From 0945561136e9a00c098b517f7eb9fe1b97ed56fc Mon Sep 17 00:00:00 2001
From: Tobias Bengfort <tobias.bengfort@posteo.de>
Date: Wed, 23 Jun 2021 08:26:35 +0200
Subject: [PATCH] avoid local imports

---
 example/example/auth.py |  3 +--
 mfa/Email.py            | 19 +++++++++----------
 mfa/FIDO2.py            |  6 ++----
 mfa/TrustedDevice.py    |  9 ++++-----
 mfa/U2F.py              | 10 ++++------
 mfa/totp.py             |  4 ++--
 mfa/views.py            |  9 ++++-----
 7 files changed, 26 insertions(+), 34 deletions(-)

diff --git a/example/example/auth.py b/example/example/auth.py
index 6d6fda6..3dc9b2f 100644
--- a/example/example/auth.py
+++ b/example/example/auth.py
@@ -3,6 +3,7 @@ from django.http import HttpResponseRedirect
 from django.urls import reverse
 from django.contrib.auth import authenticate, login, logout
 from django.contrib.auth.models import User
+from mfa.helpers import has_mfa
 
 
 def loginView(request):
@@ -12,8 +13,6 @@ def loginView(request):
         password = request.POST["password"]
         user = authenticate(username=username, password=password)
         if user:
-            from mfa.helpers import has_mfa
-
             res = has_mfa(
                 username=username, request=request
             )  # has_mfa returns false or HttpResponseRedirect
diff --git a/mfa/Email.py b/mfa/Email.py
index ba6caf1..5b7055f 100644
--- a/mfa/Email.py
+++ b/mfa/Email.py
@@ -1,6 +1,15 @@
+from django.contrib.auth import get_user_model
+from django.http import HttpResponseRedirect
 from django.shortcuts import render
 from django.views.decorators.cache import never_cache
 from django.template.context_processors import csrf
+from django.utils import timezone
+
+try:
+    from django.core.urlresolvers import reverse
+except:
+    from django.urls import reverse
+
 import datetime, random
 from random import randint
 from .models import *
@@ -11,8 +20,6 @@ from .Common import send
 
 def sendEmail(request, username, secret):
     """Send Email to the user after rendering `mfa_email_token_template`"""
-    from django.contrib.auth import get_user_model
-
     User = get_user_model()
     key = getattr(User, "USERNAME_FIELD", "username")
     kwargs = {key: username}
@@ -36,12 +43,6 @@ def start(request):
             uk.key_type = "Email"
             uk.enabled = 1
             uk.save()
-            from django.http import HttpResponseRedirect
-
-            try:
-                from django.core.urlresolvers import reverse
-            except:
-                from django.urls import reverse
             return HttpResponseRedirect(
                 reverse(
                     getattr(settings, "MFA_REDIRECT_AFTER_REGISTRATION", "mfa_home")
@@ -78,8 +79,6 @@ def auth(request):
                 )
             request.session["mfa"] = mfa
 
-            from django.utils import timezone
-
             uk.last_used = timezone.now()
             uk.save()
             return login(request)
diff --git a/mfa/FIDO2.py b/mfa/FIDO2.py
index 70fa2a1..2ece302 100644
--- a/mfa/FIDO2.py
+++ b/mfa/FIDO2.py
@@ -1,3 +1,5 @@
+import random
+import time
 import traceback
 
 from fido2.client import ClientData
@@ -154,15 +156,11 @@ def authenticate_complete(request):
             )
 
         if request.session.get("mfa_recheck", False):
-            import time
-
             request.session["mfa"]["rechecked_at"] = time.time()
             return HttpResponse(
                 simplejson.dumps({"status": "OK"}), content_type="application/json"
             )
         else:
-            import random
-
             keys = User_Keys.objects.filter(
                 username=username, key_type="FIDO2", enabled=1
             )
diff --git a/mfa/TrustedDevice.py b/mfa/TrustedDevice.py
index e0fe3b8..85d3af4 100644
--- a/mfa/TrustedDevice.py
+++ b/mfa/TrustedDevice.py
@@ -1,5 +1,6 @@
 import string
 import random
+from datetime import datetime, timedelta
 from django.shortcuts import render
 from django.http import HttpResponse
 from django.template.context import RequestContext
@@ -7,6 +8,9 @@ from django.template.context_processors import csrf
 from .models import *
 import user_agents
 from django.utils import timezone
+from jose import jwt
+
+from .Common import send
 
