Better Rechecking
This commit is contained in:
Mohamed ElKalioby
36
mfa/FIDO2.py
36
mfa/FIDO2.py
@@ -19,7 +19,8 @@ from django.utils import timezone
|
||||
def recheck(request):
|
||||
context = csrf(request)
|
||||
context["mode"]="recheck"
|
||||
return request("FIDO2/recheck.html", context)
|
||||
request.session["mfa_recheck"]=True
|
||||
return render(request,"FIDO2/recheck.html", context)
|
||||
|
||||
|
||||
def getServer():
|
||||
@@ -102,17 +103,24 @@ def authenticate_complete(request):
|
||||
auth_data,
|
||||
signature
|
||||
)
|
||||
keys = User_Keys.objects.filter(username=username, key_type="FIDO2",enabled=1)
|
||||
import random
|
||||
for k in keys:
|
||||
if AttestedCredentialData(websafe_decode(k.properties["device"])).credential_id == cred.credential_id:
|
||||
k.last_used = timezone.now()
|
||||
k.save()
|
||||
mfa = {"verified": True, "method": "FIDO2",'id':k.id}
|
||||
if getattr(settings, "MFA_RECHECK", False):
|
||||
mfa["next_check"] = int((datetime.datetime.now()+ datetime.timedelta(
|
||||
seconds=random.randint(settings.MFA_RECHECK_MIN, settings.MFA_RECHECK_MAX))).strftime("%s"))
|
||||
request.session["mfa"] = mfa
|
||||
res=login(request)
|
||||
return HttpResponse(simplejson.dumps({'status':"OK","redirect":res["location"]}),content_type="application/json")
|
||||
|
||||
if request.session.get("mfa_recheck",False):
|
||||
import time
|
||||
request.session["mfa"]["rechecked_at"]=time.time()
|
||||
return HttpResponse(simplejson.dumps({'status': "OK"}),
|
||||
content_type="application/json")
|
||||
else:
|
||||
import random
|
||||
keys = User_Keys.objects.filter(username=username, key_type="FIDO2", enabled=1)
|
||||
for k in keys:
|
||||
if AttestedCredentialData(websafe_decode(k.properties["device"])).credential_id == cred.credential_id:
|
||||
k.last_used = timezone.now()
|
||||
k.save()
|
||||
mfa = {"verified": True, "method": "FIDO2",'id':k.id}
|
||||
if getattr(settings, "MFA_RECHECK", False):
|
||||
mfa["next_check"] = int((datetime.datetime.now()+ datetime.timedelta(
|
||||
seconds=random.randint(settings.MFA_RECHECK_MIN, settings.MFA_RECHECK_MAX))).strftime("%s"))
|
||||
request.session["mfa"] = mfa
|
||||
res=login(request)
|
||||
return HttpResponse(simplejson.dumps({'status':"OK","redirect":res["location"]}),content_type="application/json")
|
||||
return HttpResponse(simplejson.dumps({'status': "err"}),content_type="application/json")
|
||||
|
||||
@@ -12,6 +12,7 @@ from django.conf import settings
|
||||
from django.http import HttpResponse
|
||||
from .models import *
|
||||
from .views import login
|
||||
import datetime
|
||||
from django.utils import timezone
|
||||
|
||||
def recheck(request):
|
||||
@@ -26,6 +27,8 @@ def recheck(request):
|
||||
def process_recheck(request):
|
||||
x=validate(request,request.user.username)
|
||||
if x==True:
|
||||
import time
|
||||
request.session["mfa"]["rechecked_at"] = time.time()
|
||||
return HttpResponse(simplejson.dumps({"recheck":True}),content_type="application/json")
|
||||
return x
|
||||
|
||||
|
||||
@@ -21,7 +21,7 @@
|
||||
{% if mode == "auth" %}
|
||||
<form id="u2f_login" action="{% url 'fido2_complete_auth' %}" method="post" enctype="multipart/form-data">
|
||||
{% elif mode == "recheck" %}
|
||||
<form id="u2f_login" action="{% url 'u2f_recheck' %}" method="post">
|
||||
<form id="u2f_login" action="{% url 'fido2_recheck' %}" method="post" enctype="multipart/form-data">
|
||||
{% endif %}
|
||||
{% csrf_token %}
|
||||
<input type="hidden" name="response" id="response" value=""/>
|
||||
|
||||
@@ -24,6 +24,8 @@ def recheck(request):
|
||||
context["mode"]="recheck"
|
||||
if request.method == "POST":
|
||||
if verify_login(request,request.user.username, token=request.POST["otp"]):
|
||||
import time
|
||||
request.session["mfa"]["rechecked_at"] = time.time()
|
||||
return HttpResponse(simplejson.dumps({"recheck": True}), content_type="application/json")
|
||||
else:
|
||||
return HttpResponse(simplejson.dumps({"recheck": False}), content_type="application/json")
|
||||
|
||||
Reference in New Issue
Block a user