Merge branch 'Email_Method'

mfa/Email.py

@@ -0,0 +1,55 @@
+from django.shortcuts import render,render_to_response
+from django.template.context_processors import csrf
+import datetime,random
+from random import randint
+from .models import *
+from django.template.context import RequestContext
+from .views import login
+
+def sendEmail(request,username,secret):
+    from django.contrib.auth import get_user_model
+    User = get_user_model()
+    user=User.objects.get(username=username)
+    print secret
+    res=render_to_response("mfa_email_token_template.html",{"request":request,"user":user,'otp':secret})
+    from django.conf import settings
+    from django.core.mail import EmailMessage
+    From = "%s <%s>" % (settings.EMAIL_FROM, settings.EMAIL_HOST_USER)
+    email = EmailMessage("OTP",res.content,From,[user.email] )
+    email.content_subtype = "html"
+    return email.send(False)
+
+def start(request):
+    context = csrf(request)
+    if request.method == "POST":
+        if request.session["email_secret"] == request.POST["otp"]:
+            uk=User_Keys()
+            uk.username=request.user.username
+            uk.key_type="Email"
+            uk.enabled=1
+            uk.save()
+            from django.http import HttpResponseRedirect
+            from django.core.urlresolvers import reverse
+            return HttpResponseRedirect(reverse('mfa_home'))
+        context["invalid"] = True
+    else:
+        request.session["email_secret"] = str(randint(0,100000))
+        if sendEmail(request, request.session["base_username"], request.session["email_secret"]):
+            context["sent"] = True
+    return render_to_response("Email/Add.html", context, context_instance=RequestContext(request))
+def auth(request):
+    context=csrf(request)
+    if request.method=="POST":
+        if request.session["email_secret"]==request.POST["otp"].strip():
+            mfa = {"verified": True, "method": "Email"}
+            if getattr(settings, "MFA_RECHECK", False):
+                mfa["next_check"] = int((datetime.datetime.now() + datetime.timedelta(
+                    seconds = random.randint(settings.MFA_RECHECK_MIN, settings.MFA_RECHECK_MAX))).strftime("%s"))
+            request.session["mfa"] = mfa
+            return login(request)
+        context["invalid"]=True
+    else:
+        request.session["email_secret"] = str(randint(0, 100000))
+        if sendEmail(request, request.session["base_username"], request.session["email_secret"]):
+            context["sent"] = True
+    return render_to_response("Email/Auth.html", context, context_instance = RequestContext(request))

mfa/templates/Email/Add.html

@@ -0,0 +1,55 @@
+{% extends "base.html" %}
+{% block head %}
+{% endblock %}
+{% block content %}
+    <br/>
+    <br/>
+
+    <div class="panel panel-default">
+      <div class="panel-heading">
+	      <strong> Activate Token by email</strong>
+      </div>
+      <div class="panel-body">
+
+      <FORM METHOD="POST" ACTION="{% url 'start_email' %}" Id="formLogin"  onSubmit="" name="FrontPage_Form1">
+
+
+      {% csrf_token %}
+          {%  if invalid %}
+          <div class="alert alert-danger">
+              Sorry, The provided token is not valid.
+          </div>
+          {% endif %}
+      {% if quota %}
+          <div class="alert alert-warning">
+              {{ quota }}
+          </div>
+      {% endif %}
+      <fieldset>
+      <div class="row">
+      <div class="col-sm-12 col-md-12">
+        <p>Enter the 6-digits sent to your email.</p>
+      </div>
+      </div>
+
+      <div class="row">
+	  <div class="col-sm-12 col-md-12">
+	    <div class="form-group">
+	      <div class="input-group">
+		<span class="input-group-addon">
+		<i class="glyphicon glyphicon-lock"></i>
+		</span>
+		<input class="form-control" size="6" MaxLength="6" value="" placeholder="e.g 55552" name="otp" type="text" id="otp" autofocus>
+
+	      </div>
+	    </div>
+
+          <div class="form-group">
+
+	      <input type="submit" class="btn btn-lg btn-success btn-block" value="Verify">
+	      </div>
+      </div>
+      </fieldset>
+      </FORM>
+      </div>
+{% endblock %}

mfa/templates/Email/Auth.html

@@ -0,0 +1,14 @@
+{% extends "mfa_auth_base.html" %}
+{% block head %}
+    <style>
+    .row{
+        margin-left: 15px;
+    }
+    </style>
+{% endblock %}
+{% block content %}
+<br/>
+<br/>
+{% include "Email/recheck.html" with mode='auth' %}
+
+{% endblock %}

mfa/templates/Email/mfa_email_token_template.html

@@ -0,0 +1,10 @@
+<html>
+<head>
+</head>
+<body>
+Dear {{ username }},<br/>
+Your OTP is: <b>{{ otp }}</b>
+
+Thanks
+</body>
+</html>

