diff --git a/mfa/Email.py b/mfa/Email.py index c337009..2fcac08 100644 --- a/mfa/Email.py +++ b/mfa/Email.py @@ -12,7 +12,7 @@ from django.utils import timezone from django.views.decorators.cache import never_cache from .Common import send -from .models import User_Keys +from .models import UserKey from .views import login @@ -36,7 +36,7 @@ def start(request): context = csrf(request) if request.method == "POST": if request.session["email_secret"] == request.POST["otp"]: # if successful - uk = User_Keys() + uk = UserKey() uk.username = request.user.username uk.key_type = "Email" uk.enabled = 1 @@ -62,7 +62,7 @@ def auth(request): context = csrf(request) if request.method == "POST": if request.session["email_secret"] == request.POST["otp"].strip(): - uk = User_Keys.objects.get( + uk = UserKey.objects.get( username=request.session["base_username"], key_type="Email" ) mfa = {"verified": True, "method": "Email", "id": uk.id} diff --git a/mfa/FIDO2.py b/mfa/FIDO2.py index cb29b2b..59e22b3 100644 --- a/mfa/FIDO2.py +++ b/mfa/FIDO2.py @@ -16,7 +16,7 @@ from fido2.server import Fido2Server, PublicKeyCredentialRpEntity from fido2.utils import websafe_decode, websafe_encode from .Common import get_redirect_url -from .models import User_Keys +from .models import UserKey from .views import login, reset_cookie @@ -65,7 +65,7 @@ def complete_reg(request): request.session["fido_state"], client_data, att_obj ) encoded = websafe_encode(auth_data.credential_data) - uk = User_Keys() + uk = UserKey() uk.username = request.user.username uk.properties = { "device": encoded, @@ -91,7 +91,7 @@ def start(request): def getUserCredentials(username): credentials = [] - for uk in User_Keys.objects.filter(username=username, key_type="FIDO2"): + for uk in UserKey.objects.filter(username=username, key_type="FIDO2"): credentials.append( AttestedCredentialData(websafe_decode(uk.properties["device"])) ) @@ -149,7 +149,7 @@ def authenticate_complete(request): request.session["mfa"]["rechecked_at"] = time.time() return JsonResponse({"status": "OK"}) else: - keys = User_Keys.objects.filter( + keys = UserKey.objects.filter( username=username, key_type="FIDO2", enabled=1 ) for k in keys: diff --git a/mfa/TrustedDevice.py b/mfa/TrustedDevice.py index c0cc1fd..548bce8 100644 --- a/mfa/TrustedDevice.py +++ b/mfa/TrustedDevice.py @@ -11,12 +11,12 @@ from django.utils import timezone from jose import jwt from .Common import send -from .models import User_Keys +from .models import UserKey def id_generator(size=6, chars=string.ascii_uppercase + string.digits): x = "".join(random.choice(chars) for _ in range(size)) - if not User_Keys.objects.filter(properties__shas="$.key=" + x).exists(): + if not UserKey.objects.filter(properties__shas="$.key=" + x).exists(): return x else: return id_generator(size, chars) @@ -25,7 +25,7 @@ def id_generator(size=6, chars=string.ascii_uppercase + string.digits): def getUserAgent(request): id = id = request.session.get("td_id", None) if id: - tk = User_Keys.objects.get(id=id) + tk = UserKey.objects.get(id=id) if tk.properties.get("user_agent", "") != "": ua = user_agents.parse(tk.properties["user_agent"]) res = render(None, "TrustedDevices/user-agent.html", context={"ua": ua}) @@ -34,7 +34,7 @@ def getUserAgent(request): def trust_device(request): - tk = User_Keys.objects.get(id=request.session["td_id"]) + tk = UserKey.objects.get(id=request.session["td_id"]) tk.properties["status"] = "trusted" tk.save() del request.session["td_id"] @@ -46,7 +46,7 @@ def checkTrusted(request): id = request.session.get("td_id", "") if id != "": try: - tk = User_Keys.objects.get(id=id) + tk = UserKey.objects.get(id=id) if tk.properties["status"] == "trusted": res = "OK" except: @@ -55,7 +55,7 @@ def