2fa-0.6
This commit is contained in:
parent
7553c6a443
commit
fc224038a3
2
_2fa.tpl
2
_2fa.tpl
@ -17,7 +17,7 @@
|
||||
|
||||
% if data['secureAuth'] == True:
|
||||
|
||||
<form name="disable2faForm" method="post" action="/user">
|
||||
<form name="disable2faForm" method="post" action="/disable_2fa">
|
||||
|
||||
<label for="2fa">2FA</label>
|
||||
<input id="2fa" name="2fa" type="text" value="{{data['authCode']}}">
|
||||
|
37
app.py
37
app.py
@ -24,7 +24,7 @@ from bottle import SimpleTemplate
|
||||
from bottle.ext import beaker
|
||||
from configparser import ConfigParser
|
||||
from ldap3 import Server, Connection, ALL
|
||||
from ldap3 import SIMPLE, SUBTREE, MODIFY_REPLACE, MODIFY_ADD, ALL_ATTRIBUTES
|
||||
from ldap3 import SIMPLE, SUBTREE, MODIFY_REPLACE, MODIFY_ADD, MODIFY_DELETE, ALL_ATTRIBUTES
|
||||
from ldap3.core.exceptions import LDAPBindError, LDAPConstraintViolationResult, \
|
||||
LDAPInvalidCredentialsResult, LDAPUserNameIsMandatoryError, \
|
||||
LDAPSocketOpenError, LDAPExceptionError, LDAPAttributeOrValueExistsResult
|
||||
@ -278,7 +278,22 @@ def post_edit_email():
|
||||
def post_enable_2fa():
|
||||
try:
|
||||
username=newSession().get()['username']
|
||||
add_auth_attribute_step1(username, tools.generate_secret())
|
||||
add_auth_attribute_step1(username, tools.generate_secret(), action='enable')
|
||||
'''
|
||||
add attribute authCode
|
||||
set session data
|
||||
'''
|
||||
except Error as e:
|
||||
LOG.warning("akatsa")
|
||||
return error(str(e))
|
||||
|
||||
return _2fa_tpl(data=newSession().get(), str=i18n.str)
|
||||
|
||||
@post('/disable_2fa')
|
||||
def post_disable_2fa():
|
||||
try:
|
||||
username=newSession().get()['username']
|
||||
add_auth_attribute_step1(username, tools.generate_secret(), action='disable')
|
||||
'''
|
||||
add attribute authCode
|
||||
set session data
|
||||
@ -677,7 +692,7 @@ def update_email_address(conf, username, old_email, new_email):
|
||||
newSession().set(get_user_data(user_dn, c))
|
||||
|
||||
# ADD AUTHCODE ATTRIBUTE - 2FA
|
||||
def add_auth_attribute_step1(username, code):
|
||||
def add_auth_attribute_step1(username, code, action):
|
||||
changed = []
|
||||
|
||||
for key in (key for key in CONF.sections()
|
||||
@ -685,7 +700,7 @@ def add_auth_attribute_step1(username, code):
|
||||
|
||||
LOG.debug("Adding secureAuth attribute %s to %s" % (key, username))
|
||||
try:
|
||||
add_auth_attribute_step2(CONF[key], username, code)
|
||||
add_auth_attribute_step2(CONF[key], username, code, action)
|
||||
changed.append(key)
|
||||
LOG.debug("%s changed email address on %s" % (username, key))
|
||||
except Error as e:
|
||||
@ -717,15 +732,20 @@ def add_auth_attribute_step2(conf, *args):
|
||||
LOG.error('{}: {!s}'.format(e.__class__.__name__, e))
|
||||
raise Error(i18n.msg[23])
|
||||
|
||||
def add_auth_attribute_step3(conf, username, code):
|
||||
def add_auth_attribute_step3(conf, username, code, action):
|
||||
|
||||
#set current LDAP
|
||||
superUser = SuperUsers(conf)
|
||||
|
||||
print(action)
|
||||
with connect_ldap(conf, user=superUser.admin_dn, password=superUser.admin_pwd) as c:
|
||||
user_dn = find_user_dn(conf, c, username)
|
||||
OBJECT_CLASS = ['top', 'inetOrgPerson', 'posixAccount', 'accountsManagement']
|
||||
c.add(dn=user_dn,object_class=OBJECT_CLASS, attributes={'authCode': code})
|
||||
if(action == 'enable'):
|
||||
c.modify(user_dn,{'authCode': [(MODIFY_ADD, [code])]})
|
||||
c.modify(user_dn,{'secureAuth': [MODIFY_REPLACE, [True]]})
|
||||
elif(action == 'disable'):
|
||||
c.modify(user_dn,{'authCode': [(MODIFY_DELETE, [])]})
|
||||
c.modify(user_dn,{'secureAuth': [MODIFY_REPLACE, [False]]})
|
||||
newSession().set(get_user_data(user_dn, c))
|
||||
|
||||
#CHANGE PASSWORD
|
||||
@ -1011,6 +1031,9 @@ def newSession():
|
||||
self.ip = data[7]
|
||||
self.lastLogin = data[8]
|
||||
self.secureAuth = data[9]
|
||||
try:
|
||||
self.authCode = data[10]
|
||||
except:
|
||||
self.authCode = None
|
||||
|
||||
self.data['active'] = self.active
|
||||
|
Loading…
Reference in New Issue
Block a user