mfa/templates/Email/recheck.html

@@ -0,0 +1,76 @@
+<script type="application/javascript">
+    function send_totp() {
+        $.ajax({"url":"{% url 'totp_recheck' %}", method:"POST",dataType:"JSON",
+            data:{"csrfmiddlewaretoken":"{{ csrf_token }}","otp":$("#otp").val()},
+         success:function (data) {
+                            if (data["recheck"])
+                                mfa_success_function();
+                            else {
+                                mfa_failed_function();
+                            }
+                        }
+        })
+
+    }
+</script>
+<div class="row">
+
+<div class="col-sm-10 col-sm-offset-1 col-xs-12 col-md-10 col-md-offset-1 col-lg-8 col-lg-offset-2">
+<div class="panel panel-default">
+      <div class="panel-heading">
+	      <strong> Email One Time Password </strong>
+      </div>
+      <div class="panel-body">
+
+      <FORM METHOD="POST" ACTION="{% url 'email_auth' %}" Id="formLogin" onSubmit="" name="FrontPage_Form1">
+
+
+      {% csrf_token %}
+          {%  if invalid %}
+          <div class="alert alert-danger">
+              Sorry, The provided token is not valid.
+          </div>
+          {% endif %}
+      {% if quota %}
+          <div class="alert alert-warning">
+              {{ quota }}
+          </div>
+      {% endif %}
+      <fieldset>
+      <div class="row">
+      <div class="col-sm-12 col-md-12">
+        <p>Enter the 6-digits sent to your email.</p>
+      </div>
+      </div>
+
+      <div class="row">
+	  <div class="col-sm-12 col-md-12">
+	    <div class="form-group">
+	      <div class="input-group">
+		<span class="input-group-addon">
+		<i class="glyphicon glyphicon-lock"></i>
+		</span>
+		<input class="form-control" size="6" MaxLength="6" value="" placeholder="e.g 55552" name="otp" type="text" id="otp" autofocus>
+
+	      </div>
+	    </div>
+
+          <div class="form-group">
+
+	      <input type="{% if mode == "auth" %}submit{% elif mode == 'recheck'  %}button{% endif %}" {% if mode == "recheck" %}onclick="send_totp()" {% endif %} class="btn btn-lg btn-success btn-block" value="Sign in">
+	      </div>
+      </div>
+      </fieldset>
+      </FORM>
+      </div>
+        <div class="row">
+        <div class="col-md-6" style="padding-left: 25px">
+            {% if request.session.mfa_methods|length > 1 %}
+                <a href="{%  url 'mfa_methods_list' %}">Select Another Method</a>
+            {% endif %}
+        </div>
+        </div>
+	      </div>
+              </div>
+	      </div>
+	      </div>

mfa/templates/MFA.html

@@ -51,6 +51,9 @@
                 {% if not 'TOTP' in UNALLOWED_AUTHEN_METHODS %}
                     <li><a href="{% url 'start_new_otop' %}">Authenticator app</a></li>
                 {% endif %}
+                {% if not 'Email' in UNALLOWED_AUTHEN_METHODS %}
+                    <li><a href="{% url 'start_email' %}">Email Token</a></li>
+                {% endif %}
                 {% if not 'U2F' in UNALLOWED_AUTHEN_METHODS %}
                     <li><a href="{% url 'start_u2f' %}">Security Key</a></li>
                 {% endif %}

mfa/templates/select_mfa_method.html

@@ -15,6 +15,7 @@
 
               <li><a href="{% url "mfa_goto" method %}">
                   {% if method == "TOTP" %}Authenticator App
+                  {% elif method == "Email" %}Send OTP by Email
                   {% elif method == "U2F" %}Secure Key
                   {% elif method == "FIDO2" %}FIDO2 Secure Key
                   {% endif %}

mfa/urls.py

@@ -1,5 +1,5 @@
 from django.conf.urls import  url
-import views,totp,U2F,TrustedDevice,helpers,FIDO2
+from . import views,totp,U2F,TrustedDevice,helpers,FIDO2,Email
 
 urlpatterns = [
 url(r'totp/start/', totp.start , name="start_new_otop"),
@@ -8,6 +8,9 @@ url(r'totp/verify', totp.verify, name="verify_otop"),
 url(r'totp/auth', totp.auth, name="totp_auth"),
 url(r'totp/recheck', totp.recheck, name="totp_recheck"),
 
+url(r'email/start/', Email.start , name="start_email"),
+url(r'email/auth/', Email.auth , name="email_auth"),
+
 url(r'u2f/$', U2F.start, name="start_u2f"),
 url(r'u2f/bind', U2F.bind, name="bind_u2f"),
 url(r'u2f/auth', U2F.auth, name="u2f_auth"),