josh/django-mfa2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Adds never_cache decorator to TOTP and Email start and auth views to prevent browser from caching previous codes.

Browse Source
This commit is contained in:
nswain
2020-08-26 11:06:31 -06:00
parent 3d37d0a51f
commit 55375f7002
2 changed files with 6 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
mfa/Email.py
View File

@@ -1,4 +1,5 @@
from django.shortcuts import render from django.shortcuts import render
from django.views.decorators.cache import never_cache
from django.template.context_processors import csrf from django.template.context_processors import csrf
import datetime,random import datetime,random
from random import randint from random import randint
@@ -15,6 +16,7 @@ def sendEmail(request,username,secret):
res=render(request,"mfa_email_token_template.html",{"request":request,"user":user,'otp':secret}) res=render(request,"mfa_email_token_template.html",{"request":request,"user":user,'otp':secret})
return send([user.email],"OTP", str(res.content)) return send([user.email],"OTP", str(res.content))
@never_cache
def start(request): def start(request):
context = csrf(request) context = csrf(request)
if request.method == "POST": if request.method == "POST":
@@ -36,6 +38,7 @@ def start(request):
if sendEmail(request, request.user.username, request.session["email_secret"]): if sendEmail(request, request.user.username, request.session["email_secret"]):
context["sent"] = True context["sent"] = True
return render(request,"Email/Add.html", context) return render(request,"Email/Add.html", context)
@never_cache
def auth(request): def auth(request):
context=csrf(request) context=csrf(request)
if request.method=="POST": if request.method=="POST":

3
mfa/totp.py
View File

@@ -1,4 +1,5 @@
from django.shortcuts import render from django.shortcuts import render
from django.views.decorators.cache import never_cache
from django.http import HttpResponse from django.http import HttpResponse
from .models import * from .models import *
from django.template.context_processors import csrf from django.template.context_processors import csrf
@@ -31,6 +32,7 @@ def recheck(request):
return HttpResponse(simplejson.dumps({"recheck": False}), content_type="application/json") return HttpResponse(simplejson.dumps({"recheck": False}), content_type="application/json")
return render(request,"TOTP/recheck.html", context) return render(request,"TOTP/recheck.html", context)
@never_cache
def auth(request): def auth(request):
context=csrf(request) context=csrf(request)
if request.method=="POST": if request.method=="POST":
@@ -68,5 +70,6 @@ def verify(request):
return HttpResponse("Success") return HttpResponse("Success")
else: return HttpResponse("Error") else: return HttpResponse("Error")
@never_cache
def start(request): def start(request):
return render(request,"TOTP/Add.html",{}) return render(request,"TOTP/Add.html",{})