checkTrusted(request): def getCookie(request): - tk = User_Keys.objects.get(id=request.session["td_id"]) + tk = UserKey.objects.get(id=request.session["td_id"]) if tk.properties["status"] == "trusted": context = {"added": True} @@ -76,7 +76,7 @@ def add(request): key = request.POST["key"].replace("-", "").replace(" ", "").upper() context["username"] = request.POST["username"] context["key"] = request.POST["key"] - trusted_keys = User_Keys.objects.filter( + trusted_keys = UserKey.objects.filter( username=request.POST["username"], properties__has="$.key=" + key ) cookie = False @@ -102,7 +102,7 @@ def add(request): def start(request): if ( - User_Keys.objects.filter( + UserKey.objects.filter( username=request.user.username, key_type="Trusted Device" ).count() >= 2 @@ -110,7 +110,7 @@ def start(request): return render(request, "TrustedDevices/start.html", {"not_allowed": True}) td = None if not request.session.get("td_id", None): - td = User_Keys() + td = UserKey() td.username = request.user.username td.properties = {"key": id_generator(), "status": "adding"} td.key_type = "Trusted Device" @@ -118,7 +118,7 @@ def start(request): request.session["td_id"] = td.id try: if td is None: - td = User_Keys.objects.get(id=request.session["td_id"]) + td = UserKey.objects.get(id=request.session["td_id"]) context = {"key": td.properties["key"]} except: del request.session["td_id"] @@ -145,7 +145,7 @@ def verify(request): json = jwt.decode(request.COOKIES.get("deviceid"), settings.SECRET_KEY) if json["username"].lower() == request.session["base_username"].lower(): try: - uk = User_Keys.objects.get( + uk = UserKey.objects.get( username=request.POST["username"].lower(), properties__has="$.key=" + json["key"], ) diff --git a/mfa/U2F.py b/mfa/U2F.py index 545cbf7..6e9980f 100644 --- a/mfa/U2F.py +++ b/mfa/U2F.py @@ -20,7 +20,7 @@ from u2flib_server.u2f import ( ) from .Common import get_redirect_url -from .models import User_Keys +from .models import UserKey from .views import login @@ -63,7 +63,7 @@ def validate(request, username): challenge = request.session.pop("_u2f_challenge_") device, c, t = complete_authentication(challenge, data, [settings.U2F_APPID]) - key = User_Keys.objects.get( + key = UserKey.objects.get( username=username, properties__shas="$.device.publicKey=%s" % device["publicKey"], ) @@ -109,13 +109,13 @@ def bind(request): device, cert = complete_registration(enroll, data, [settings.U2F_APPID]) cert = x509.load_der_x509_certificate(cert, default_backend()) cert_hash = hashlib.md5(cert.public_bytes(Encoding.PEM)).hexdigest() - q = User_Keys.objects.filter(key_type="U2F", properties__icontains=cert_hash) + q = UserKey.objects.filter(key_type="U2F", properties__icontains=cert_hash) if q.exists(): return HttpResponse( "This key is registered before, it can't be registered again." ) - User_Keys.objects.filter(username=request.user.username, key_type="U2F").delete() - uk = User_Keys() + UserKey.objects.filter(username=request.user.username, key_type="U2F").delete() + uk = UserKey() uk.username = request.user.username uk.owned_by_enterprise = getattr(settings, "MFA_OWNED_BY_ENTERPRISE", False) uk.properties = {"device": simplejson.loads(device.json), "cert": cert_hash} @@ -127,7 +127,7 @@ def bind(request): def sign(username): u2f_devices = [ d.properties["device"] - for d in User_Keys.objects.filter(username=username, key_type="U2F") + for d in UserKey.objects.filter(username=username, key_type="U2F") ] challenge = begin_authentication(settings.U2F_APPID, u2f_devices) return [challenge.json, simplejson.dumps(challenge.data_for_client)] diff --git a/mfa/helpers.py b/mfa/helpers.py index b87dc57..18fee3c 100644 --- a/mfa/helpers.py +++ b/mfa/helpers.py @@ -1,12 +1,12 @@ from django.http import