Initial Import

2019-01-18 10:18:10 +03:00
parent 5665e46a18
commit 800f60ff53
40 changed files with 1749 additions and 0 deletions
--- a/mfa/totp.py
+++ b/mfa/totp.py
@@ -0,0 +1,70 @@
+from django.shortcuts import render,render_to_response
+from django.http import HttpResponse
+from .models import *
+from django.template.context_processors import csrf
+import simplejson
+from django.template.context import RequestContext
+from django.conf import settings
+import pyotp
+from .views import login
+import datetime
+from django.utils import timezone
+import random
+def verify_login(request,username,token):
+    for key in User_Keys.objects.filter(username=username,key_type = "TOTP"):
+        totp = pyotp.TOTP(key.properties["secret_key"])
+        if  totp.verify(token,valid_window = 30):
+            key.last_used=timezone.now()
+            key.save()
+            mfa = {"verified": True, "method": "TOTP"}
+            if getattr(settings, "MFA_RECHECK", False):
+                mfa["next_check"] = int((datetime.datetime.now()
+                                         + datetime.timedelta(
+                            seconds=random.randint(settings.MFA_RECHECK_MIN, settings.MFA_RECHECK_MAX))).strftime("%s"))
+            request.session["mfa"] = mfa
+            return True
+    return False
+
+def recheck(request):
+    context = csrf(request)
+    context["mode"]="recheck"
+    if request.method == "POST":
+        if verify_login(request,request.user.username, token=request.POST["otp"]):
+            return HttpResponse(simplejson.dumps({"recheck": True}), content_type="application/json")
+        else:
+            return HttpResponse(simplejson.dumps({"recheck": False}), content_type="application/json")
+    return render_to_response("TOTP/recheck.html", context, context_instance=RequestContext(request))
+
+def auth(request):
+    context=csrf(request)
+    if request.method=="POST":
+        if verify_login(request,request.session["base_username"],token = request.POST["otp"]):
+            return login(request)
+        context["invalid"]=True
+    return render_to_response("TOTP/verify.html", context, context_instance = RequestContext(request))
+
+
+
+def getToken(request):
+    secret_key=pyotp.random_base32()
+    totp = pyotp.TOTP(secret_key)
+    print "Answer is", totp.now()
+    request.session["new_mfa_answer"]=totp.now()
+    return HttpResponse(simplejson.dumps({"qr":pyotp.totp.TOTP(secret_key).provisioning_uri(str(request.user.username), issuer_name = settings.TOKEN_ISSUER_NAME),
+                         "secret_key": secret_key}))
+def verify(request):
+    answer=request.GET["answer"]
+    secret_key=request.GET["key"]
+    totp = pyotp.TOTP(secret_key)
+    if totp.verify(answer,valid_window = 60):
+        uk=User_Keys()
+        uk.username=request.user.username
+        uk.properties={"secret_key":secret_key}
+        #uk.name="Authenticatior #%s"%User_Keys.objects.filter(username=user.username,type="TOTP")
+        uk.key_type="TOTP"
+        uk.save()
+        return HttpResponse("Success")
+    else: return HttpResponse("Error")
+
+def start(request):
+    return render_to_response("TOTP/Add.html",{},context_instance = RequestContext(request ))