Allowing Key Ownership flag

mfa/CHANGELOG.md

@@ -1,13 +0,0 @@
-# Change Log
-
-## v.1.5.0
-* Added id the key used to validate to the session dictionary as 'id'
-## v1.4.0
-* Updated to FIDO == 0.7
-
-## v1.3.0
-  * Updated to FIDO2 == 0.6
-  * Windows Hello is now supported.
-
-## v1.2.0
- * Added:  MFA_HIDE_DISABLE setting option to disable users from deactivating their keys.

mfa/Email.py

@@ -1,9 +1,9 @@
-from django.shortcuts import render,render_to_response
+from django.shortcuts import render
 from django.template.context_processors import csrf
 import datetime,random
 from random import randint
 from .models import *
-from django.template.context import RequestContext
+#from django.template.context import RequestContext
 from .views import login
 from .Common import send
 def sendEmail(request,username,secret):
@@ -12,8 +12,8 @@ def sendEmail(request,username,secret):
     key = getattr(User, 'USERNAME_FIELD', 'username')
     kwargs = {key: username}
     user = User.objects.get(**kwargs)
-    res=render_to_response("mfa_email_token_template.html",{"request":request,"user":user,'otp':secret})
-    return  send([user.email],"OTP", res.content)
+    res=render(request,"mfa_email_token_template.html",{"request":request,"user":user,'otp':secret})
+    return  send([user.email],"OTP", str(res.content))
 
 def start(request):
     context = csrf(request)
@@ -25,14 +25,17 @@ def start(request):
             uk.enabled=1
             uk.save()
             from django.http import HttpResponseRedirect
-            from django.core.urlresolvers import reverse
+            try:
+                from django.core.urlresolvers import reverse
+            except:
+                from django.urls import reverse
             return HttpResponseRedirect(reverse('mfa_home'))
         context["invalid"] = True
     else:
         request.session["email_secret"] = str(randint(0,100000))
         if sendEmail(request, request.user.username, request.session["email_secret"]):
             context["sent"] = True
-    return render_to_response("Email/Add.html", context, context_instance=RequestContext(request))
+    return render(request,"Email/Add.html", context)
 def auth(request):
     context=csrf(request)
     if request.method=="POST":
@@ -53,4 +56,4 @@ def auth(request):
         request.session["email_secret"] = str(randint(0, 100000))
         if sendEmail(request, request.session["base_username"], request.session["email_secret"]):
             context["sent"] = True
-    return render_to_response("Email/Auth.html", context, context_instance = RequestContext(request))
+    return render(request,"Email/Auth.html", context)

mfa/FIDO2.py

@@ -3,8 +3,8 @@ from fido2.server import Fido2Server, RelyingParty
 from fido2.ctap2 import AttestationObject, AuthenticatorData
 from django.template.context_processors import csrf
 from django.views.decorators.csrf import csrf_exempt
-from django.shortcuts import render_to_response
-from django.template.context import RequestContext
+from django.shortcuts import render
+#from django.template.context import RequestContext
 import simplejson
 from fido2 import cbor
 from django.http import HttpResponse
@@ -19,7 +19,7 @@ from django.utils import timezone
 def recheck(request):
     context = csrf(request)
     context["mode"]="recheck"
-    return render_to_response("FIDO2/recheck.html", context, context_instance=RequestContext(request))
+    return request("FIDO2/recheck.html", context)
 
 
 def getServer():
@@ -63,7 +63,7 @@ def complete_reg(request):
         return HttpResponse(simplejson.dumps({'status': 'ERR',"message":"Error on server, please try again later"}))
 def start(request):
     context = csrf(request)
-    return render_to_response("FIDO2/Add.html", context, RequestContext(request))
+    return render(request,"FIDO2/Add.html", context)
 
 def getUserCredentials(username):
     credentials = []
@@ -73,7 +73,7 @@ def getUserCredentials(username):
 
 def auth(request):
     context=csrf(request)
-    return render_to_response("FIDO2/Auth.html",context,context_instance=RequestContext(request))
+    return render(request,"FIDO2/Auth.html",context)
 
 def authenticate_begin(request):
     server = getServer()