JsonResponse from . import FIDO2, U2F, TrustedDevice, totp -from .models import User_Keys +from .models import UserKey from .views import verify def has_mfa(request, username): - if User_Keys.objects.filter(username=username, enabled=1).count() > 0: + if UserKey.objects.filter(username=username, enabled=1).count() > 0: return verify(request, username) return False diff --git a/mfa/migrations/0012_rename_user_keys_userkey.py b/mfa/migrations/0012_rename_user_keys_userkey.py new file mode 100644 index 0000000..ddf4889 --- /dev/null +++ b/mfa/migrations/0012_rename_user_keys_userkey.py @@ -0,0 +1,17 @@ +# Generated by Django 3.2.4 on 2021-06-23 07:10 + +from django.db import migrations + + +class Migration(migrations.Migration): + + dependencies = [ + ('mfa', '0011_auto_20210530_0622'), + ] + + operations = [ + migrations.RenameModel( + old_name='User_Keys', + new_name='UserKey', + ), + ] diff --git a/mfa/models.py b/mfa/models.py index 811f2f3..30ced21 100644 --- a/mfa/models.py +++ b/mfa/models.py @@ -4,7 +4,7 @@ from jose import jwt from jsonfield import JSONField -class User_Keys(models.Model): +class UserKey(models.Model): username = models.CharField(max_length=50) properties = JSONField(null=True) added_on = models.DateTimeField(auto_now_add=True) diff --git a/mfa/totp.py b/mfa/totp.py index 7235086..efa8c6c 100644 --- a/mfa/totp.py +++ b/mfa/totp.py @@ -11,12 +11,12 @@ from django.utils import timezone from django.views.decorators.cache import never_cache from .Common import get_redirect_url -from .models import User_Keys +from .models import UserKey from .views import login def verify_login(request, username, token): - for key in User_Keys.objects.filter(username=username, key_type="TOTP"): + for key in UserKey.objects.filter(username=username, key_type="TOTP"): totp = pyotp.TOTP(key.properties["secret_key"]) if totp.verify(token, valid_window=30): key.last_used = timezone.now() @@ -82,7 +82,7 @@ def verify(request): secret_key = request.GET["key"] totp = pyotp.TOTP(secret_key) if totp.verify(answer, valid_window=60): - uk = User_Keys() + uk = UserKey() uk.username = request.user.username uk.properties = {"secret_key": secret_key} uk.key_type = "TOTP" diff --git a/mfa/views.py b/mfa/views.py index 85d3d83..2f770ac 100644 --- a/mfa/views.py +++ b/mfa/views.py @@ -8,14 +8,14 @@ from django.urls import reverse from user_agents import parse from . import TrustedDevice -from .models import User_Keys +from .models import UserKey @login_required def index(request): keys = [] context = { - "keys": User_Keys.objects.filter(username=request.user.username), + "keys": UserKey.objects.filter(username=request.user.username), "UNALLOWED_AUTHEN_METHODS": settings.MFA_UNALLOWED_METHODS, "HIDE_DISABLE": getattr(settings, "MFA_HIDE_DISABLE", []), } @@ -31,7 +31,7 @@ def index(request): def verify(request, username): request.session["base_username"] = username - keys = User_Keys.objects.filter(username=username, enabled=1) + keys = UserKey.objects.filter(username=username, enabled=1) methods = list(set([k.key_type for k in keys])) if "Trusted Device" in methods and not request.session.get( @@ -63,7 +63,7 @@ def login(request): @login_required def delKey(request): - key = User_Keys.objects.get(id=request.GET["id"]) + key = UserKey.objects.get(id=request.GET["id"]) if key.username == request.user.username: key.delete() return HttpResponse("Deleted Successfully") @@ -87,7 +87,7 @@ def __get_callable_function__(func_path): @login_required def toggleKey(request): id = request.GET["id"] - q = User_Keys.objects.filter(username=request.user.username, id=id) + q = UserKey.objects.filter(username=request.user.username, id=id) if q.count() == 1: key = q[0] if key.key_type not in settings.MFA_HIDE_DISABLE: