2fa-0.9

2023-11-22 08:26:22 +01:00 · 2023-11-22 08:26:22 +01:00 · 7e7c599530
commit 7e7c599530
parent 7a7edc1f92
4 changed files with 1374 additions and 40 deletions
--- a/app.py
+++ b/app.py
@ -37,6 +37,8 @@ from libs.helper import tools
 import random
 from user_agents import parse as ua_parse
 from datetime import datetime
+import cryptocode
+import base64

 BASE_DIR = path.dirname(__file__)
 LOG = logging.getLogger(__name__)
@ -46,9 +48,6 @@ VERSION = '0.0.2'
@get('/')
 def get_index():
    try:
-        while(newSession().get()['secureAuth'] and not newSession().secure_logged_in):
-            logout(newSession().get()['username'])
-         
        return user_tpl(data=newSession().get(), str=i18n.str)
    except Exception as e:
        return index_tpl(str=i18n.str)
@ -57,11 +56,6 @@ def get_index():
 def get_index():
    try:
        print(newSession().get())
-        print(newSession().secure_logged_in)
-        print(newSession().id);
-        while(newSession().get()['secureAuth'] and not newSession().secure_logged_in):
-            logout(newSession().get()['username'])
- 
        return user_tpl(data=newSession().get(), str=i18n.str)
    except Exception as e:
        return index_tpl(str=i18n.str)
@ -161,36 +155,25 @@ def post_user():
    username = form('username')
    password = form('password')

-    '''
    try:
-        if(check_2fa_step1(form('username'))):
-            print('kk')
-            #return index_tpl(two_factor_authentication=True, u=(form('username')), p=(form('password')), str=i18n.str)
-    except Error as e:
-        LOG.warning("Erabiltzailea ez da aurkitu???")
-    '''
-    
-    try:
-        #th = threading.Thread(target=login, args=(form('username'), form('password')))
-        #th.start()
        login(form('username'), form('password'))
    except Error as e:
        LOG.warning("Unsuccessful attempt to login %s: %s" % (form('username'), e))
        return error(str(e))
    
+    #print('N:',newSession().get()['id'])
+    key = cryptocode.encrypt(form('password'), newSession().get()['id'])
+    print(key)
+    key = base64.urlsafe_b64encode(str.encode(key))
+    print(key)
+
    try:
        if(check_2fa_step1(form('username'))):
            print('kk')
-            return index_tpl(two_factor_authentication=True, str=i18n.str)
+            return index_tpl(two_factor_authentication=True, key=key, str=i18n.str)
    except Error as e:
        LOG.warning("Erabiltzailea ez da aurkitu???")
-    
-    '''
-    if(not newSession().get()['secureAuth']):
-        return user_tpl(alerts=[('success', '%s %s' % (i18n.msg[1], form('username').capitalize()), 'fadeOut' )], data=newSession().get(), str=i18n.str)
-    elif(newSession().get()['secureAuth']):
-        return index_tpl(two_factor_authentication=True, str=i18n.str)
-    '''
+
    return user_tpl(alerts=[('success', '%s %s' % (i18n.msg[1], form('username').capitalize()), 'fadeOut' )], data=newSession().get(), str=i18n.str)

@post('/user')
@ -220,18 +203,41 @@ def post_user():
        return index_tpl(two_factor_authentication=True, str=i18n.str)
    '''
    return user_tpl(alerts=[('success', '%s %s' % (i18n.msg[1], form('username').capitalize()), 'fadeOut' )], data=newSession().get(), str=i18n.str)
-@post('/user_step2')
-def post_user_step2():
+
+@post('/user_step2/<key>')
+def post_user_step2(key):
    form = request.forms.getunicode

+    secret = newSession().get()['authCode']
+    username = newSession().get()['username']
+    password = base64.urlsafe_b64decode(key)
+    print(password)
+    password = cryptocode.decrypt(password.decode('utf-8'), newSession().get()['id'])
+    print(password)
+    #password = cryptocode.decrypt(key, newSession().get()['id'])
+    
+    print('key:',key)
+    print("sid:",newSession().get()['id'])
+    print('pwd:',password)
+
+    logout(newSession().get()['username'])
+    
    def error(msg):
        return index_tpl(alerts=[('error', msg, 'fadeOut')], str=i18n.str)

