diff --git a/example/example/settings.py b/example/example/settings.py index fe33941..6527228 100644 --- a/example/example/settings.py +++ b/example/example/settings.py @@ -141,7 +141,7 @@ MFA_RECHECK=True # Allow random rechecking of the user MFA_RECHECK_MIN=10 # Minimum interval in seconds MFA_RECHECK_MAX=30 # Maximum in seconds MFA_QUICKLOGIN=True # Allow quick login for returning users by provide only their 2FA -MFA_HIDE_DISABLE=('FIDO2',) # Can the user disable his key (Added in 1.2.0). +MFA_HIDE_DISABLE=() # Can the user disable his key (Added in 1.2.0). TOKEN_ISSUER_NAME="PROJECT_NAME" #TOTP Issuer name diff --git a/example/example/urls.py b/example/example/urls.py index 3691a81..f238daf 100644 --- a/example/example/urls.py +++ b/example/example/urls.py @@ -16,9 +16,11 @@ Including another URLconf from django.contrib import admin from django.urls import path,re_path,include from . import views,auth +import mfa urlpatterns = [ path('admin/', admin.site.urls), path('mfa/', include('mfa.urls')), + path('devices/add', mfa.TrustedDevice.add,name="mfa_add_new_trusted_device"), path('auth/login',auth.loginView,name="login"), path('auth/logout',auth.logoutView,name="logout"), diff --git a/mfa/TrustedDevice.py b/mfa/TrustedDevice.py index 812e13e..c8dc085 100644 --- a/mfa/TrustedDevice.py +++ b/mfa/TrustedDevice.py @@ -2,7 +2,6 @@ import string import random from django.shortcuts import render from django.http import HttpResponse -from django.template.context import RequestContext from django.template.context_processors import csrf from .models import * import user_agents @@ -10,7 +9,7 @@ from django.utils import timezone def id_generator(size=6, chars=string.ascii_uppercase + string.digits): x=''.join(random.choice(chars) for _ in range(size)) - if not User_Keys.objects.filter(properties__shas="$.key="+x).exists(): return x + if not User_Keys.objects.filter(properties__icontains=x, key_type="Trusted Device").exists(): return x else: return id_generator(size,chars) def getUserAgent(request): @@ -19,6 +18,7 @@ def getUserAgent(request): tk=User_Keys.objects.get(id=id) if tk.properties.get("user_agent","")!="": ua = user_agents.parse(tk.properties["user_agent"]) + print(ua.os) res = render(None, "TrustedDevices/user-agent.html", context={"ua":ua}) return HttpResponse(res) return HttpResponse("") @@ -69,6 +69,7 @@ def add(request): request.session["td_id"]=tk.id ua=request.META['HTTP_USER_AGENT'] agent=user_agents.parse(ua) + print(agent.os) if agent.is_pc: context["invalid"]="This is a PC, it can't used as a trusted device." else: @@ -124,7 +125,7 @@ def verify(request): json= jwt.decode(request.COOKIES.get('deviceid'),settings.SECRET_KEY) if json["username"].lower()== request.session['base_username'].lower(): try: - uk = User_Keys.objects.get(username=request.POST["username"].lower(), properties__has="$.key=" + json["key"]) + uk = User_Keys.objects.get(username=request.POST["username"].lower(), properties__properties__iregex=rf'{json["key"]}') if uk.enabled and uk.properties["status"] == "trusted": uk.last_used=timezone.now() uk.save() diff --git a/mfa/U2F.py b/mfa/U2F.py index 04d4c12..e448801 100644 --- a/mfa/U2F.py +++ b/mfa/U2F.py @@ -52,7 +52,7 @@ def validate(request,username): challenge = request.session.pop('_u2f_challenge_') device, c, t = complete_authentication(challenge, data, [settings.U2F_APPID]) - key = User_Keys.objects.get(username=username, properties__iregex=rf'{device["publicKey"]}') + key = User_Keys.objects.get(username=username,key_type = "U2F", properties__iregex=rf'{device["publicKey"]}') key.last_used=timezone.now() key.save() mfa = {"verified": True, "method": "U2F","id":key.id} @@ -69,7 +69,7 @@ def auth(request): request.session["_u2f_challenge_"]=s[0] context["token"]=s[1] - return render(request,"U2F/Auth.html") + return render(request,"U2F/Auth.html",context) def start(request): enroll = begin_registration(settings.U2F_APPID, []) diff --git a/mfa/models.py b/mfa/models.py index b97123d..d56d097 100644 --- a/mfa/models.py +++ b/mfa/models.py @@ -2,9 +2,6 @@ from django.db import models from jsonfield import JSONField from jose import jwt from django.conf import settings -from jsonLookup import shasLookup, hasLookup -JSONField.register_lookup(shasLookup) -JSONField.register_lookup(hasLookup) class User_Keys(models.Model): diff --git a/mfa/urls.py b/mfa/urls.py index 90e9432..0e3913a 100644 --- a/mfa/urls.py +++ b/mfa/urls.py @@ -1,10 +1,11 @@ from . import views,totp,U2F,TrustedDevice,helpers,FIDO2,Email -#app_name='mfa' + try: from django.urls import re_path as url except: from django.conf.urls import url + urlpatterns = [ url(r'totp/start/', totp.start , name="start_new_otop"), url(r'totp/getToken', totp.getToken , name="get_new_otop"), @@ -39,6 +40,7 @@ urlpatterns = [ url(r'u2f/secure_device', TrustedDevice.getCookie, name="td_securedevice"), url(r'^$', views.index, name="mfa_home"), + url(r'devices/add$', TrustedDevice.add,name="mfa_add_new_trusted_device"), url(r'goto/(.*)', views.goto, name="mfa_goto"), url(r'selct_method', views.show_methods, name="mfa_methods_list"), url(r'recheck', helpers.recheck, name="mfa_recheck"), diff --git a/setup.py b/setup.py index 4dac42d..928bfaf 100644 --- a/setup.py +++ b/setup.py @@ -4,7 +4,7 @@ from setuptools import find_packages, setup setup( name='django-mfa2', - version='2.1.2', + version='2.2.0b1', description='Allows user to add 2FA to their accounts', long_description=open("README.md").read(), long_description_content_type="text/markdown", @@ -25,13 +25,14 @@ setup( 'user-agents', 'python-jose', 'fido2 == 0.9.1', - 'jsonLookup' + # 'jsonLookup' ], python_requires=">=3.5", include_package_data=True, zip_safe=False, # because we're including static files classifiers=[ - "Development Status :: 5 - Production/Stable", + "Development Status :: 4 - Beta", + #"Development Status :: 5 - Production/Stable", "Environment :: Web Environment", "Framework :: Django", "Framework :: Django :: 1.11",