']), 'fadeOut' )], data=newSession().get(), str=i18n.str)
|
||||
|
||||
@post('/signup')
|
||||
|
|
@ -506,6 +512,7 @@ def connect_ldap(conf, **kwargs):
|
|||
|
||||
#LOGIN
|
||||
def login(username, password):
|
||||
|
||||
n = N
|
||||
for key in (key for key in CONF.sections()
|
||||
if key == 'ldap' or key.startswith('ldap:')):
|
||||
|
|
@ -520,7 +527,6 @@ def login(username, password):
|
|||
continue
|
||||
else:
|
||||
raise e
|
||||
|
||||
break
|
||||
|
||||
def login_user(conf, *args):
|
||||
|
|
@ -550,13 +556,15 @@ def login_user_ldap(conf, username, password):
|
|||
c.bind()
|
||||
if is_trusted_device(conf, user_dn):
|
||||
newSession().set(get_user_data(user_dn, c))
|
||||
#new_session(user_dn, c, conf, lambda: check_2fa_step1())
|
||||
newSession().get()['id']=tools.session_id()
|
||||
#update timestamp + ip address
|
||||
update_login_info(conf, user_dn)
|
||||
LOG.debug("%s logged in to %s" % (username, conf['base']))
|
||||
#check if exists 2fa qr image
|
||||
if(newSession().get()['secureAuth']):
|
||||
tools.gen_qr(newSession().get()['authCode'])
|
||||
LOG.debug("%s logged in to %s" % (username, conf['base']))
|
||||
#if(newSession().get()['secureAuth'] and not newSession().secure_logged_in):
|
||||
#logout(newSession().get()['username'])
|
||||
'''
|
||||
def new_session(user_dn, c, conf, two_factor_auth):
|
||||
while(two_factor_auth):
|
||||
|
|
@ -1189,13 +1197,12 @@ def newSession():
|
|||
def __init__(self):
|
||||
super(Session, self).__init__()
|
||||
self.data = bottle.request.environ.get('beaker.session')
|
||||
self.id = tools.session_id()
|
||||
self.secure_logged_in = False
|
||||
self.lang = self.get_lang()
|
||||
self.id = None
|
||||
#self.lang = self.get_lang()
|
||||
#localization
|
||||
self.lang = self.get_lang()
|
||||
global i18n
|
||||
i18n = LocalizeTo(self.lang, CONF)
|
||||
i18n = LocalizeTo(self.lang, CONF)
|
||||
|
||||
def get_lang(self):
|
||||
if 'HTTP_ACCEPT_LANGUAGE' in bottle.request.environ:
|
||||
|
|
|
|||
|
|
@ -0,0 +1,13 @@
|
|||
import base64
|
||||
def encrypt2(message,key):
|
||||
return base64.encodestring("".join([chr(ord(message[i]) ^ ord(key[i % len(key)])) for i in xrange(len(message))]))
|
||||
|
||||
def decrypt2(message, key):
|
||||
from itertools import cycle
|
||||
decoded = base64.decodestring(message)
|
||||
return "".join(chr(a ^ b) for a, b in zip(map(ord, decoded), cycle(map(ord, key))))
|
||||
|
||||
print(encrypt2("Jo ta ke irabazi arte", "0d0cc0c959044abbb8ba20a4531cea0f"))
|
||||
print(decrypt2(encrypt2("Jo ta ke irabazi arte", "0d0cc0c959044abbb8ba20a4531cea0f"), "0d0cc0c959044abbb8ba20a4531cea0f"))
|
||||
|
||||
|
||||
|
|
@ -17,7 +17,7 @@
|
|||
|
||||
%try:
|
||||
%if two_factor_authentication:
|
||||
<form method="post" action="/user_step2">
|
||||
<form method="post" action="/user_step2/{{key}}">
|
||||
<label for="code">kodea</label>
|
||||
<input id="code" name="code" value="" type="text" required autofocus>
|
||||
%end
|
||||
|
|
|
|||
Loading…
Reference in New Issue