aitzol
/
ldap-python-webui
1
0
Fork 0
Code Issues Pull Requests Projects Releases 3 Wiki Activity

2fa-0.9

This commit is contained in:
aitzol 2023-11-22 08:26:22 +01:00
parent 7a7edc1f92
commit 7e7c599530
4 changed files with 1374 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

85
app.py
View File

@ -37,6 +37,8 @@ from libs.helper import tools
import random import random
from user_agents import parse as ua_parse from user_agents import parse as ua_parse
from datetime import datetime from datetime import datetime
import cryptocode
import base64
BASE_DIR = path.dirname(__file__) BASE_DIR = path.dirname(__file__)
LOG = logging.getLogger(__name__) LOG = logging.getLogger(__name__)
@ -46,9 +48,6 @@ VERSION = '0.0.2'
@get('/') @get('/')
def get_index(): def get_index():
try: try:
while(newSession().get()['secureAuth'] and not newSession().secure_logged_in):
logout(newSession().get()['username'])
return user_tpl(data=newSession().get(), str=i18n.str) return user_tpl(data=newSession().get(), str=i18n.str)
except Exception as e: except Exception as e:
return index_tpl(str=i18n.str) return index_tpl(str=i18n.str)
@ -57,11 +56,6 @@ def get_index():
def get_index(): def get_index():
try: try:
print(newSession().get()) print(newSession().get())
print(newSession().secure_logged_in)
print(newSession().id);
while(newSession().get()['secureAuth'] and not newSession().secure_logged_in):
logout(newSession().get()['username'])
return user_tpl(data=newSession().get(), str=i18n.str) return user_tpl(data=newSession().get(), str=i18n.str)
except Exception as e: except Exception as e:
return index_tpl(str=i18n.str) return index_tpl(str=i18n.str)
@ -161,36 +155,25 @@ def post_user():
username = form('username') username = form('username')
password = form('password') password = form('password')
'''
try: try:
if(check_2fa_step1(form('username'))):
print('kk')
#return index_tpl(two_factor_authentication=True, u=(form('username')), p=(form('password')), str=i18n.str)
except Error as e:
LOG.warning("Erabiltzailea ez da aurkitu???")
'''
try:
#th = threading.Thread(target=login, args=(form('username'), form('password')))
#th.start()
login(form('username'), form('password')) login(form('username'), form('password'))
except Error as e: except Error as e:
LOG.warning("Unsuccessful attempt to login %s: %s" % (form('username'), e)) LOG.warning("Unsuccessful attempt to login %s: %s" % (form('username'), e))
return error(str(e)) return error(str(e))
#print('N:',newSession().get()['id'])
key = cryptocode.encrypt(form('password'), newSession().get()['id'])
print(key)
key = base64.urlsafe_b64encode(str.encode(key))
print(key)
try: try:
if(check_2fa_step1(form('username'))): if(check_2fa_step1(form('username'))):
print('kk') print('kk')
return index_tpl(two_factor_authentication=True, str=i18n.str) return index_tpl(two_factor_authentication=True, key=key, str=i18n.str)
except Error as e: except Error as e:
LOG.warning("Erabiltzailea ez da aurkitu???") LOG.warning("Erabiltzailea ez da aurkitu???")
'''
if(not newSession().get()['secureAuth']):
return user_tpl(alerts=[('success', '%s %s' % (i18n.msg[1], form('username').capitalize()), 'fadeOut' )], data=newSession().get(), str=i18n.str)
elif(newSession().get()['secureAuth']):
return index_tpl(two_factor_authentication=True, str=i18n.str)
'''
return user_tpl(alerts=[('success', '%s %s' % (i18n.msg[1], form('username').capitalize()), 'fadeOut' )], data=newSession().get(), str=i18n.str) return user_tpl(alerts=[('success', '%s %s' % (i18n.msg[1], form('username').capitalize()), 'fadeOut' )], data=newSession().get(), str=i18n.str)
@post('/user') @post('/user')
@ -220,18 +203,41 @@ def post_user():
return index_tpl(two_factor_authentication=True, str=i18n.str) return index_tpl(two_factor_authentication=True, str=i18n.str)
''' '''
return user_tpl(alerts=[('success', '%s %s' % (i18n.msg[1], form('username').capitalize()), 'fadeOut' )], data=newSession().get(), str=i18n.str) return user_tpl(alerts=[('success', '%s %s' % (i18n.msg[1], form('username').capitalize()), 'fadeOut' )], data=newSession().get(), str=i18n.str)
@post('/user_step2')
def post_user_step2(): @post('/user_step2/<key>')
def post_user_step2(key):
form = request.forms.getunicode form = request.forms.getunicode
secret = newSession().get()['authCode']
username = newSession().get()['username']
password = base64.urlsafe_b64decode(key)
print(password)
password = cryptocode.decrypt(password.decode('utf-8'), newSession().get()['id'])
print(password)
#password = cryptocode.decrypt(key, newSession().get()['id'])
print('key:',key)
