2fa-0.9
This commit is contained in:
parent
7a7edc1f92
commit
7e7c599530
81
app.py
81
app.py
@ -37,6 +37,8 @@ from libs.helper import tools
|
|||||||
import random
|
import random
|
||||||
from user_agents import parse as ua_parse
|
from user_agents import parse as ua_parse
|
||||||
from datetime import datetime
|
from datetime import datetime
|
||||||
|
import cryptocode
|
||||||
|
import base64
|
||||||
|
|
||||||
BASE_DIR = path.dirname(__file__)
|
BASE_DIR = path.dirname(__file__)
|
||||||
LOG = logging.getLogger(__name__)
|
LOG = logging.getLogger(__name__)
|
||||||
@ -46,9 +48,6 @@ VERSION = '0.0.2'
|
|||||||
@get('/')
|
@get('/')
|
||||||
def get_index():
|
def get_index():
|
||||||
try:
|
try:
|
||||||
while(newSession().get()['secureAuth'] and not newSession().secure_logged_in):
|
|
||||||
logout(newSession().get()['username'])
|
|
||||||
|
|
||||||
return user_tpl(data=newSession().get(), str=i18n.str)
|
return user_tpl(data=newSession().get(), str=i18n.str)
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
return index_tpl(str=i18n.str)
|
return index_tpl(str=i18n.str)
|
||||||
@ -57,11 +56,6 @@ def get_index():
|
|||||||
def get_index():
|
def get_index():
|
||||||
try:
|
try:
|
||||||
print(newSession().get())
|
print(newSession().get())
|
||||||
print(newSession().secure_logged_in)
|
|
||||||
print(newSession().id);
|
|
||||||
while(newSession().get()['secureAuth'] and not newSession().secure_logged_in):
|
|
||||||
logout(newSession().get()['username'])
|
|
||||||
|
|
||||||
return user_tpl(data=newSession().get(), str=i18n.str)
|
return user_tpl(data=newSession().get(), str=i18n.str)
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
return index_tpl(str=i18n.str)
|
return index_tpl(str=i18n.str)
|
||||||
@ -161,36 +155,25 @@ def post_user():
|
|||||||
username = form('username')
|
username = form('username')
|
||||||
password = form('password')
|
password = form('password')
|
||||||
|
|
||||||
'''
|
|
||||||
try:
|
try:
|
||||||
if(check_2fa_step1(form('username'))):
|
|
||||||
print('kk')
|
|
||||||
#return index_tpl(two_factor_authentication=True, u=(form('username')), p=(form('password')), str=i18n.str)
|
|
||||||
except Error as e:
|
|
||||||
LOG.warning("Erabiltzailea ez da aurkitu???")
|
|
||||||
'''
|
|
||||||
|
|
||||||
try:
|
|
||||||
#th = threading.Thread(target=login, args=(form('username'), form('password')))
|
|
||||||
#th.start()
|
|
||||||
login(form('username'), form('password'))
|
login(form('username'), form('password'))
|
||||||
except Error as e:
|
except Error as e:
|
||||||
LOG.warning("Unsuccessful attempt to login %s: %s" % (form('username'), e))
|
LOG.warning("Unsuccessful attempt to login %s: %s" % (form('username'), e))
|
||||||
return error(str(e))
|
return error(str(e))
|
||||||
|
|
||||||
|
#print('N:',newSession().get()['id'])
|
||||||
|
key = cryptocode.encrypt(form('password'), newSession().get()['id'])
|
||||||
|
print(key)
|
||||||
|
key = base64.urlsafe_b64encode(str.encode(key))
|
||||||
|
print(key)
|
||||||
|
|
||||||
try:
|
try:
|
||||||
if(check_2fa_step1(form('username'))):
|
if(check_2fa_step1(form('username'))):
|
||||||
print('kk')
|
print('kk')
|
||||||
return index_tpl(two_factor_authentication=True, str=i18n.str)
|
return index_tpl(two_factor_authentication=True, key=key, str=i18n.str)
|
||||||
except Error as e:
|
except Error as e:
|
||||||
LOG.warning("Erabiltzailea ez da aurkitu???")
|
LOG.warning("Erabiltzailea ez da aurkitu???")