-    if not tools._2fa_validation(form('code'), newSession().get()['authCode']):
-        logout(newSession().get()['username'])
+    #if not tools._2fa_validation(form('code'), newSession().get()['authCode']):
+    if not tools._2fa_validation(form('code'), secret):
+        #logout(newSession().get()['username'])
+        logout(username)
        return error('Kode okerra. Saio hasierak huts egin du.')
+    else:

-    newSession.secure_logged_in = True
+        try:
+            login(username, password)
+        except Error as e:
+            LOG.warning("Unsuccessful attempt to login %s: %s" % (form('username'), e))
+            return error(str(e))
+    print(newSession().get())
    return user_tpl(alerts=[('success', '%s %s' % (i18n.msg[1], newSession().get()['username']), 'fadeOut' )], data=newSession().get(), str=i18n.str)

@post('/signup')
@ -506,6 +512,7 @@ def connect_ldap(conf, **kwargs):

 #LOGIN
 def login(username, password):
+
    n = N
    for key in (key for key in CONF.sections()
                if key == 'ldap' or key.startswith('ldap:')):
@ -520,7 +527,6 @@ def login(username, password):
                continue
            else:
                raise e
-
        break

 def login_user(conf, *args):
@ -550,13 +556,15 @@ def login_user_ldap(conf, username, password):
        c.bind()
        if is_trusted_device(conf, user_dn):
            newSession().set(get_user_data(user_dn, c))
-            #new_session(user_dn, c, conf, lambda: check_2fa_step1())
+            newSession().get()['id']=tools.session_id()
            #update timestamp + ip address
            update_login_info(conf, user_dn)
+            LOG.debug("%s logged in to %s" % (username, conf['base']))
            #check if exists 2fa qr image
            if(newSession().get()['secureAuth']):
                tools.gen_qr(newSession().get()['authCode'])
-            LOG.debug("%s logged in to %s" % (username, conf['base']))
+            #if(newSession().get()['secureAuth'] and not newSession().secure_logged_in):
+                #logout(newSession().get()['username'])
 '''
 def new_session(user_dn, c, conf, two_factor_auth):
    while(two_factor_auth):
@ -1189,13 +1197,12 @@ def newSession():
        def __init__(self):
            super(Session, self).__init__()
            self.data = bottle.request.environ.get('beaker.session')
-            self.id = tools.session_id()
-            self.secure_logged_in = False
-            self.lang = self.get_lang()
+            self.id = None
+            #self.lang = self.get_lang()
            #localization
            self.lang = self.get_lang()
            global i18n
-            i18n = LocalizeTo(self.lang, CONF)
+            i18n = LocalizeTo(self.lang, CONF) 

        def get_lang(self):
            if 'HTTP_ACCEPT_LANGUAGE' in bottle.request.environ:
--- a/enc.py
+++ b/enc.py
@ -0,0 +1,13 @@
+import base64
+def encrypt2(message,key):
+	return base64.encodestring("".join([chr(ord(message[i]) ^ ord(key[i % len(key)])) for i in xrange(len(message))]))
+
+def decrypt2(message, key):
+	from itertools import cycle
+	decoded = base64.decodestring(message)
+	return "".join(chr(a ^ b) for a, b in zip(map(ord, decoded), cycle(map(ord, key))))
+
+print(encrypt2("Jo ta ke irabazi arte", "0d0cc0c959044abbb8ba20a4531cea0f"))
+print(decrypt2(encrypt2("Jo ta ke irabazi arte", "0d0cc0c959044abbb8ba20a4531cea0f"), "0d0cc0c959044abbb8ba20a4531cea0f"))
+
+
--- a/index.tpl
+++ b/index.tpl
@ -17,7 +17,7 @@
        
        %try:
            %if two_factor_authentication:
-                <form method="post" action="/user_step2">
+                <form method="post" action="/user_step2/{{key}}">
                    <label for="code">kodea</label>
                    <input id="code" name="code" value="" type="text" required autofocus>
            %end
--- a/1314
+++ b/1314