mfa/TrustedDevice.py

@@ -1,6 +1,6 @@
 import string
 import random
-from django.shortcuts import render_to_response,render
+from django.shortcuts import render
 from django.http import HttpResponse
 from django.template.context import RequestContext
 from django.template.context_processors import csrf
@@ -46,7 +46,7 @@ def getCookie(request):
 
     if tk.properties["status"] == "trusted":
         context={"added":True}
-        response = render_to_response("TrustedDevices/Done.html", context, context_instance=RequestContext(request))
+        response = render(request,"TrustedDevices/Done.html", context)
         from datetime import datetime, timedelta
         expires = datetime.now() + timedelta(days=180)
         tk.expires=expires
@@ -57,7 +57,7 @@ def getCookie(request):
 def add(request):
     context=csrf(request)
     if request.method=="GET":
-        return render_to_response("TrustedDevices/Add.html",context,context_instance=RequestContext(request))
+        return render(request,"TrustedDevices/Add.html",context)
     else:
         key=request.POST["key"].replace("-","").replace(" ","").upper()
         context["username"] = request.POST["username"]
@@ -82,11 +82,11 @@ def add(request):
         else:
             context["invalid"]="The username or key is wrong, please check and try again."
 
-        return  render_to_response("TrustedDevices/Add.html", context, context_instance=RequestContext(request))
+        return  render(request,"TrustedDevices/Add.html", context)
 
 def start(request):
     if User_Keys.objects.filter(username=request.user.username,key_type="Trusted Device").count()>= 2:
-        return render_to_response("TrustedDevices/start.html",{"not_allowed":True},context_instance=RequestContext(request))
+        return render(request,"TrustedDevices/start.html",{"not_allowed":True})
     td=None
     if not request.session.get("td_id",None):
         td=User_Keys()
@@ -101,7 +101,7 @@ def start(request):
     except:
         del request.session["td_id"]
         return start(request)
-    return render_to_response("TrustedDevices/start.html",context,context_instance=RequestContext(request))
+    return render(request,"TrustedDevices/start.html",context)
 
 def send_email(request):
     body=render(request,"TrustedDevices/email.html",{}).content

mfa/U2F.py

@@ -4,9 +4,9 @@ from u2flib_server.u2f import (begin_registration, begin_authentication,
 from cryptography import x509
 from cryptography.hazmat.backends import default_backend
 from cryptography.hazmat.primitives.serialization import Encoding
-from django.shortcuts import render_to_response
+from django.shortcuts import render
 import simplejson
-from django.template.context import RequestContext
+#from django.template.context import RequestContext
 from django.template.context_processors import csrf
 from django.conf import settings
 from django.http import HttpResponse
@@ -21,7 +21,7 @@ def recheck(request):
     request.session["_u2f_challenge_"] = s[0]
     context["token"] = s[1]
     request.session["mfa_recheck"]=True
-    return render_to_response("U2F/recheck.html", context, context_instance=RequestContext(request))
+    return render(request,"U2F/recheck.html", context)
 
 def process_recheck(request):
     x=validate(request,request.user.username)
@@ -66,14 +66,14 @@ def auth(request):
     request.session["_u2f_challenge_"]=s[0]
     context["token"]=s[1]
 
-    return render_to_response("U2F/Auth.html",context,context_instance = RequestContext(request))
+    return render(request,"U2F/Auth.html")
 
 def start(request):
     enroll = begin_registration(settings.U2F_APPID, [])
     request.session['_u2f_enroll_'] = enroll.json
     context=csrf(request)
     context["token"]=simplejson.dumps(enroll.data_for_client)
-    return render_to_response("U2F/Add.html",context,RequestContext(request))
+    return render(request,"U2F/Add.html",context)
 
 
 def bind(request):

mfa/__init__.py

@@ -1 +1 @@
-__version__="1.5.0"
+__version__="1.6.0"

mfa/totp.py

@@ -1,4 +1,4 @@
-from django.shortcuts import render,render_to_response
+from django.shortcuts import render
 from django.http import HttpResponse
 from .models import *
 from django.template.context_processors import csrf
@@ -27,7 +27,7 @@ def recheck(request):
             return HttpResponse(simplejson.dumps({"recheck": True}), content_type="application/json")
         else:
             return HttpResponse(simplejson.dumps({"recheck": False}), content_type="application/json")
-    return render_to_response("TOTP/recheck.html", context, context_instance=RequestContext(request))
+    return render(request,"TOTP/recheck.html", context)
 
 def auth(request):
     context=csrf(request)
@@ -42,7 +42,7 @@ def auth(request):
             request.session["mfa"] = mfa
             return login(request)
         context["invalid"]=True
-    return render_to_response("TOTP/Auth.html", context, context_instance = RequestContext(request))
+    return render(request,"TOTP/Auth.html", context)
 