|
||||||
|
|
||||||
'''
|
|
||||||
if(not newSession().get()['secureAuth']):
|
|
||||||
return user_tpl(alerts=[('success', '%s %s' % (i18n.msg[1], form('username').capitalize()), 'fadeOut' )], data=newSession().get(), str=i18n.str)
|
|
||||||
elif(newSession().get()['secureAuth']):
|
|
||||||
return index_tpl(two_factor_authentication=True, str=i18n.str)
|
|
||||||
'''
|
|
||||||
return user_tpl(alerts=[('success', '%s %s' % (i18n.msg[1], form('username').capitalize()), 'fadeOut' )], data=newSession().get(), str=i18n.str)
|
return user_tpl(alerts=[('success', '%s %s' % (i18n.msg[1], form('username').capitalize()), 'fadeOut' )], data=newSession().get(), str=i18n.str)
|
||||||
|
|
||||||
@post('/user')
|
@post('/user')
|
||||||
@ -220,18 +203,41 @@ def post_user():
|
|||||||
return index_tpl(two_factor_authentication=True, str=i18n.str)
|
return index_tpl(two_factor_authentication=True, str=i18n.str)
|
||||||
'''
|
'''
|
||||||
return user_tpl(alerts=[('success', '%s %s' % (i18n.msg[1], form('username').capitalize()), 'fadeOut' )], data=newSession().get(), str=i18n.str)
|
return user_tpl(alerts=[('success', '%s %s' % (i18n.msg[1], form('username').capitalize()), 'fadeOut' )], data=newSession().get(), str=i18n.str)
|
||||||
@post('/user_step2')
|
|
||||||
def post_user_step2():
|
@post('/user_step2/<key>')
|
||||||
|
def post_user_step2(key):
|
||||||
form = request.forms.getunicode
|
form = request.forms.getunicode
|
||||||
|
|
||||||
|
secret = newSession().get()['authCode']
|
||||||
|
username = newSession().get()['username']
|
||||||
|
password = base64.urlsafe_b64decode(key)
|
||||||
|
print(password)
|
||||||
|
password = cryptocode.decrypt(password.decode('utf-8'), newSession().get()['id'])
|
||||||
|
print(password)
|
||||||
|
#password = cryptocode.decrypt(key, newSession().get()['id'])
|
||||||
|
|
||||||
|
print('key:',key)
|
||||||
|
print("sid:",newSession().get()['id'])
|
||||||
|
print('pwd:',password)
|
||||||
|
|
||||||
|
logout(newSession().get()['username'])
|
||||||
|
|
||||||
def error(msg):
|
def error(msg):
|
||||||
return index_tpl(alerts=[('error', msg, 'fadeOut')], str=i18n.str)
|
return index_tpl(alerts=[('error', msg, 'fadeOut')], str=i18n.str)
|
||||||
|
|
||||||
if not tools._2fa_validation(form('code'), newSession().get()['authCode']):
|
#if not tools._2fa_validation(form('code'), newSession().get()['authCode']):
|
||||||
logout(newSession().get()['username'])
|
if not tools._2fa_validation(form('code'), secret):
|
||||||
|
#logout(newSession().get()['username'])
|
||||||
|
logout(username)
|
||||||
return error('Kode okerra. Saio hasierak huts egin du.')
|
return error('Kode okerra. Saio hasierak huts egin du.')
