Setting Ownership of keys

2019-10-16 14:41:19 +03:00
parent ed204c1d85
commit 9086f47456
6 changed files with 30 additions and 4 deletions
--- a/mfa/FIDO2.py
+++ b/mfa/FIDO2.py
@@ -52,6 +52,7 @@ def complete_reg(request):
        uk=User_Keys()
        uk.username = request.user.username
        uk.properties = {"device":encoded,"type":att_obj.fmt,}
+        uk.owned_by_enterprise=getattr(settings,"MFA_OWNED_BY_ENTERPRISE",False)
        uk.key_type = "FIDO2"
        uk.save()
        return HttpResponse(simplejson.dumps({'status': 'OK'}))
--- a/mfa/U2F.py
+++ b/mfa/U2F.py
@@ -89,6 +89,7 @@ def bind(request):
    User_Keys.objects.filter(username=request.user.username,key_type="U2F").delete()
    uk = User_Keys()
    uk.username = request.user.username
+    uk.owned_by_enterprise = getattr(settings, "MFA_OWNED_BY_ENTERPRISE", False)
    uk.properties = {"device":simplejson.loads(device.json),"cert":cert_hash}
    uk.key_type = "U2F"
    uk.save()
--- a/mfa/migrations/0009_user_keys_owned_by_enterprise.py
+++ b/mfa/migrations/0009_user_keys_owned_by_enterprise.py
@@ -0,0 +1,20 @@
+# -*- coding: utf-8 -*-
+from __future__ import unicode_literals
+
+from django.db import models, migrations
+from django.conf import settings
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('mfa', '0008_user_keys_last_used'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='user_keys',
+            name='owned_by_enterprise',
+            field=models.NullBooleanField(default=None),
+        ),
+        migrations.RunSQL("update mfa_user_keys set owned_by_enterprise = %s where key_type='FIDO2'"%(1 if getattr(settings,"MFA_OWNED_BY_ENTERPRISE",False) else 0 ))
+    ]
--- a/mfa/models.py
+++ b/mfa/models.py
@@ -13,6 +13,8 @@ class User_Keys(models.Model):
    enabled=models.BooleanField(default=True)
    expires=models.DateTimeField(null=True,default=None,blank=True)
    last_used=models.DateTimeField(null=True,default=None,blank=True)
+    owned_by_enterprise=models.NullBooleanField(default=None,null=True,blank=True)
+
    def save(self, force_insert=False, force_update=False, using=None, update_fields=None):
        if self.key_type == "Trusted Device" and self.properties.get("signature","") == "":
            self.properties["signature"]= jwt.encode({"username": self.username, "key": self.properties["key"]}, settings.SECRET_KEY)