 
 
@@ -67,4 +67,4 @@ def verify(request):
     else: return HttpResponse("Error")
 
 def start(request):
-    return render_to_response("TOTP/Add.html",{},context_instance = RequestContext(request ))
+    return render(request,"TOTP/Add.html",{})

mfa/urls.py

@@ -1,49 +1,53 @@
-from django.conf.urls import  url
-
 from . import views,totp,U2F,TrustedDevice,helpers,FIDO2,Email
-app_name='mfa'
+#app_name='mfa'
+
+try:
+    from django.urls import  re_path as url
+except:
+     from django.conf.urls import  url
 urlpatterns = [
-url(r'totp/start/', totp.start , name="start_new_otop"),
-url(r'totp/getToken', totp.getToken , name="get_new_otop"),
-url(r'totp/verify', totp.verify, name="verify_otop"),
-url(r'totp/auth', totp.auth, name="totp_auth"),
-url(r'totp/recheck', totp.recheck, name="totp_recheck"),
+    url(r'totp/start/', totp.start , name="start_new_otop"),
+    url(r'totp/getToken', totp.getToken , name="get_new_otop"),
+    url(r'totp/verify', totp.verify, name="verify_otop"),
+    url(r'totp/auth', totp.auth, name="totp_auth"),
+    url(r'totp/recheck', totp.recheck, name="totp_recheck"),
 
-url(r'email/start/', Email.start , name="start_email"),
-url(r'email/auth/', Email.auth , name="email_auth"),
+    url(r'email/start/', Email.start , name="start_email"),
+    url(r'email/auth/', Email.auth , name="email_auth"),
 
-url(r'u2f/$', U2F.start, name="start_u2f"),
-url(r'u2f/bind', U2F.bind, name="bind_u2f"),
-url(r'u2f/auth', U2F.auth, name="u2f_auth"),
-url(r'u2f/process_recheck', U2F.process_recheck, name="u2f_recheck"),
-url(r'u2f/verify', U2F.verify, name="u2f_verify"),
+    url(r'u2f/$', U2F.start, name="start_u2f"),
+    url(r'u2f/bind', U2F.bind, name="bind_u2f"),
+    url(r'u2f/auth', U2F.auth, name="u2f_auth"),
+    url(r'u2f/process_recheck', U2F.process_recheck, name="u2f_recheck"),
+    url(r'u2f/verify', U2F.verify, name="u2f_verify"),
 
-url(r'fido2/$', FIDO2.start, name="start_fido2"),
-url(r'fido2/auth', FIDO2.auth, name="fido2_auth"),
-url(r'fido2/begin_auth', FIDO2.authenticate_begin, name="fido2_begin_auth"),
-url(r'fido2/complete_auth', FIDO2.authenticate_complete, name="fido2_complete_auth"),
-url(r'fido2/begin_reg', FIDO2.begin_registeration, name="fido2_begin_reg"),
-url(r'fido2/complete_reg', FIDO2.complete_reg, name="fido2_complete_reg"),
-url(r'u2f/bind', U2F.bind, name="bind_u2f"),
-url(r'u2f/auth', U2F.auth, name="u2f_auth"),
-url(r'u2f/process_recheck', U2F.process_recheck, name="u2f_recheck"),
-url(r'u2f/verify', U2F.verify, name="u2f_verify"),
+    url(r'fido2/$', FIDO2.start, name="start_fido2"),
+    url(r'fido2/auth', FIDO2.auth, name="fido2_auth"),
+    url(r'fido2/begin_auth', FIDO2.authenticate_begin, name="fido2_begin_auth"),
+    url(r'fido2/complete_auth', FIDO2.authenticate_complete, name="fido2_complete_auth"),
+    url(r'fido2/begin_reg', FIDO2.begin_registeration, name="fido2_begin_reg"),
+    url(r'fido2/complete_reg', FIDO2.complete_reg, name="fido2_complete_reg"),
+    url(r'u2f/bind', U2F.bind, name="bind_u2f"),
+    url(r'u2f/auth', U2F.auth, name="u2f_auth"),
+    url(r'u2f/process_recheck', U2F.process_recheck, name="u2f_recheck"),
+    url(r'u2f/verify', U2F.verify, name="u2f_verify"),
 
