This commit is contained in:
Aitzol 2023-11-17 13:17:16 +01:00
parent 7553c6a443
commit fc224038a3
2 changed files with 32 additions and 9 deletions

View File

@ -17,7 +17,7 @@
% if data['secureAuth'] == True: % if data['secureAuth'] == True:
<form name="disable2faForm" method="post" action="/user"> <form name="disable2faForm" method="post" action="/disable_2fa">
<label for="2fa">2FA</label> <label for="2fa">2FA</label>
<input id="2fa" name="2fa" type="text" value="{{data['authCode']}}"> <input id="2fa" name="2fa" type="text" value="{{data['authCode']}}">

37
app.py
View File

@ -24,7 +24,7 @@ from bottle import SimpleTemplate
from bottle.ext import beaker from bottle.ext import beaker
from configparser import ConfigParser from configparser import ConfigParser
from ldap3 import Server, Connection, ALL from ldap3 import Server, Connection, ALL
from ldap3 import SIMPLE, SUBTREE, MODIFY_REPLACE, MODIFY_ADD, ALL_ATTRIBUTES from ldap3 import SIMPLE, SUBTREE, MODIFY_REPLACE, MODIFY_ADD, MODIFY_DELETE, ALL_ATTRIBUTES
from ldap3.core.exceptions import LDAPBindError, LDAPConstraintViolationResult, \ from ldap3.core.exceptions import LDAPBindError, LDAPConstraintViolationResult, \
LDAPInvalidCredentialsResult, LDAPUserNameIsMandatoryError, \ LDAPInvalidCredentialsResult, LDAPUserNameIsMandatoryError, \
LDAPSocketOpenError, LDAPExceptionError, LDAPAttributeOrValueExistsResult LDAPSocketOpenError, LDAPExceptionError, LDAPAttributeOrValueExistsResult
@ -278,7 +278,22 @@ def post_edit_email():
def post_enable_2fa(): def post_enable_2fa():
try: try:
username=newSession().get()['username'] username=newSession().get()['username']
add_auth_attribute_step1(username, tools.generate_secret()) add_auth_attribute_step1(username, tools.generate_secret(), action='enable')
'''
add attribute authCode
set session data
'''
except Error as e:
LOG.warning("akatsa")
return error(str(e))
return _2fa_tpl(data=newSession().get(), str=i18n.str)
@post('/disable_2fa')
def post_disable_2fa():
try:
username=newSession().get()['username']
add_auth_attribute_step1(username, tools.generate_secret(), action='disable')
''' '''
add attribute authCode add attribute authCode
set session data set session data
@ -677,7 +692,7 @@ def update_email_address(conf, username, old_email, new_email):
newSession().set(get_user_data(user_dn, c)) newSession().set(get_user_data(user_dn, c))
# ADD AUTHCODE ATTRIBUTE - 2FA # ADD AUTHCODE ATTRIBUTE - 2FA
def add_auth_attribute_step1(username, code): def add_auth_attribute_step1(username, code, action):
changed = [] changed = []
for key in (key for key in CONF.sections() for key in (key for key in CONF.sections()
@ -685,7 +700,7 @@ def add_auth_attribute_step1(username, code):
LOG.debug("Adding secureAuth attribute %s to %s" % (key, username)) LOG.debug("Adding secureAuth attribute %s to %s" % (key, username))
try: try:
add_auth_attribute_step2(CONF[key], username, code) add_auth_attribute_step2(CONF[key], username, code, action)
changed.append(key) changed.append(key)
LOG.debug("%s changed email address on %s" % (username, key)) LOG.debug("%s changed email address on %s" % (username, key))
except Error as e: except Error as e:
@ -717,15 +732,20 @@ def add_auth_attribute_step2(conf, *args):
LOG.error('{}: {!s}'.format(e.__class__.__name__, e)) LOG.error('{}: {!s}'.format(e.__class__.__name__, e))
raise Error(i18n.msg[23]) raise Error(i18n.msg[23])
def add_auth_attribute_step3(conf, username, code): def add_auth_attribute_step3(conf, username, code, action):
#set current LDAP #set current LDAP
superUser = SuperUsers(conf) superUser = SuperUsers(conf)
print(action)
with connect_ldap(conf, user=superUser.admin_dn, password=superUser.admin_pwd) as c: with connect_ldap(conf, user=superUser.admin_dn, password=superUser.admin_pwd) as c:
user_dn = find_user_dn(conf, c, username) user_dn = find_user_dn(conf, c, username)
OBJECT_CLASS = ['top', 'inetOrgPerson', 'posixAccount', 'accountsManagement'] if(action == 'enable'):
c.add(dn=user_dn,object_class=OBJECT_CLASS, attributes={'authCode': code}) c.modify(user_dn,{'authCode': [(MODIFY_ADD, [code])]})
c.modify(user_dn,{'secureAuth': [MODIFY_REPLACE, [True]]})
elif(action == 'disable'):
c.modify(user_dn,{'authCode': [(MODIFY_DELETE, [])]})
c.modify(user_dn,{'secureAuth': [MODIFY_REPLACE, [False]]})
newSession().set(get_user_data(user_dn, c)) newSession().set(get_user_data(user_dn, c))
#CHANGE PASSWORD #CHANGE PASSWORD
@ -1011,6 +1031,9 @@ def newSession():
self.ip = data[7] self.ip = data[7]
self.lastLogin = data[8] self.lastLogin = data[8]
self.secureAuth = data[9] self.secureAuth = data[9]
try:
self.authCode = data[10]
except:
self.authCode = None self.authCode = None
self.data['active'] = self.active self.data['active'] = self.active