From 9b4bd725da7bb3d0b6284bd1ea52f1678cb4ea8e Mon Sep 17 00:00:00 2001
From: aitzol <aitzol@lainoa.eus>
Date: Fri, 24 Nov 2023 08:12:00 +0100
Subject: [PATCH] 2fa-1.2

---
 app.py | 81 +++++++++++-----------------------------------------------
 1 file changed, 15 insertions(+), 66 deletions(-)

diff --git a/app.py b/app.py
index 98ed527..91e0ba3 100644
--- a/app.py
+++ b/app.py
@@ -176,22 +176,26 @@ def post_user():
 @post('/user/<path>')
 def post_user_step2(path):
     form = request.forms.getunicode
-    
-    # decrypt url
-    path = base64.urlsafe_b64decode(path)
-    path = cryptocode.decrypt(path.decode('utf-8'), memo.sid)
-    data = path.split(';')
-    
-    username = data[0]
-    password = data[1]
-    secret = data[2]
-    
+     
     def error(msg):
         return index_tpl(alerts=[('error', msg, 'fadeOut')], str=i18n.str)
 
+    try:
+        # decrypt url
+        path = base64.urlsafe_b64decode(path)
+        path = cryptocode.decrypt(path.decode('utf-8'), memo.sid)
+        data = path.split(';')
+        
+        username = data[0]
+        password = data[1]
+        secret = data[2]
+    except:
+        newSession()
+        return error(i18n.msg[27])
+
     #if not tools._2fa_validation(form('code'), newSession().get()['authToken']):
     if not tools._2fa_validation(form('code'), secret):
-        return error('Kode okerra. Saio hasierak huts egin du.')
+        return error(i18n.msg[6])
     else:
   
         try:
@@ -842,61 +846,6 @@ def add_auth_attribute_step3(conf, username, code, action):
 
 reload=add_auth_attribute_step1
 
-# CHECK SECUREAUTH
-'''
-def check_2fa_step1(username):
-    changed = []
-
-    for key in (key for key in CONF.sections()
-                if key == 'ldap' or key.startswith('ldap:')):
-
-        LOG.debug("Changing email in %s for %s" % (key, username))
-        try:
-            return check_2fa_step2(CONF[key], username)
-            changed.append(key)
-            LOG.debug("%s changed email address on %s" % (username, key))
-        except Error as e:
-            for key in reversed(changed):
-                LOG.info("Reverting email change in %s for %s" % (key, username))
-                try:
-                    return check_2fa_step2(CONF[key], username)
-                except Error as e2:
-                    LOG.error('{}: {!s}'.format(e.__class__.__name__, e2))
-            raise e
-
-def check_2fa_step2(conf, *args):
-    try:
-        return check_2fa_step3(conf, *args)
-
-    except (LDAPBindError, LDAPInvalidCredentialsResult, LDAPUserNameIsMandatoryError):
-        raise Error(i18n.msg[26])
-
-    except LDAPConstraintViolationResult as e:
-        # Extract useful part of the error message (for Samba 4 / AD).
-        msg = e.message.split('check_password_restrictions: ')[-1].capitalize()
-        raise Error(msg)
-
-    except LDAPSocketOpenError as e:
-        LOG.error('{}: {!s}'.format(e.__class__.__name__, e))
-        raise Error(i18n.msg[23])
-
-    except LDAPExceptionError as e:
-        LOG.error('{}: {!s}'.format(e.__class__.__name__, e))
-        raise Error(i18n.msg[23])
-    
-def check_2fa_step3(conf, username):
-    #set current LDAP
-    superUser = SuperUsers(conf)
-
-    with connect_ldap(conf, user=superUser.admin_dn, password=superUser.admin_pwd) as c:
-        user_dn = find_user_dn(conf, c, username)
-        secure_auth_status = check_secure_auth(user_dn, c)
-        print(secure_auth_status)
-        return(secure_auth_status)
-        #c.modify(user_dn, {'mail': [( MODIFY_REPLACE, new_email_addresses )]})
-        #newSession().set(get_user_data(user_dn, c))
-'''
-
 #CHANGE PASSWORD
 def change_passwords(username, old_pass, new_pass):
     changed = []