This commit is contained in:
Aitzol 2023-11-17 13:17:16 +01:00
parent 7553c6a443
commit fc224038a3
2 changed files with 32 additions and 9 deletions

View File

@ -17,7 +17,7 @@
% if data['secureAuth'] == True:
<form name="disable2faForm" method="post" action="/user">
<form name="disable2faForm" method="post" action="/disable_2fa">
<label for="2fa">2FA</label>
<input id="2fa" name="2fa" type="text" value="{{data['authCode']}}">

37
app.py
View File

@ -24,7 +24,7 @@ from bottle import SimpleTemplate
from bottle.ext import beaker
from configparser import ConfigParser
from ldap3 import Server, Connection, ALL
from ldap3 import SIMPLE, SUBTREE, MODIFY_REPLACE, MODIFY_ADD, ALL_ATTRIBUTES
from ldap3 import SIMPLE, SUBTREE, MODIFY_REPLACE, MODIFY_ADD, MODIFY_DELETE, ALL_ATTRIBUTES
from ldap3.core.exceptions import LDAPBindError, LDAPConstraintViolationResult, \
LDAPInvalidCredentialsResult, LDAPUserNameIsMandatoryError, \
LDAPSocketOpenError, LDAPExceptionError, LDAPAttributeOrValueExistsResult
@ -278,7 +278,22 @@ def post_edit_email():
def post_enable_2fa():
try:
username=newSession().get()['username']
add_auth_attribute_step1(username, tools.generate_secret())
add_auth_attribute_step1(username, tools.generate_secret(), action='enable')
'''
add attribute authCode
set session data
'''
except Error as e:
LOG.warning("akatsa")
return error(str(e))
return _2fa_tpl(data=newSession().get(), str=i18n.str)
@post('/disable_2fa')
def post_disable_2fa():
try:
username=newSession().get()['username']
add_auth_attribute_step1(username, tools.generate_secret(), action='disable')
'''
add attribute authCode
set session data
@ -677,7 +692,7 @@ def update_email_address(conf, username, old_email, new_email):
newSession().set(get_user_data(user_dn, c))
# ADD AUTHCODE ATTRIBUTE - 2FA
def add_auth_attribute_step1(username, code):
def add_auth_attribute_step1(username, code, action):
changed = []
for key in (key for key in CONF.sections()
@ -685,7 +700,7 @@ def add_auth_attribute_step1(username, code):
LOG.debug("Adding secureAuth attribute %s to %s" % (key, username))
try:
add_auth_attribute_step2(CONF[key], username, code)
add_auth_attribute_step2(CONF[key], username, code, action)
changed.append(key)
LOG.debug("%s changed email address on %s" % (username, key))
except Error as e:
@ -717,15 +732,20 @@ def add_auth_attribute_step2(conf, *args):
LOG.error('{}: {!s}'.format(e.__class__.__name__, e))
raise Error(i18n.msg[23])
def add_auth_attribute_step3(conf, username, code):
def add_auth_attribute_step3(conf, username, code, action):
#set current LDAP
superUser = SuperUsers(conf)
print(action)
with connect_ldap(conf, user=superUser.admin_dn, password=superUser.admin_pwd) as c:
user_dn = find_user_dn(conf, c, username)
OBJECT_CLASS = ['top', 'inetOrgPerson', 'posixAccount', 'accountsManagement']
c.add(dn=user_dn,object_class=OBJECT_CLASS, attributes={'authCode': code})
if(action == 'enable'):
c.modify(user_dn,{'authCode': [(MODIFY_ADD, [code])]})
c.modify(user_dn,{'secureAuth': [MODIFY_REPLACE, [True]]})
elif(action == 'disable'):
c.modify(user_dn,{'authCode': [(MODIFY_DELETE, [])]})
c.modify(user_dn,{'secureAuth': [MODIFY_REPLACE, [False]]})
newSession().set(get_user_data(user_dn, c))
#CHANGE PASSWORD
@ -1011,6 +1031,9 @@ def newSession():
self.ip = data[7]
self.lastLogin = data[8]
self.secureAuth = data[9]
try:
self.authCode = data[10]
except:
self.authCode = None
self.data['active'] = self.active