2fa-1.1

_2fa.tpl

@@ -17,11 +17,11 @@
 
         % if data['secureAuth'] == True:
             <div class="qr-code">
-                <img src="{{'static/tmp/'+data['authCode']+'.png'}}" /> 
+                <img src="{{'static/tmp/'+data['authToken']+'.png'}}" /> 
             </div>
             <form name="disable2faForm" method="post" action="/disable_2fa">
 
-                <input id="2fa" name="2fa" type="text" value="{{data['authCode']}}" readonly>
+                <input id="2fa" name="2fa" type="text" value="{{data['authToken']}}" readonly>
 
                 <div class="form-buttons">
                     <a href="/user"><button class="green" type="button">{{ str['back'] }}</button></a>
@@ -34,7 +34,7 @@
 
             <form name="enable2faForm" method="post" action="/enable_2fa">
 
-                <input id="2fa" name="2fa" type="text" value="{{data['authCode']}}" readonly>
+                <input id="2fa" name="2fa" type="text" value="{{data['authToken']}}" readonly>
 
                 <div class="form-buttons">
                     <a href="/user"><button class="green" type="button">{{ str['back'] }}</button></a>

app.py

@@ -161,7 +161,7 @@ def post_user():
         if(newSession().get()['secureAuth']):
             # encrypt and store the credentials
             sid = newSession().get()['id']
-            data = ';'.join([form('username'),form('password'),newSession().get()['authCode']])
+            data = ';'.join([form('username'),form('password'),newSession().get()['authToken']])
             data_enc = cryptocode.encrypt(data, newSession().get()['id'])
             data_to_url = base64.urlsafe_b64encode(str.encode(data_enc))
             memo.get(data_enc)
@@ -189,7 +189,7 @@ def post_user_step2(path):
     def error(msg):
         return index_tpl(alerts=[('error', msg, 'fadeOut')], str=i18n.str)
 
-    #if not tools._2fa_validation(form('code'), newSession().get()['authCode']):
+    #if not tools._2fa_validation(form('code'), newSession().get()['authToken']):
     if not tools._2fa_validation(form('code'), secret):
         return error('Kode okerra. Saio hasierak huts egin du.')
     else:
@@ -530,7 +530,7 @@ def login_user_ldap(conf, username, password):
             LOG.debug("%s logged in to %s" % (username, conf['base']))
             #check if exists 2fa qr image
             if(newSession().get()['secureAuth']):
-                tools.gen_qr(newSession().get()['authCode'])
+                tools.gen_qr(newSession().get()['authToken'])
 
 #LOGOUT
 def logout(username):
@@ -783,10 +783,10 @@ def add_auth_attribute_step1(username, code, action):
         try:
             add_auth_attribute_step2(CONF[key], username, code, action)
             changed.append(key)
-            LOG.debug("%s changed email address on %s" % (username, key))
+            LOG.debug("%s has activated 2FA authentication on %s" % (username, key))
         except Error as e:
             for key in reversed(changed):
-                LOG.info("Reverting email change in %s for %s" % (key, username))
+                LOG.info("Reverting 2FA activation in %s for %s due to errors" % (key, username))
                 try:
                     new_email_address(CONF[key], username, new_email, old_email)
                 except Error as e2:
@@ -825,14 +825,14 @@ def add_auth_attribute_step3(conf, username, code, action):
     with connect_ldap(conf, user=superUser.admin_dn, password=superUser.admin_pwd) as c:
         user_dn = find_user_dn(conf, c, username)
         if(action == 'enable'):
-            c.modify(user_dn,{'authCode': [(MODIFY_ADD, [code])]})
+            c.modify(user_dn,{'authToken': [(MODIFY_ADD, [code])]})
             c.modify(user_dn,{'secureAuth': [MODIFY_REPLACE, [True]]})
         elif(action == 'disable'):
-            c.modify(user_dn,{'authCode': [(MODIFY_DELETE, [])]})
+            c.modify(user_dn,{'authToken': [(MODIFY_DELETE, [])]})
             c.modify(user_dn,{'secureAuth': [MODIFY_REPLACE, [False]]})
             #remove file
             try:
-                remove('static/tmp/'+newSession().get()['authCode']+'.png')
+                remove('static/tmp/'+newSession().get()['authToken']+'.png')
             except OSError as e:
                 LOG.warning(str(e))
                 #raise Error(e)
@@ -1067,7 +1067,7 @@ def get_user_data(user_dn, conn):
     search_filter = '(objectClass=*)'
     conn.search(user_dn, search_filter,
                 attributes=['active','fakeCn','givenName','sn','uid','mail','devices','ip','lastLogin','secureAuth',
-                            'authCode'])
+                            'authToken'])
     data = []
     data.append(conn.entries[0].active.values[0])
     data.append(conn.entries[0].fakeCn.values[0])
@@ -1082,8 +1082,8 @@ def get_user_data(user_dn, conn):
     #ts = datetime.strftime(t, '%Y-%m-%d %H:%M:%S')
     data.append(str(conn.entries[0].lastLogin.values[0])[:-6])
     data.append(conn.entries[0].secureAuth.values[0])
-    if(conn.entries[0].authCode):
-        data.append(conn.entries[0].authCode.values[0])
+    if(conn.entries[0].authToken):
+        data.append(conn.entries[0].authToken.values[0])
 
     return(data)
 
@@ -1199,9 +1199,9 @@ def newSession():
             self.lastLogin = data[8]
             self.secureAuth = data[9]
             try:
-                self.authCode = data[10]
+                self.authToken = data[10]
             except:
-                self.authCode = None
+                self.authToken = None
 
             self.data['active'] = self.active
             self.data['fakeCn'] = self.fakeCn
@@ -1213,7 +1213,7 @@ def newSession():
             self.data['ip'] = self.ip
             self.data['lastLogin'] = self.lastLogin
             self.data['secureAuth'] = self.secureAuth
-            self.data['authCode'] = self.authCode
+            self.data['authToken'] = self.authToken
 
         def close(self):
             self.data.pop('username')