Better Rechecking

2019-10-16 18:53:52 +03:00
parent 64dafb8d2e
commit 4c31e1815e
5 changed files with 29 additions and 16 deletions
--- a/mfa/FIDO2.py
+++ b/mfa/FIDO2.py
@@ -19,7 +19,8 @@ from django.utils import timezone
 def recheck(request):
    context = csrf(request)
    context["mode"]="recheck"
-    return request("FIDO2/recheck.html", context)
+    request.session["mfa_recheck"]=True
+    return render(request,"FIDO2/recheck.html", context)


 def getServer():
@@ -102,8 +103,15 @@ def authenticate_complete(request):
        auth_data,
        signature
    )
-    keys = User_Keys.objects.filter(username=username, key_type="FIDO2",enabled=1)
+
+    if request.session.get("mfa_recheck",False):
+        import time
+        request.session["mfa"]["rechecked_at"]=time.time()
+        return HttpResponse(simplejson.dumps({'status': "OK"}),
+                            content_type="application/json")
+    else:
        import random
+        keys = User_Keys.objects.filter(username=username, key_type="FIDO2", enabled=1)
        for k in keys:
            if AttestedCredentialData(websafe_decode(k.properties["device"])).credential_id == cred.credential_id:
                k.last_used = timezone.now()
--- a/mfa/U2F.py
+++ b/mfa/U2F.py
@@ -12,6 +12,7 @@ from django.conf import settings
 from django.http import HttpResponse
 from .models import *
 from .views import login
+import datetime
 from django.utils import timezone

 def recheck(request):
@@ -26,6 +27,8 @@ def recheck(request):
 def process_recheck(request):
    x=validate(request,request.user.username)
    if x==True:
+        import time
+        request.session["mfa"]["rechecked_at"] = time.time()
        return HttpResponse(simplejson.dumps({"recheck":True}),content_type="application/json")
    return x

--- a/mfa/templates/FIDO2/recheck.html
+++ b/mfa/templates/FIDO2/recheck.html
@@ -21,7 +21,7 @@
                {% if mode == "auth" %}
                    <form id="u2f_login" action="{% url 'fido2_complete_auth' %}" method="post" enctype="multipart/form-data">
                {% elif mode == "recheck" %}
-                    <form id="u2f_login" action="{% url 'u2f_recheck' %}" method="post">
+                    <form id="u2f_login" action="{% url 'fido2_recheck' %}" method="post" enctype="multipart/form-data">
                {% endif %}
              {% csrf_token %}
              <input type="hidden" name="response" id="response" value=""/>
--- a/mfa/totp.py
+++ b/mfa/totp.py
@@ -24,6 +24,8 @@ def recheck(request):
    context["mode"]="recheck"
    if request.method == "POST":
        if verify_login(request,request.user.username, token=request.POST["otp"]):
+            import time
+            request.session["mfa"]["rechecked_at"] = time.time()
            return HttpResponse(simplejson.dumps({"recheck": True}), content_type="application/json")
        else:
            return HttpResponse(simplejson.dumps({"recheck": False}), content_type="application/json")
--- a/setup.py
+++ b/setup.py
@@ -4,7 +4,7 @@ from setuptools import find_packages, setup

 setup(
    name='django-mfa2',
-    version='1.7.0',
+    version='1.7.5',
    description='Allows user to add 2FA to their accounts',
    long_description=open("README.md").read(),
    long_description_content_type="text/markdown",