2fa-1.1
This commit is contained in:
parent
4ea6831be2
commit
b783617335
6
_2fa.tpl
6
_2fa.tpl
@ -17,11 +17,11 @@
|
||||
|
||||
% if data['secureAuth'] == True:
|
||||
<div class="qr-code">
|
||||
<img src="{{'static/tmp/'+data['authCode']+'.png'}}" />
|
||||
<img src="{{'static/tmp/'+data['authToken']+'.png'}}" />
|
||||
</div>
|
||||
<form name="disable2faForm" method="post" action="/disable_2fa">
|
||||
|
||||
<input id="2fa" name="2fa" type="text" value="{{data['authCode']}}" readonly>
|
||||
<input id="2fa" name="2fa" type="text" value="{{data['authToken']}}" readonly>
|
||||
|
||||
<div class="form-buttons">
|
||||
<a href="/user"><button class="green" type="button">{{ str['back'] }}</button></a>
|
||||
@ -34,7 +34,7 @@
|
||||
|
||||
<form name="enable2faForm" method="post" action="/enable_2fa">
|
||||
|
||||
<input id="2fa" name="2fa" type="text" value="{{data['authCode']}}" readonly>
|
||||
<input id="2fa" name="2fa" type="text" value="{{data['authToken']}}" readonly>
|
||||
|
||||
<div class="form-buttons">
|
||||
<a href="/user"><button class="green" type="button">{{ str['back'] }}</button></a>
|
||||
|
||||
28
app.py
28
app.py
@ -161,7 +161,7 @@ def post_user():
|
||||
if(newSession().get()['secureAuth']):
|
||||
# encrypt and store the credentials
|
||||
sid = newSession().get()['id']
|
||||
data = ';'.join([form('username'),form('password'),newSession().get()['authCode']])
|
||||
data = ';'.join([form('username'),form('password'),newSession().get()['authToken']])
|
||||
data_enc = cryptocode.encrypt(data, newSession().get()['id'])
|
||||
data_to_url = base64.urlsafe_b64encode(str.encode(data_enc))
|
||||
memo.get(data_enc)
|
||||
@ -189,7 +189,7 @@ def post_user_step2(path):
|
||||
def error(msg):
|
||||
return index_tpl(alerts=[('error', msg, 'fadeOut')], str=i18n.str)
|
||||
|
||||
#if not tools._2fa_validation(form('code'), newSession().get()['authCode']):
|
||||
#if not tools._2fa_validation(form('code'), newSession().get()['authToken']):
|
||||
if not tools._2fa_validation(form('code'), secret):
|
||||
return error('Kode okerra. Saio hasierak huts egin du.')
|
||||
else:
|
||||
@ -530,7 +530,7 @@ def login_user_ldap(conf, username, password):
|
||||
LOG.debug("%s logged in to %s" % (username, conf['base']))
|
||||
#check if exists 2fa qr image
|
||||
if(newSession().get()['secureAuth']):
|
||||
tools.gen_qr(newSession().get()['authCode'])
|
||||
tools.gen_qr(newSession().get()['authToken'])
|
||||
|
||||
#LOGOUT
|
||||
def logout(username):
|
||||
@ -783,10 +783,10 @@ def add_auth_attribute_step1(username, code, action):
|
||||
try:
|
||||
add_auth_attribute_step2(CONF[key], username, code, action)
|
||||
changed.append(key)
|
||||
LOG.debug("%s changed email address on %s" % (username, key))
|
||||
LOG.debug("%s has activated 2FA authentication on %s" % (username, key))
|
||||
except Error as e:
|
||||
for key in reversed(changed):
|
||||
LOG.info("Reverting email change in %s for %s" % (key, username))
|
||||
LOG.info("Reverting 2FA activation in %s for %s due to errors" % (key, username))
|
||||
try:
|
||||
new_email_address(CONF[key], username, new_email, old_email)
|
||||
except Error as e2:
|
||||
@ -825,14 +825,14 @@ def add_auth_attribute_step3(conf, username, code, action):
|
||||
with connect_ldap(conf, user=superUser.admin_dn, password=superUser.admin_pwd) as c:
|
||||
user_dn = find_user_dn(conf, c, username)
|
||||
if(action == 'enable'):
|
||||
c.modify(user_dn,{'authCode': [(MODIFY_ADD, [code])]})
|
||||
c.modify(user_dn,{'authToken': [(MODIFY_ADD, [code])]})
|
||||
c.modify(user_dn,{'secureAuth': [MODIFY_REPLACE, [True]]})
|
||||
elif(action == 'disable'):
|
||||
c.modify(user_dn,{'authCode': [(MODIFY_DELETE, [])]})
|
||||
c.modify(user_dn,{'authToken': [(MODIFY_DELETE, [])]})
|
||||
c.modify(user_dn,{'secureAuth': [MODIFY_REPLACE, [False]]})
|
||||
#remove file
|
||||
try:
|
||||
remove('static/tmp/'+newSession().get()['authCode']+'.png')
|
||||
remove('static/tmp/'+newSession().get()['authToken']+'.png')
|
||||
except OSError as e:
|
||||
LOG.warning(str(e))
|
||||
#raise Error(e)
|
||||
@ -1067,7 +1067,7 @@ def get_user_data(user_dn, conn):
|
||||
search_filter = '(objectClass=*)'
|
||||
conn.search(user_dn, search_filter,
|
||||
attributes=['active','fakeCn','givenName','sn','uid','mail','devices','ip','lastLogin','secureAuth',
|
||||
'authCode'])
|
||||
'authToken'])
|
||||
data = []
|
||||
data.append(conn.entries[0].active.values[0])
|
||||
data.append(conn.entries[0].fakeCn.values[0])
|
||||
@ -1082,8 +1082,8 @@ def get_user_data(user_dn, conn):
|
||||
#ts = datetime.strftime(t, '%Y-%m-%d %H:%M:%S')
|
||||
data.append(str(conn.entries[0].lastLogin.values[0])[:-6])
|
||||
data.append(conn.entries[0].secureAuth.values[0])
|
||||
if(conn.entries[0].authCode):
|
||||
data.append(conn.entries[0].authCode.values[0])
|
||||
if(conn.entries[0].authToken):
|
||||
data.append(conn.entries[0].authToken.values[0])
|
||||
|
||||
return(data)
|
||||
|
||||
@ -1199,9 +1199,9 @@ def newSession():
|
||||
self.lastLogin = data[8]
|
||||
self.secureAuth = data[9]
|
||||
try:
|
||||
self.authCode = data[10]
|
||||
self.authToken = data[10]
|
||||
except:
|
||||
self.authCode = None
|
||||
self.authToken = None
|
||||
|
||||
self.data['active'] = self.active
|
||||
self.data['fakeCn'] = self.fakeCn
|
||||
@ -1213,7 +1213,7 @@ def newSession():
|
||||
self.data['ip'] = self.ip
|
||||
self.data['lastLogin'] = self.lastLogin
|
||||
self.data['secureAuth'] = self.secureAuth
|
||||
self.data['authCode'] = self.authCode
|
||||
self.data['authToken'] = self.authToken
|
||||
|
||||
def close(self):
|
||||
self.data.pop('username')
|
||||
|
||||
Loading…
Reference in New Issue
Block a user