josh/django-mfa2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Adds never_cache decorator to TOTP and Email start and auth views to prevent browser from caching previous codes.

Browse Source
This commit is contained in:
nswain
2020-08-26 11:06:31 -06:00
parent 3d37d0a51f
commit 55375f7002
2 changed files with 6 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
mfa/Email.py
View File

@@ -1,4 +1,5 @@
from django.shortcuts import render
from django.views.decorators.cache import never_cache
from django.template.context_processors import csrf
import datetime,random
from random import randint
@@ -15,6 +16,7 @@ def sendEmail(request,username,secret):
res=render(request,"mfa_email_token_template.html",{"request":request,"user":user,'otp':secret})
return send([user.email],"OTP", str(res.content))
@never_cache
def start(request):
context = csrf(request)
if request.method == "POST":
@@ -36,6 +38,7 @@ def start(request):
if sendEmail(request, request.user.username, request.session["email_secret"]):
context["sent"] = True
return render(request,"Email/Add.html", context)
@never_cache
def auth(request):
context=csrf(request)
if request.method=="POST":