aitzol/ldap-python-webui
1
0
Fork 0
Code Issues Pull Requests Projects Releases 3 Wiki Activity

2fa-1.1

Browse Source
This commit is contained in:
aitzol 2023-11-24 07:46:08 +01:00
parent 4ea6831be2
commit b783617335
2 changed files with 17 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
_2fa.tpl
View File

@ -17,11 +17,11 @@
% if data['secureAuth'] == True: % if data['secureAuth'] == True:
<div class="qr-code"> <div class="qr-code">
<img src="{{'static/tmp/'+data['authCode']+'.png'}}" /> <img src="{{'static/tmp/'+data['authToken']+'.png'}}" />
</div> </div>
<form name="disable2faForm" method="post" action="/disable_2fa"> <form name="disable2faForm" method="post" action="/disable_2fa">
<input id="2fa" name="2fa" type="text" value="{{data['authCode']}}" readonly> <input id="2fa" name="2fa" type="text" value="{{data['authToken']}}" readonly>
<div class="form-buttons"> <div class="form-buttons">
<a href="/user"><button class="green" type="button">{{ str['back'] }}</button></a> <a href="/user"><button class="green" type="button">{{ str['back'] }}</button></a>
@ -34,7 +34,7 @@
<form name="enable2faForm" method="post" action="/enable_2fa"> <form name="enable2faForm" method="post" action="/enable_2fa">
<input id="2fa" name="2fa" type="text" value="{{data['authCode']}}" readonly> <input id="2fa" name="2fa" type="text" value="{{data['authToken']}}" readonly>
<div class="form-buttons"> <div class="form-buttons">
<a href="/user"><button class="green" type="button">{{ str['back'] }}</button></a> <a href="/user"><button class="green" type="button">{{ str['back'] }}</button></a>

