2fa-0.7
This commit is contained in:
parent
da0114f2f8
commit
94563bfefc
7
app.py
7
app.py
@ -296,7 +296,7 @@ def post_enable_2fa():
|
|||||||
if(not newSession().get()['secureAuth']):
|
if(not newSession().get()['secureAuth']):
|
||||||
try:
|
try:
|
||||||
username=newSession().get()['username']
|
username=newSession().get()['username']
|
||||||
add_auth_attribute_step1(username, tools.generate_secret(), action='enable')
|
add_auth_attribute_step1(username, tools.gen_secret(), action='enable')
|
||||||
except Error as e:
|
except Error as e:
|
||||||
#add_auth_attribute_step1(newSession().get()['username'], None, None)
|
#add_auth_attribute_step1(newSession().get()['username'], None, None)
|
||||||
reload(newSession().get()['username'], None, None)
|
reload(newSession().get()['username'], None, None)
|
||||||
@ -478,7 +478,10 @@ def login_user_ldap(conf, username, password):
|
|||||||
if is_trusted_device(conf, user_dn):
|
if is_trusted_device(conf, user_dn):
|
||||||
newSession().set(get_user_data(user_dn, c))
|
newSession().set(get_user_data(user_dn, c))
|
||||||
#update timestamp + ip address
|
#update timestamp + ip address
|
||||||
update_login_info(conf, user_dn)
|
update_login_info(conf, user_dn)
|
||||||
|
#check if exists 2fa qr image
|
||||||
|
if(newSession().get()['secureAuth']):
|
||||||
|
tools.gen_qr(newSession().get()['authCode'])
|
||||||
LOG.debug("%s logged in to %s" % (username, conf['base']))
|
LOG.debug("%s logged in to %s" % (username, conf['base']))
|
||||||
|
|
||||||
#LOGOUT
|
#LOGOUT
|
||||||
|
@ -5,6 +5,7 @@ import re
|
|||||||
from onetimepass import valid_totp
|
from onetimepass import valid_totp
|
||||||
from secrets import choice
|
from secrets import choice
|
||||||
import segno
|
import segno
|
||||||
|
from os import path
|
||||||
|
|
||||||
class Tools():
|
class Tools():
|
||||||
|
|
||||||
@ -47,12 +48,26 @@ class Tools():
|
|||||||
return(bool(re.fullmatch(regex, e)))
|
return(bool(re.fullmatch(regex, e)))
|
||||||
|
|
||||||
# 2FA
|
# 2FA
|
||||||
def generate_secret(self): # Function to return a random string with length 16.
|
def gen_qr(self, secret):
|
||||||
|
if(not path.isfile('static/tmp/'+secret+'.png')):
|
||||||
|
qrcode = segno.make(secret, micro=False)
|
||||||
|
qrcode.save('static/tmp/'+secret+'.png', scale=10)
|
||||||
|
|
||||||
|
def gen_secret(self): # Function to return a random string with length 16.
|
||||||
secret = ''
|
secret = ''
|
||||||
while len(secret) < 16:
|
while len(secret) < 16:
|
||||||
secret += choice('ABCDEFGHIJKLMNOPQRSTUVWXYZ234567')
|
secret += choice('ABCDEFGHIJKLMNOPQRSTUVWXYZ234567')
|
||||||
qrcode = segno.make(secret, micro=False)
|
self.gen_qr(secret)
|
||||||
qrcode.save('static/tmp/'+secret+'.png', scale=10)
|
|
||||||
return secret
|
return secret
|
||||||
|
|
||||||
tools = Tools()
|
def 2fa_validation(self, otp):
|
||||||
|
authenticated = valid_totp(otp, secret)
|
||||||
|
if authenticated:
|
||||||
|
print('Correct otp, Authenticated!')
|
||||||
|
return True
|
||||||
|
elif not authenticated:
|
||||||
|
print('Wrong otp, please try again.')
|
||||||
|
return False
|
||||||
|
|
||||||
|
|
||||||
|
Tools = Tools()
|
||||||
|
Loading…
Reference in New Issue
Block a user