2fa-1.2
This commit is contained in:
parent
b783617335
commit
9b4bd725da
81
app.py
81
app.py
|
|
@ -176,22 +176,26 @@ def post_user():
|
|||
@post('/user/<path>')
|
||||
def post_user_step2(path):
|
||||
form = request.forms.getunicode
|
||||
|
||||
# decrypt url
|
||||
path = base64.urlsafe_b64decode(path)
|
||||
path = cryptocode.decrypt(path.decode('utf-8'), memo.sid)
|
||||
data = path.split(';')
|
||||
|
||||
username = data[0]
|
||||
password = data[1]
|
||||
secret = data[2]
|
||||
|
||||
|
||||
def error(msg):
|
||||
return index_tpl(alerts=[('error', msg, 'fadeOut')], str=i18n.str)
|
||||
|
||||
try:
|
||||
# decrypt url
|
||||
path = base64.urlsafe_b64decode(path)
|
||||
path = cryptocode.decrypt(path.decode('utf-8'), memo.sid)
|
||||
data = path.split(';')
|
||||
|
||||
username = data[0]
|
||||
password = data[1]
|
||||
secret = data[2]
|
||||
except:
|
||||
newSession()
|
||||
return error(i18n.msg[27])
|
||||
|
||||
#if not tools._2fa_validation(form('code'), newSession().get()['authToken']):
|
||||
if not tools._2fa_validation(form('code'), secret):
|
||||
return error('Kode okerra. Saio hasierak huts egin du.')
|
||||
return error(i18n.msg[6])
|
||||
else:
|
||||
|
||||
try:
|
||||
|
|
@ -842,61 +846,6 @@ def add_auth_attribute_step3(conf, username, code, action):
|
|||
|
||||
reload=add_auth_attribute_step1
|
||||
|
||||
# CHECK SECUREAUTH
|
||||
'''
|
||||
def check_2fa_step1(username):
|
||||
changed = []
|
||||
|
||||
for key in (key for key in CONF.sections()
|
||||
if key == 'ldap' or key.startswith('ldap:')):
|
||||
|
||||
LOG.debug("Changing email in %s for %s" % (key, username))
|
||||
try:
|
||||
return check_2fa_step2(CONF[key], username)
|
||||
changed.append(key)
|
||||
LOG.debug("%s changed email address on %s" % (username, key))
|
||||
except Error as e:
|
||||
for key in reversed(changed):
|
||||
LOG.info("Reverting email change in %s for %s" % (key, username))
|
||||
try:
|
||||
return check_2fa_step2(CONF[key], username)
|
||||
except Error as e2:
|
||||
LOG.error('{}: {!s}'.format(e.__class__.__name__, e2))
|
||||
raise e
|
||||
|
||||
def check_2fa_step2(conf, *args):
|
||||
try:
|
||||
return check_2fa_step3(conf, *args)
|
||||
|
||||
except (LDAPBindError, LDAPInvalidCredentialsResult, LDAPUserNameIsMandatoryError):
|
||||
raise Error(i18n.msg[26])
|
||||
|
||||
except LDAPConstraintViolationResult as e:
|
||||
# Extract useful part of the error message (for Samba 4 / AD).
|
||||
msg = e.message.split('check_password_restrictions: ')[-1].capitalize()
|
||||
raise Error(msg)
|
||||
|
||||
except LDAPSocketOpenError as e:
|
||||
LOG.error('{}: {!s}'.format(e.__class__.__name__, e))
|
||||
raise Error(i18n.msg[23])
|
||||
|
||||
except LDAPExceptionError as e:
|
||||
LOG.error('{}: {!s}'.format(e.__class__.__name__, e))
|
||||
raise Error(i18n.msg[23])
|
||||
|
||||
def check_2fa_step3(conf, username):
|
||||
#set current LDAP
|
||||
superUser = SuperUsers(conf)
|
||||
|
||||
with connect_ldap(conf, user=superUser.admin_dn, password=superUser.admin_pwd) as c:
|
||||
user_dn = find_user_dn(conf, c, username)
|
||||
secure_auth_status = check_secure_auth(user_dn, c)
|
||||
print(secure_auth_status)
|
||||
return(secure_auth_status)
|
||||
#c.modify(user_dn, {'mail': [( MODIFY_REPLACE, new_email_addresses )]})
|
||||
#newSession().set(get_user_data(user_dn, c))
|
||||
'''
|
||||
|
||||
#CHANGE PASSWORD
|
||||
def change_passwords(username, old_pass, new_pass):
|
||||
changed = []
|
||||
|
|
|
|||
Loading…
Reference in New Issue