From 4c31e1815ea967ee662f4fce7ccfa5c39c00d374 Mon Sep 17 00:00:00 2001
From: Mohamed ElKalioby <melkalioby@kfshrc.edu.sa>
Date: Wed, 16 Oct 2019 18:53:52 +0300
Subject: [PATCH] Better Rechecking

---
 mfa/FIDO2.py                     | 36 +++++++++++++++++++-------------
 mfa/U2F.py                       |  3 +++
 mfa/templates/FIDO2/recheck.html |  2 +-
 mfa/totp.py                      |  2 ++
 setup.py                         |  2 +-
 5 files changed, 29 insertions(+), 16 deletions(-)

diff --git a/mfa/FIDO2.py b/mfa/FIDO2.py
index 532ea64..21c9dbe 100644
--- a/mfa/FIDO2.py
+++ b/mfa/FIDO2.py
@@ -19,7 +19,8 @@ from django.utils import timezone
 def recheck(request):
     context = csrf(request)
     context["mode"]="recheck"
-    return request("FIDO2/recheck.html", context)
+    request.session["mfa_recheck"]=True
+    return render(request,"FIDO2/recheck.html", context)
 
 
 def getServer():
@@ -102,17 +103,24 @@ def authenticate_complete(request):
         auth_data,
         signature
     )
-    keys = User_Keys.objects.filter(username=username, key_type="FIDO2",enabled=1)
-    import random
-    for k in keys:
-        if AttestedCredentialData(websafe_decode(k.properties["device"])).credential_id == cred.credential_id:
-            k.last_used = timezone.now()
-            k.save()
-            mfa = {"verified": True, "method": "FIDO2",'id':k.id}
-            if getattr(settings, "MFA_RECHECK", False):
-                mfa["next_check"] = int((datetime.datetime.now()+ datetime.timedelta(
-                seconds=random.randint(settings.MFA_RECHECK_MIN, settings.MFA_RECHECK_MAX))).strftime("%s"))
-            request.session["mfa"] = mfa
-            res=login(request)
-            return HttpResponse(simplejson.dumps({'status':"OK","redirect":res["location"]}),content_type="application/json")
+
+    if request.session.get("mfa_recheck",False):
+        import time
+        request.session["mfa"]["rechecked_at"]=time.time()
+        return HttpResponse(simplejson.dumps({'status': "OK"}),
+                            content_type="application/json")
+    else:
+        import random
+        keys = User_Keys.objects.filter(username=username, key_type="FIDO2", enabled=1)
+        for k in keys:
+            if AttestedCredentialData(websafe_decode(k.properties["device"])).credential_id == cred.credential_id:
+                k.last_used = timezone.now()
+                k.save()
+                mfa = {"verified": True, "method": "FIDO2",'id':k.id}
+                if getattr(settings, "MFA_RECHECK", False):
+                    mfa["next_check"] = int((datetime.datetime.now()+ datetime.timedelta(
+                    seconds=random.randint(settings.MFA_RECHECK_MIN, settings.MFA_RECHECK_MAX))).strftime("%s"))
+                request.session["mfa"] = mfa
+                res=login(request)
+                return HttpResponse(simplejson.dumps({'status':"OK","redirect":res["location"]}),content_type="application/json")
     return HttpResponse(simplejson.dumps({'status': "err"}),content_type="application/json")
diff --git a/mfa/U2F.py b/mfa/U2F.py
index 226cecc..938841e 100644
--- a/mfa/U2F.py
+++ b/mfa/U2F.py
@@ -12,6 +12,7 @@ from django.conf import settings
 from django.http import HttpResponse
 from .models import *
 from .views import login
+import datetime
 from django.utils import timezone
 
 def recheck(request):
@@ -26,6 +27,8 @@ def recheck(request):
 def process_recheck(request):
     x=validate(request,request.user.username)
     if x==True:
+        import time
+        request.session["mfa"]["rechecked_at"] = time.time()
         return HttpResponse(simplejson.dumps({"recheck":True}),content_type="application/json")
     return x
 
diff --git a/mfa/templates/FIDO2/recheck.html b/mfa/templates/FIDO2/recheck.html
index 8515af2..00cc783 100644
--- a/mfa/templates/FIDO2/recheck.html
+++ b/mfa/templates/FIDO2/recheck.html
@@ -21,7 +21,7 @@
                 {% if mode == "auth" %}
                     <form id="u2f_login" action="{% url 'fido2_complete_auth' %}" method="post" enctype="multipart/form-data">
                 {% elif mode == "recheck" %}
-                    <form id="u2f_login" action="{% url 'u2f_recheck' %}" method="post">
+                    <form id="u2f_login" action="{% url 'fido2_recheck' %}" method="post" enctype="multipart/form-data">
                 {% endif %}
               {% csrf_token %}
               <input type="hidden" name="response" id="response" value=""/>
diff --git a/mfa/totp.py b/mfa/totp.py
index 826b6a0..bb99bba 100644
--- a/mfa/totp.py
+++ b/mfa/totp.py
@@ -24,6 +24,8 @@ def recheck(request):
     context["mode"]="recheck"
     if request.method == "POST":
         if verify_login(request,request.user.username, token=request.POST["otp"]):
+            import time
+            request.session["mfa"]["rechecked_at"] = time.time()
             return HttpResponse(simplejson.dumps({"recheck": True}), content_type="application/json")
         else:
             return HttpResponse(simplejson.dumps({"recheck": False}), content_type="application/json")
diff --git a/setup.py b/setup.py
index 533ff1c..0e11238 100644
--- a/setup.py
+++ b/setup.py
@@ -4,7 +4,7 @@ from setuptools import find_packages, setup
 
 setup(
     name='django-mfa2',
-    version='1.7.0',
+    version='1.7.5',
     description='Allows user to add 2FA to their accounts',
     long_description=open("README.md").read(),
     long_description_content_type="text/markdown",