josh/django-mfa2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

avoid local imports

Browse Source
This commit is contained in:
Tobias Bengfort
2021-06-23 08:26:35 +02:00
parent 6b132683a7
commit 0945561136
7 changed files with 26 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
example/example/auth.py
View File

@@ -3,6 +3,7 @@ from django.http import HttpResponseRedirect
from django.urls import reverse from django.urls import reverse
from django.contrib.auth import authenticate, login, logout from django.contrib.auth import authenticate, login, logout
from django.contrib.auth.models import User from django.contrib.auth.models import User
from mfa.helpers import has_mfa
def loginView(request): def loginView(request):
@@ -12,8 +13,6 @@ def loginView(request):
password = request.POST["password"] password = request.POST["password"]
user = authenticate(username=username, password=password) user = authenticate(username=username, password=password)
if user: if user:
from mfa.helpers import has_mfa
res = has_mfa( res = has_mfa(
username=username, request=request username=username, request=request
) # has_mfa returns false or HttpResponseRedirect ) # has_mfa returns false or HttpResponseRedirect

19
mfa/Email.py
View File

@@ -1,6 +1,15 @@
from django.contrib.auth import get_user_model
from django.http import HttpResponseRedirect
from django.shortcuts import render from django.shortcuts import render
from django.views.decorators.cache import never_cache from django.views.decorators.cache import never_cache
from django.template.context_processors import csrf from django.template.context_processors import csrf
from django.utils import timezone
try:
from django.core.urlresolvers import reverse
except:
from django.urls import reverse
import datetime, random import datetime, random
from random import randint from random import randint
from .models import * from .models import *
@@ -11,8 +20,6 @@ from .Common import send
def sendEmail(request, username, secret): def sendEmail(request, username, secret):
"""Send Email to the user after rendering `mfa_email_token_template`""" """Send Email to the user after rendering `mfa_email_token_template`"""
from django.contrib.auth import get_user_model
User = get_user_model() User = get_user_model()
key = getattr(User, "USERNAME_FIELD", "username") key = getattr(User, "USERNAME_FIELD", "username")
kwargs = {key: username} kwargs = {key: username}
@@ -36,12 +43,6 @@ def start(request):
uk.key_type = "Email" uk.key_type = "Email"
uk.enabled = 1 uk.enabled = 1
uk.save() uk.save()
from django.http import HttpResponseRedirect
try:
from django.core.urlresolvers import reverse
except:
from django.urls import reverse
return HttpResponseRedirect( return HttpResponseRedirect(
reverse( reverse(
getattr(settings, "MFA_REDIRECT_AFTER_REGISTRATION", "mfa_home") getattr(settings, "MFA_REDIRECT_AFTER_REGISTRATION", "mfa_home")
@@ -78,8 +79,6 @@ def auth(request):
) )
request.session["mfa"] = mfa request.session["mfa"] = mfa
from django.utils import timezone
uk.last_used = timezone.now() uk.last_used = timezone.now()
uk.save() uk.save()
return login(request) return login(request)

6
mfa/FIDO2.py
View File

@@ -1,3 +1,5 @@
import random
import time
import traceback import traceback
from fido2.client import ClientData from fido2.client import ClientData
@@ -154,15 +156,11 @@ def authenticate_complete(request):
) )
if request.session.get("mfa_recheck", False): if request.session.get("mfa_recheck", False):
import time
request.session["mfa"]["rechecked_at"] = time.time() request.session["mfa"]["rechecked_at"] = time.time()
return HttpResponse( return HttpResponse(
simplejson.dumps({"status": "OK"}), content_type="application/json" simplejson.dumps({"status": "OK"}), content_type="application/json"
) )
else: else:
import random
keys = User_Keys.objects.filter( keys = User_Keys.objects.filter(
username=username, key_type="FIDO2", enabled=1 username=username, key_type="FIDO2", enabled=1
) )

