Better Rechecking
This commit is contained in:
Mohamed ElKalioby
36
mfa/FIDO2.py
36
mfa/FIDO2.py
@@ -19,7 +19,8 @@ from django.utils import timezone
|
|||||||
def recheck(request):
|
def recheck(request):
|
||||||
context = csrf(request)
|
context = csrf(request)
|
||||||
context["mode"]="recheck"
|
context["mode"]="recheck"
|
||||||
return request("FIDO2/recheck.html", context)
|
request.session["mfa_recheck"]=True
|
||||||
|
return render(request,"FIDO2/recheck.html", context)
|
||||||
|
|
||||||
|
|
||||||
def getServer():
|
def getServer():
|
||||||
@@ -102,17 +103,24 @@ def authenticate_complete(request):
|
|||||||
auth_data,
|
auth_data,
|
||||||
signature
|
signature
|
||||||
)
|
)
|
||||||
keys = User_Keys.objects.filter(username=username, key_type="FIDO2",enabled=1)
|
|
||||||
import random
|
if request.session.get("mfa_recheck",False):
|
||||||
for k in keys:
|
import time
|
||||||
if AttestedCredentialData(websafe_decode(k.properties["device"])).credential_id == cred.credential_id:
|
request.session["mfa"]["rechecked_at"]=time.time()
|
||||||
k.last_used = timezone.now()
|
return HttpResponse(simplejson.dumps({'status': "OK"}),
|
||||||
k.save()
|
content_type="application/json")
|
||||||
mfa = {"verified": True, "method": "FIDO2",'id':k.id}
|
else:
|
||||||
if getattr(settings, "MFA_RECHECK", False):
|
import random
|
||||||
mfa["next_check"] = int((datetime.datetime.now()+ datetime.timedelta(
|
keys = User_Keys.objects.filter(username=username, key_type="FIDO2", enabled=1)
|
||||||
seconds=random.randint(settings.MFA_RECHECK_MIN, settings.MFA_RECHECK_MAX))).strftime("%s"))
|
for k in keys:
|
||||||
request.session["mfa"] = mfa
|
if AttestedCredentialData(websafe_decode(k.properties["device"])).credential_id == cred.credential_id:
|
||||||
res=login(request)
|
k.last_used = timezone.now()
|
||||||
return HttpResponse(simplejson.dumps({'status':"OK","redirect":res["location"]}),content_type="application/json")
|
k.save()
|
||||||
|
mfa = {"verified": True, "method": "FIDO2",'id':k.id}
|
||||||
|
if getattr(settings, "MFA_RECHECK", False):
|
||||||
|
mfa["next_check"] = int((datetime.datetime.now()+ datetime.timedelta(
|
||||||
|
seconds=random.randint(settings.MFA_RECHECK_MIN, settings.MFA_RECHECK_MAX))).strftime("%s"))
|
||||||
|
request.session["mfa"] = mfa
|
||||||
|
res=login(request)
|
||||||
|
return HttpResponse(simplejson.dumps({'status':"OK","redirect":res["location"]}),content_type="application/json")
|
||||||
return HttpResponse(simplejson.dumps({'status': "err"}),content_type="application/json")
|
return HttpResponse(simplejson.dumps({'status': "err"}),content_type="application/json")
|
||||||
|
|||||||
@@ -12,6 +12,7 @@ from django.conf import settings
|
|||||||
from django.http import HttpResponse
|
from django.http import HttpResponse
|
||||||
from .models import *
|
from .models import *
|
||||||
from .views import login
|
from .views import login
|
||||||
|
import datetime
|
||||||
from django.utils import timezone
|
from django.utils import timezone
|
||||||
|
|
||||||
def recheck(request):
|
def recheck(request):
|
||||||
@@ -26,6 +27,8 @@ def recheck(request):
|
|||||||
def process_recheck(request):
|
def process_recheck(request):
|
||||||
x=validate(request,request.user.username)
|
x=validate(request,request.user.username)
|
||||||
if x==True:
|
if x==True:
|
||||||
|
import time
|
||||||
|
request.session["mfa"]["rechecked_at"] = time.time()
|
||||||
return HttpResponse(simplejson.dumps({"recheck":True}),content_type="application/json")
|
return HttpResponse(simplejson.dumps({"recheck":True}),content_type="application/json")
|
||||||
return x
|
return x
|
||||||
|
|
||||||
|
|||||||
@@ -21,7 +21,7 @@
|
|||||||
{% if mode == "auth" %}
|
{% if mode == "auth" %}
|
||||||
<form id="u2f_login" action="{% url 'fido2_complete_auth' %}" method="post" enctype="multipart/form-data">
|
<form id="u2f_login" action="{% url 'fido2_complete_auth' %}" method="post" enctype="multipart/form-data">
|
||||||
{% elif mode == "recheck" %}
|
{% elif mode == "recheck" %}
|
||||||
<form id="u2f_login" action="{% url 'u2f_recheck' %}" method="post">
|
<form id="u2f_login" action="{% url 'fido2_recheck' %}" method="post" enctype="multipart/form-data">
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% csrf_token %}
|
{% csrf_token %}
|
||||||
<input type="hidden" name="response" id="response" value=""/>
|
<input type="hidden" name="response" id="response" value=""/>
|
||||||
|
|||||||
@@ -24,6 +24,8 @@ def recheck(request):
|
|||||||
context["mode"]="recheck"
|
context["mode"]="recheck"
|
||||||
if request.method == "POST":
|
if request.method == "POST":
|
||||||
if verify_login(request,request.user.username, token=request.POST["otp"]):
|
if verify_login(request,request.user.username, token=request.POST["otp"]):
|
||||||
|
import time
|
||||||
|
request.session["mfa"]["rechecked_at"] = time.time()
|
||||||
return HttpResponse(simplejson.dumps({"recheck": True}), content_type="application/json")
|
return HttpResponse(simplejson.dumps({"recheck": True}), content_type="application/json")
|
||||||
else:
|
else:
|
||||||
return HttpResponse(simplejson.dumps({"recheck": False}), content_type="application/json")
|
return HttpResponse(simplejson.dumps({"recheck": False}), content_type="application/json")
|
||||||
|
|||||||
2
setup.py
2
setup.py
@@ -4,7 +4,7 @@ from setuptools import find_packages, setup
|
|||||||
|
|
||||||
setup(
|
setup(
|
||||||
name='django-mfa2',
|
name='django-mfa2',
|
||||||
version='1.7.0',
|
version='1.7.5',
|
||||||
description='Allows user to add 2FA to their accounts',
|
description='Allows user to add 2FA to their accounts',
|
||||||
long_description=open("README.md").read(),
|
long_description=open("README.md").read(),
|
||||||
long_description_content_type="text/markdown",
|
long_description_content_type="text/markdown",
|
||||||
|
|||||||
Reference in New Issue
Block a user