 
-url(r'td/$', TrustedDevice.start, name="start_td"),
-url(r'td/add', TrustedDevice.add, name="add_td"),
-url(r'td/send_link', TrustedDevice.send_email, name="td_sendemail"),
-url(r'td/get-ua', TrustedDevice.getUserAgent, name="td_get_useragent"),
-url(r'td/trust', TrustedDevice.trust_device, name="td_trust_device"),
-url(r'u2f/checkTrusted', TrustedDevice.checkTrusted, name="td_checkTrusted"),
-url(r'u2f/secure_device', TrustedDevice.getCookie, name="td_securedevice"),
+    url(r'td/$', TrustedDevice.start, name="start_td"),
+    url(r'td/add', TrustedDevice.add, name="add_td"),
+    url(r'td/send_link', TrustedDevice.send_email, name="td_sendemail"),
+    url(r'td/get-ua', TrustedDevice.getUserAgent, name="td_get_useragent"),
+    url(r'td/trust', TrustedDevice.trust_device, name="td_trust_device"),
+    url(r'u2f/checkTrusted', TrustedDevice.checkTrusted, name="td_checkTrusted"),
+    url(r'u2f/secure_device', TrustedDevice.getCookie, name="td_securedevice"),
 
-url(r'^$', views.index, name="mfa_home"),
-url(r'goto/(.*)', views.goto, name="mfa_goto"),
-url(r'selct_method', views.show_methods, name="mfa_methods_list"),
-url(r'recheck', helpers.recheck, name="mfa_recheck"),
-url(r'toggleKey', views.toggleKey, name="toggle_key"),
-url(r'delete', views.delKey, name="mfa_delKey"),
-url(r'reset', views.reset_cookie, name="mfa_reset_cookie"),
+    url(r'^$', views.index, name="mfa_home"),
+    url(r'goto/(.*)', views.goto, name="mfa_goto"),
+    url(r'selct_method', views.show_methods, name="mfa_methods_list"),
+    url(r'recheck', helpers.recheck, name="mfa_recheck"),
+    url(r'toggleKey', views.toggleKey, name="toggle_key"),
+    url(r'delete', views.delKey, name="mfa_delKey"),
+    url(r'reset', views.reset_cookie, name="mfa_reset_cookie"),
 
-    ]
+            ]
+# print(urlpatterns)

mfa/views.py

@@ -1,5 +1,5 @@
-from django.shortcuts import render,render_to_response
-from django.http import HttpResponse,HttpResponseRedirect
+from django.shortcuts import render
+#from django.http import HttpResponse,HttpResponseRedirect
 from .models import *
 try:
     from django.urls import reverse
@@ -7,6 +7,7 @@ except:
     from django.core.urlresolvers import reverse
 from django.template.context_processors import csrf
 from django.template.context import RequestContext
+from django.http import HttpResponseRedirect
 from django.conf import settings
 from . import TrustedDevice
 from user_agents import parse
@@ -21,7 +22,7 @@ def index(request):
             setattr(k,"device",k.properties.get("type","----"))
         keys.append(k)
     context["keys"]=keys
-    return render_to_response("MFA.html",context,context_instance=RequestContext(request))
+    return render(request,"MFA.html",context)
 
 def verify(request,username):
     request.session["base_username"] = username
@@ -39,10 +40,10 @@ def verify(request,username):
     return show_methods(request)
 
 def show_methods(request):
-    return render_to_response("select_mfa_method.html", {}, context_instance = RequestContext(request))
+    return render(request,"select_mfa_method.html", {})
 
 def reset_cookie(request):
-    response=HttpResponseRedirect(settings.BASE_URL)
+    response=HttpResponseRedirect(settings.LOGIN_URL)
     response.delete_cookie("base_username")
     return response
 def login(request):