28
app.py
View File

@ -161,7 +161,7 @@ def post_user():
if(newSession().get()['secureAuth']): if(newSession().get()['secureAuth']):
# encrypt and store the credentials # encrypt and store the credentials
sid = newSession().get()['id'] sid = newSession().get()['id']
data = ';'.join([form('username'),form('password'),newSession().get()['authCode']]) data = ';'.join([form('username'),form('password'),newSession().get()['authToken']])
data_enc = cryptocode.encrypt(data, newSession().get()['id']) data_enc = cryptocode.encrypt(data, newSession().get()['id'])
data_to_url = base64.urlsafe_b64encode(str.encode(data_enc)) data_to_url = base64.urlsafe_b64encode(str.encode(data_enc))
memo.get(data_enc) memo.get(data_enc)
@ -189,7 +189,7 @@ def post_user_step2(path):
def error(msg): def error(msg):
return index_tpl(alerts=[('error', msg, 'fadeOut')], str=i18n.str) return index_tpl(alerts=[('error', msg, 'fadeOut')], str=i18n.str)
#if not tools._2fa_validation(form('code'), newSession().get()['authCode']): #if not tools._2fa_validation(form('code'), newSession().get()['authToken']):
if not tools._2fa_validation(form('code'), secret): if not tools._2fa_validation(form('code'), secret):
return error('Kode okerra. Saio hasierak huts egin du.') return error('Kode okerra. Saio hasierak huts egin du.')
else: else:
@ -530,7 +530,7 @@ def login_user_ldap(conf, username, password):
LOG.debug("%s logged in to %s" % (username, conf['base'])) LOG.debug("%s logged in to %s" % (username, conf['base']))
#check if exists 2fa qr image #check if exists 2fa qr image
if(newSession().get()['secureAuth']): if(newSession().get()['secureAuth']):
tools.gen_qr(newSession().get()['authCode']) tools.gen_qr(newSession().get()['authToken'])
#LOGOUT #LOGOUT
def logout(username): def logout(username):
@ -783,10 +783,10 @@ def add_auth_attribute_step1(username, code, action):
try: try:
add_auth_attribute_step2(CONF[key], username, code, action) add_auth_attribute_step2(CONF[key], username, code, action)
changed.append(key) changed.append(key)
LOG.debug("%s changed email address on %s" % (username, key)) LOG.debug("%s has activated 2FA authentication on %s" % (username, key))
except Error as e: except Error as e:
for key in reversed(changed): for key in reversed(changed):
LOG.info("Reverting email change in %s for %s" % (key, username)) LOG.info("Reverting 2FA activation in %s for %s due to errors" % (key, username))
try: try:
new_email_address(CONF[key], username, new_email, old_email) new_email_address(CONF[key], username, new_email, old_email)
except Error as e2: except Error as e2:
@ -825,14 +825,14 @@ def add_auth_attribute_step3(conf, username, code, action):
with connect_ldap(conf, user=superUser.admin_dn, password=superUser.admin_pwd) as c: with connect_ldap(conf, user=superUser.admin_dn, password=superUser.admin_pwd) as c:
user_dn = find_user_dn(conf, c, username) user_dn = find_user_dn(conf, c, username)
if(action == 'enable'): if(action == 'enable'):
c.modify(user_dn,{'authCode': [(MODIFY_ADD, [code])]}) c.modify(user_dn,{'authToken': [(MODIFY_ADD, [code])]})
c.modify(user_dn,{'secureAuth': [MODIFY_REPLACE, [True]]}) c.modify(user_dn,{'secureAuth': [MODIFY_REPLACE, [True]]})
elif(action == 'disable'): elif(action == 'disable'):
c.modify(user_dn,{'authCode': [(MODIFY_DELETE, [])]}) c.modify(user_dn,{'authToken': [(MODIFY_DELETE, [])]})
c.modify(user_dn,{'secureAuth': [MODIFY_REPLACE, [False]]}) c.modify(user_dn,{'secureAuth': [MODIFY_REPLACE, [False]]})
#remove file #remove file
try: try:
remove('static/tmp/'+newSession().get()['authCode']+'.png') remove('static/tmp/'+newSession().get()['authToken']+'.png')
except OSError as e: except OSError as e:
LOG.warning(str(e)) LOG.warning(str(e))
#raise Error(e) #raise Error(e)
@ -1067,7 +1067,7 @@ def get_user_data(user_dn, conn):
search_filter = '(objectClass=*)' search_filter = '(objectClass=*)'
conn.search(user_dn, search_filter, conn.search(user_dn, search_filter,
attributes=['active','fakeCn','givenName','sn','uid','mail','devices','ip','lastLogin','secureAuth', attributes=['active','fakeCn','givenName','sn','uid','mail','devices','ip','lastLogin','secureAuth',
'authCode']) 'authToken'])
data = [] data = []
data.append(conn.entries[0].active.values[0]) data.append(conn.entries[0].active.values[0])
data.append(conn.entries[0].fakeCn.values[0]) data.append(conn.entries[0].fakeCn.values[0])
@ -1082,8 +1082,8 @@ def get_user_data(user_dn, conn):
#ts = datetime.strftime(t, '%Y-%m-%d %H:%M:%S') #ts = datetime.strftime(t, '%Y-%m-%d %H:%M:%S')
data.append(str(conn.entries[0].lastLogin.values[0])[:-6]) data.append(str(conn.entries[0].lastLogin.values[0])[:-6])
data.append(conn.entries[0].secureAuth.values[0]) data.append(conn.entries[0].secureAuth.values[0])
if(conn.entries[0].authCode): if(conn.entries[0].authToken):
data.append(conn.entries[0].authCode.values[0]) data.append(conn.entries[0].authToken.values[0])
return(data) return(data)
@ -1199,9 +1199,9 @@ def newSession():
self.lastLogin = data[8] self.lastLogin = data[8]
self.secureAuth = data[9] self.secureAuth = data[9]
try: try:
self.authCode = data[10] self.authToken = data[10]
except: except:
self.authCode = None self.authToken = None
self.data['active'] = self.active self.data['active'] = self.active
self.data['fakeCn'] = self.fakeCn self.data['fakeCn'] = self.fakeCn
@ -1213,7 +1213,7 @@ def newSession():
self.data['ip'] = self.ip self.data['ip'] = self.ip
self.data['lastLogin'] = self.lastLogin self.data['lastLogin'] = self.lastLogin
self.data['secureAuth'] = self.secureAuth self.data['secureAuth'] = self.secureAuth
self.data['authCode'] = self.authCode self.data['authToken'] = self.authToken
def close(self): def close(self):
self.data.pop('username') self.data.pop('username')