9
mfa/TrustedDevice.py
View File

@@ -1,5 +1,6 @@
import string import string
import random import random
from datetime import datetime, timedelta
from django.shortcuts import render from django.shortcuts import render
from django.http import HttpResponse from django.http import HttpResponse
from django.template.context import RequestContext from django.template.context import RequestContext
@@ -7,6 +8,9 @@ from django.template.context_processors import csrf
from .models import * from .models import *
import user_agents import user_agents
from django.utils import timezone from django.utils import timezone
from jose import jwt
from .Common import send
def id_generator(size=6, chars=string.ascii_uppercase + string.digits): def id_generator(size=6, chars=string.ascii_uppercase + string.digits):
@@ -55,7 +59,6 @@ def getCookie(request):
if tk.properties["status"] == "trusted": if tk.properties["status"] == "trusted":
context = {"added": True} context = {"added": True}
response = render(request, "TrustedDevices/Done.html", context) response = render(request, "TrustedDevices/Done.html", context)
from datetime import datetime, timedelta
expires = datetime.now() + timedelta(days=180) expires = datetime.now() + timedelta(days=180)
tk.expires = expires tk.expires = expires
@@ -124,8 +127,6 @@ def start(request):
def send_email(request): def send_email(request):
body = render(request, "TrustedDevices/email.html", {}).content body = render(request, "TrustedDevices/email.html", {}).content
from .Common import send
e = request.user.email e = request.user.email
if e == "": if e == "":
e = request.session.get("user", {}).get("email", "") e = request.session.get("user", {}).get("email", "")
@@ -140,8 +141,6 @@ def send_email(request):
def verify(request): def verify(request):
if request.COOKIES.get("deviceid", None): if request.COOKIES.get("deviceid", None):
from jose import jwt
json = jwt.decode(request.COOKIES.get("deviceid"), settings.SECRET_KEY) json = jwt.decode(request.COOKIES.get("deviceid"), settings.SECRET_KEY)
if json["username"].lower() == request.session["base_username"].lower(): if json["username"].lower() == request.session["base_username"].lower():
try: try:

10
mfa/U2F.py
View File

@@ -1,3 +1,7 @@
import datetime, random
import hashlib
import time
from u2flib_server.u2f import ( from u2flib_server.u2f import (
begin_registration, begin_registration,
begin_authentication, begin_authentication,
@@ -32,8 +36,6 @@ def recheck(request):
def process_recheck(request): def process_recheck(request):
x = validate(request, request.user.username) x = validate(request, request.user.username)
if x == True: if x == True:
import time
request.session["mfa"]["rechecked_at"] = time.time() request.session["mfa"]["rechecked_at"] = time.time()
return HttpResponse( return HttpResponse(
simplejson.dumps({"recheck": True}), content_type="application/json" simplejson.dumps({"recheck": True}), content_type="application/json"
@@ -53,8 +55,6 @@ def check_errors(request, data):
def validate(request, username): def validate(request, username):
import datetime, random
data = simplejson.loads(request.POST["response"]) data = simplejson.loads(request.POST["response"])
res = check_errors(request, data) res = check_errors(request, data)
@@ -105,8 +105,6 @@ def start(request):
def bind(request): def bind(request):
import hashlib
enroll = request.session["_u2f_enroll_"] enroll = request.session["_u2f_enroll_"]
data = simplejson.loads(request.POST["response"]) data = simplejson.loads(request.POST["response"])
device, cert = complete_registration(enroll, data, [settings.U2F_APPID]) device, cert = complete_registration(enroll, data, [settings.U2F_APPID])

4
mfa/totp.py
View File

@@ -1,3 +1,5 @@
import time
from django.shortcuts import render from django.shortcuts import render
from django.views.decorators.cache import never_cache from django.views.decorators.cache import never_cache
from django.http import HttpResponse from django.http import HttpResponse
@@ -28,8 +30,6 @@ def recheck(request):
context["mode"] = "recheck" context["mode"] = "recheck"
if request.method == "POST": if request.method == "POST":
if verify_login(request, request.user.username, token=request.POST["otp"]): if verify_login(request, request.user.username, token=request.POST["otp"]):
import time
request.session["mfa"]["rechecked_at"] = time.time() request.session["mfa"]["rechecked_at"] = time.time()
return HttpResponse( return HttpResponse(
simplejson.dumps({"recheck": True}), content_type="application/json" simplejson.dumps({"recheck": True}), content_type="application/json"

9
mfa/views.py
View File

@@ -1,3 +1,7 @@
import importlib
from django.conf import settings
from django.contrib import auth
from django.shortcuts import render from django.shortcuts import render
from django.http import HttpResponse, HttpResponseRedirect from django.http import HttpResponse, HttpResponseRedirect
from .models import * from .models import *
@@ -60,9 +64,6 @@ def reset_cookie(request):
def login(request): def login(request):
from django.contrib import auth
from django.conf import settings
callable_func = __get_callable_function__(settings.MFA_LOGIN_CALLBACK) callable_func = __get_callable_function__(settings.MFA_LOGIN_CALLBACK)
return callable_func(request, username=request.session["base_username"]) return callable_func(request, username=request.session["base_username"])
@@ -78,8 +79,6 @@ def delKey(request):
def __get_callable_function__(func_path): def __get_callable_function__(func_path):
import importlib
if not "." in func_path: if not "." in func_path:
raise Exception("class Name should include modulename.classname") raise Exception("class Name should include modulename.classname")