print("sid:",newSession().get()['id'])
print('pwd:',password)
logout(newSession().get()['username'])
def error(msg): def error(msg):
return index_tpl(alerts=[('error', msg, 'fadeOut')], str=i18n.str) return index_tpl(alerts=[('error', msg, 'fadeOut')], str=i18n.str)
if not tools._2fa_validation(form('code'), newSession().get()['authCode']): #if not tools._2fa_validation(form('code'), newSession().get()['authCode']):
logout(newSession().get()['username']) if not tools._2fa_validation(form('code'), secret):
#logout(newSession().get()['username'])
logout(username)
return error('Kode okerra. Saio hasierak huts egin du.') return error('Kode okerra. Saio hasierak huts egin du.')
else:
newSession.secure_logged_in = True try:
login(username, password)
except Error as e:
LOG.warning("Unsuccessful attempt to login %s: %s" % (form('username'), e))
return error(str(e))
print(newSession().get())
return user_tpl(alerts=[('success', '%s %s' % (i18n.msg[1], newSession().get()['username']), 'fadeOut' )], data=newSession().get(), str=i18n.str) return user_tpl(alerts=[('success', '%s %s' % (i18n.msg[1], newSession().get()['username']), 'fadeOut' )], data=newSession().get(), str=i18n.str)
@post('/signup') @post('/signup')
@ -506,6 +512,7 @@ def connect_ldap(conf, **kwargs):
#LOGIN #LOGIN
def login(username, password): def login(username, password):
n = N n = N
for key in (key for key in CONF.sections() for key in (key for key in CONF.sections()
if key == 'ldap' or key.startswith('ldap:')): if key == 'ldap' or key.startswith('ldap:')):
@ -520,7 +527,6 @@ def login(username, password):
continue continue
else: else:
raise e raise e
break break
def login_user(conf, *args): def login_user(conf, *args):
@ -550,13 +556,15 @@ def login_user_ldap(conf, username, password):
c.bind() c.bind()
if is_trusted_device(conf, user_dn): if is_trusted_device(conf, user_dn):
newSession().set(get_user_data(user_dn, c)) newSession().set(get_user_data(user_dn, c))
#new_session(user_dn, c, conf, lambda: check_2fa_step1()) newSession().get()['id']=tools.session_id()
#update timestamp + ip address #update timestamp + ip address
update_login_info(conf, user_dn) update_login_info(conf, user_dn)
LOG.debug("%s logged in to %s" % (username, conf['base']))
#check if exists 2fa qr image #check if exists 2fa qr image
if(newSession().get()['secureAuth']): if(newSession().get()['secureAuth']):
tools.gen_qr(newSession().get()['authCode']) tools.gen_qr(newSession().get()['authCode'])
LOG.debug("%s logged in to %s" % (username, conf['base'])) #if(newSession().get()['secureAuth'] and not newSession().secure_logged_in):
#logout(newSession().get()['username'])
''' '''
def new_session(user_dn, c, conf, two_factor_auth): def new_session(user_dn, c, conf, two_factor_auth):
while(two_factor_auth): while(two_factor_auth):
@ -1189,13 +1197,12 @@ def newSession():
def __init__(self): def __init__(self):
super(Session, self).__init__() super(Session, self).__init__()
self.data = bottle.request.environ.get('beaker.session') self.data = bottle.request.environ.get('beaker.session')
self.id = tools.session_id() self.id = None
self.secure_logged_in = False #self.lang = self.get_lang()
self.lang = self.get_lang()
#localization #localization
self.lang = self.get_lang() self.lang = self.get_lang()
global i18n global i18n
i18n = LocalizeTo(self.lang, CONF) i18n = LocalizeTo(self.lang, CONF)
def get_lang(self): def get_lang(self):
if 'HTTP_ACCEPT_LANGUAGE' in bottle.request.environ: if 'HTTP_ACCEPT_LANGUAGE' in bottle.request.environ:

13
enc.py Normal file
View File

@ -0,0 +1,13 @@
import base64
def encrypt2(message,key):
return base64.encodestring("".join([chr(ord(message[i]) ^ ord(key[i % len(key)])) for i in xrange(len(message))]))
def decrypt2(message, key):
from itertools import cycle
decoded = base64.decodestring(message)
return "".join(chr(a ^ b) for a, b in zip(map(ord, decoded), cycle(map(ord, key))))
print(encrypt2("Jo ta ke irabazi arte", "0d0cc0c959044abbb8ba20a4531cea0f"))
print(decrypt2(encrypt2("Jo ta ke irabazi arte", "0d0cc0c959044abbb8ba20a4531cea0f"), "0d0cc0c959044abbb8ba20a4531cea0f"))

2
index.tpl
View File

@ -17,7 +17,7 @@
%try: %try:
%if two_factor_authentication: %if two_factor_authentication:
<form method="post" action="/user_step2"> <form method="post" action="/user_step2/{{key}}">
<label for="code">kodea</label> <label for="code">kodea</label>
<input id="code" name="code" value="" type="text" required autofocus> <input id="code" name="code" value="" type="text" required autofocus>
%end %end

1314
ç Normal file
View File

File diff suppressed because it is too large Load Diff