|
||||||
|
else:
|
||||||
|
|
||||||
newSession.secure_logged_in = True
|
try:
|
||||||
|
login(username, password)
|
||||||
|
except Error as e:
|
||||||
|
LOG.warning("Unsuccessful attempt to login %s: %s" % (form('username'), e))
|
||||||
|
return error(str(e))
|
||||||
|
print(newSession().get())
|
||||||
return user_tpl(alerts=[('success', '%s %s' % (i18n.msg[1], newSession().get()['username']), 'fadeOut' )], data=newSession().get(), str=i18n.str)
|
return user_tpl(alerts=[('success', '%s %s' % (i18n.msg[1], newSession().get()['username']), 'fadeOut' )], data=newSession().get(), str=i18n.str)
|
||||||
|
|
||||||
@post('/signup')
|
@post('/signup')
|
||||||
@ -506,6 +512,7 @@ def connect_ldap(conf, **kwargs):
|
|||||||
|
|
||||||
#LOGIN
|
#LOGIN
|
||||||
def login(username, password):
|
def login(username, password):
|
||||||
|
|
||||||
n = N
|
n = N
|
||||||
for key in (key for key in CONF.sections()
|
for key in (key for key in CONF.sections()
|
||||||
if key == 'ldap' or key.startswith('ldap:')):
|
if key == 'ldap' or key.startswith('ldap:')):
|
||||||
@ -520,7 +527,6 @@ def login(username, password):
|
|||||||
continue
|
continue
|
||||||
else:
|
else:
|
||||||
raise e
|
raise e
|
||||||
|
|
||||||
break
|
break
|
||||||
|
|
||||||
def login_user(conf, *args):
|
def login_user(conf, *args):
|
||||||
@ -550,13 +556,15 @@ def login_user_ldap(conf, username, password):
|
|||||||
c.bind()
|
c.bind()
|
||||||
if is_trusted_device(conf, user_dn):
|
if is_trusted_device(conf, user_dn):
|
||||||
newSession().set(get_user_data(user_dn, c))
|
newSession().set(get_user_data(user_dn, c))
|
||||||
#new_session(user_dn, c, conf, lambda: check_2fa_step1())
|
newSession().get()['id']=tools.session_id()
|
||||||
#update timestamp + ip address
|
#update timestamp + ip address
|
||||||
update_login_info(conf, user_dn)
|
update_login_info(conf, user_dn)
|
||||||
|
LOG.debug("%s logged in to %s" % (username, conf['base']))
|
||||||
#check if exists 2fa qr image
|
#check if exists 2fa qr image
|
||||||
if(newSession().get()['secureAuth']):
|
if(newSession().get()['secureAuth']):
|
||||||
tools.gen_qr(newSession().get()['authCode'])
|
tools.gen_qr(newSession().get()['authCode'])
|
||||||
LOG.debug("%s logged in to %s" % (username, conf['base']))
|
#if(newSession().get()['secureAuth'] and not newSession().secure_logged_in):
|
||||||
|
#logout(newSession().get()['username'])
|
||||||
'''
|
'''
|
||||||
def new_session(user_dn, c, conf, two_factor_auth):
|
def new_session(user_dn, c, conf, two_factor_auth):
|
||||||
while(two_factor_auth):
|
while(two_factor_auth):
|
||||||
@ -1189,9 +1197,8 @@ def newSession():
|
|||||||
def __init__(self):
|
def __init__(self):
|
||||||
super(Session, self).__init__()
|
super(Session, self).__init__()
|
||||||
self.data = bottle.request.environ.get('beaker.session')
|
self.data = bottle.request.environ.get('beaker.session')
|
||||||
self.id = tools.session_id()
|
self.id = None
|
||||||
self.secure_logged_in = False
|
#self.lang = self.get_lang()
|
||||||
self.lang = self.get_lang()
|
|
||||||
#localization
|
#localization
|
||||||
self.lang = self.get_lang()
|
self.lang = self.get_lang()
|
||||||
global i18n
|
global i18n
|
||||||
|
13
enc.py
Normal file
13
enc.py
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
import base64
|
||||||
|
def encrypt2(message,key):
|
||||||
|
return base64.encodestring("".join([chr(ord(message[i]) ^ ord(key[i % len(key)])) for i in xrange(len(message))]))
|
||||||
|
|
||||||
|
def decrypt2(message, key):
|
||||||
|
from itertools import cycle
|
||||||
|
decoded = base64.decodestring(message)
|
||||||
|
return "".join(chr(a ^ b) for a, b in zip(map(ord, decoded), cycle(map(ord, key))))
|
||||||
|
|
||||||
|
print(encrypt2("Jo ta ke irabazi arte", "0d0cc0c959044abbb8ba20a4531cea0f"))
|
||||||
|
print(decrypt2(encrypt2("Jo ta ke irabazi arte", "0d0cc0c959044abbb8ba20a4531cea0f"), "0d0cc0c959044abbb8ba20a4531cea0f"))
|
||||||
|
|
||||||
|
|
@ -17,7 +17,7 @@
|
|||||||
|
|
||||||
%try:
|
%try:
|
||||||
%if two_factor_authentication:
|
%if two_factor_authentication:
|
||||||
<form method="post" action="/user_step2">
|
<form method="post" action="/user_step2/{{key}}">
|
||||||
<label for="code">kodea</label>
|
<label for="code">kodea</label>
|
||||||
<input id="code" name="code" value="" type="text" required autofocus>
|
<input id="code" name="code" value="" type="text" required autofocus>
|
||||||
%end
|
%end
|
||||||
|
Loading…
Reference in New Issue
Block a user