 
 def id_generator(size=6, chars=string.ascii_uppercase + string.digits):
@@ -55,7 +59,6 @@ def getCookie(request):
     if tk.properties["status"] == "trusted":
         context = {"added": True}
         response = render(request, "TrustedDevices/Done.html", context)
-        from datetime import datetime, timedelta
 
         expires = datetime.now() + timedelta(days=180)
         tk.expires = expires
@@ -124,8 +127,6 @@ def start(request):
 
 def send_email(request):
     body = render(request, "TrustedDevices/email.html", {}).content
-    from .Common import send
-
     e = request.user.email
     if e == "":
         e = request.session.get("user", {}).get("email", "")
@@ -140,8 +141,6 @@ def send_email(request):
 
 def verify(request):
     if request.COOKIES.get("deviceid", None):
-        from jose import jwt
-
         json = jwt.decode(request.COOKIES.get("deviceid"), settings.SECRET_KEY)
         if json["username"].lower() == request.session["base_username"].lower():
             try:
diff --git a/mfa/U2F.py b/mfa/U2F.py
index 239fdba..0c78c91 100644
--- a/mfa/U2F.py
+++ b/mfa/U2F.py
@@ -1,3 +1,7 @@
+import datetime, random
+import hashlib
+import time
+
 from u2flib_server.u2f import (
     begin_registration,
     begin_authentication,
@@ -32,8 +36,6 @@ def recheck(request):
 def process_recheck(request):
     x = validate(request, request.user.username)
     if x == True:
-        import time
-
         request.session["mfa"]["rechecked_at"] = time.time()
         return HttpResponse(
             simplejson.dumps({"recheck": True}), content_type="application/json"
@@ -53,8 +55,6 @@ def check_errors(request, data):
 
 
 def validate(request, username):
-    import datetime, random
-
     data = simplejson.loads(request.POST["response"])
 
     res = check_errors(request, data)
@@ -105,8 +105,6 @@ def start(request):
 
 
 def bind(request):
-    import hashlib
-
     enroll = request.session["_u2f_enroll_"]
     data = simplejson.loads(request.POST["response"])
     device, cert = complete_registration(enroll, data, [settings.U2F_APPID])
diff --git a/mfa/totp.py b/mfa/totp.py
index ff2973a..fccb61f 100644
--- a/mfa/totp.py
+++ b/mfa/totp.py
@@ -1,3 +1,5 @@
+import time
+
 from django.shortcuts import render
 from django.views.decorators.cache import never_cache
 from django.http import HttpResponse
@@ -28,8 +30,6 @@ def recheck(request):
     context["mode"] = "recheck"
     if request.method == "POST":
         if verify_login(request, request.user.username, token=request.POST["otp"]):
-            import time
-
             request.session["mfa"]["rechecked_at"] = time.time()
             return HttpResponse(
                 simplejson.dumps({"recheck": True}), content_type="application/json"
diff --git a/mfa/views.py b/mfa/views.py
index f862ab9..ea829cd 100644
--- a/mfa/views.py
+++ b/mfa/views.py
@@ -1,3 +1,7 @@
+import importlib
+
+from django.conf import settings
+from django.contrib import auth
 from django.shortcuts import render
 from django.http import HttpResponse, HttpResponseRedirect
 from .models import *
@@ -60,9 +64,6 @@ def reset_cookie(request):
 
 
 def login(request):
-    from django.contrib import auth
-    from django.conf import settings
-
     callable_func = __get_callable_function__(settings.MFA_LOGIN_CALLBACK)
     return callable_func(request, username=request.session["base_username"])
 
@@ -78,8 +79,6 @@ def delKey(request):
 
 
 def __get_callable_function__(func_path):
-    import importlib
-
     if not "." in func_path:
         raise Exception("class Name should include modulename.classname")