From b78361733580dcdb081e784f49803079d6e0da44 Mon Sep 17 00:00:00 2001 From: aitzol Date: Fri, 24 Nov 2023 07:46:08 +0100 Subject: [PATCH] 2fa-1.1 --- _2fa.tpl | 6 +++--- app.py | 28 ++++++++++++++-------------- 2 files changed, 17 insertions(+), 17 deletions(-) diff --git a/_2fa.tpl b/_2fa.tpl index dde5a30..9527da0 100644 --- a/_2fa.tpl +++ b/_2fa.tpl @@ -17,11 +17,11 @@ % if data['secureAuth'] == True:
- +
- +
@@ -34,7 +34,7 @@ - +
diff --git a/app.py b/app.py index fde95fc..98ed527 100644 --- a/app.py +++ b/app.py @@ -161,7 +161,7 @@ def post_user(): if(newSession().get()['secureAuth']): # encrypt and store the credentials sid = newSession().get()['id'] - data = ';'.join([form('username'),form('password'),newSession().get()['authCode']]) + data = ';'.join([form('username'),form('password'),newSession().get()['authToken']]) data_enc = cryptocode.encrypt(data, newSession().get()['id']) data_to_url = base64.urlsafe_b64encode(str.encode(data_enc)) memo.get(data_enc) @@ -189,7 +189,7 @@ def post_user_step2(path): def error(msg): return index_tpl(alerts=[('error', msg, 'fadeOut')], str=i18n.str) - #if not tools._2fa_validation(form('code'), newSession().get()['authCode']): + #if not tools._2fa_validation(form('code'), newSession().get()['authToken']): if not tools._2fa_validation(form('code'), secret): return error('Kode okerra. Saio hasierak huts egin du.') else: @@ -530,7 +530,7 @@ def login_user_ldap(conf, username, password): LOG.debug("%s logged in to %s" % (username, conf['base'])) #check if exists 2fa qr image if(newSession().get()['secureAuth']): - tools.gen_qr(newSession().get()['authCode']) + tools.gen_qr(newSession().get()['authToken']) #LOGOUT def logout(username): @@ -783,10 +783,10 @@ def add_auth_attribute_step1(username, code, action): try: add_auth_attribute_step2(CONF[key], username, code, action) changed.append(key) - LOG.debug("%s changed email address on %s" % (username, key)) + LOG.debug("%s has activated 2FA authentication on %s" % (username, key)) except Error as e: for key in reversed(changed): - LOG.info("Reverting email change in %s for %s" % (key, username)) + LOG.info("Reverting 2FA activation in %s for %s due to errors" % (key, username)) try: new_email_address(CONF[key], username, new_email, old_email) except Error as e2: @@ -825,14 +825,14 @@ def add_auth_attribute_step3(conf, username, code, action): with connect_ldap(conf, user=superUser.admin_dn, password=superUser.admin_pwd) as c: user_dn = find_user_dn(conf, c, username) if(action == 'enable'): - c.modify(user_dn,{'authCode': [(MODIFY_ADD, [code])]}) + c.modify(user_dn,{'authToken': [(MODIFY_ADD, [code])]}) c.modify(user_dn,{'secureAuth': [MODIFY_REPLACE, [True]]}) elif(action == 'disable'): - c.modify(user_dn,{'authCode': [(MODIFY_DELETE, [])]}) + c.modify(user_dn,{'authToken': [(MODIFY_DELETE, [])]}) c.modify(user_dn,{'secureAuth': [MODIFY_REPLACE, [False]]}) #remove file try: - remove('static/tmp/'+newSession().get()['authCode']+'.png') + remove('static/tmp/'+newSession().get()['authToken']+'.png') except OSError as e: LOG.warning(str(e)) #raise Error(e) @@ -1067,7 +1067,7 @@ def get_user_data(user_dn, conn): search_filter = '(objectClass=*)' conn.search(user_dn, search_filter, attributes=['active','fakeCn','givenName','sn','uid','mail','devices','ip','lastLogin','secureAuth', - 'authCode']) + 'authToken']) data = [] data.append(conn.entries[0].active.values[0]) data.append(conn.entries[0].fakeCn.values[0]) @@ -1082,8 +1082,8 @@ def get_user_data(user_dn, conn): #ts = datetime.strftime(t, '%Y-%m-%d %H:%M:%S') data.append(str(conn.entries[0].lastLogin.values[0])[:-6]) data.append(conn.entries[0].secureAuth.values[0]) - if(conn.entries[0].authCode): - data.append(conn.entries[0].authCode.values[0]) + if(conn.entries[0].authToken): + data.append(conn.entries[0].authToken.values[0]) return(data) @@ -1199,9 +1199,9 @@ def newSession(): self.lastLogin = data[8] self.secureAuth = data[9] try: - self.authCode = data[10] + self.authToken = data[10] except: - self.authCode = None + self.authToken = None self.data['active'] = self.active self.data['fakeCn'] = self.fakeCn @@ -1213,7 +1213,7 @@ def newSession(): self.data['ip'] = self.ip self.data['lastLogin'] = self.lastLogin self.data['secureAuth'] = self.secureAuth - self.data['authCode'] = self.authCode + self.data['authToken'] = self.authToken def close(self): self.data.pop('username')