From 97e4a3a2aba8f66a5e71f6abef1fdd62800d5f0d Mon Sep 17 00:00:00 2001
From: Mohamed El-Kalioby <mkalioby@mkalioby.com>
Date: Mon, 21 Jan 2019 19:19:50 +0300
Subject: [PATCH] Supporting Email Token

---
 README.md    | 12 ++++++++++--
 mfa/Email.py |  4 ++++
 setup.py     |  3 ++-
 3 files changed, 16 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index b154a11..f9b869b 100644
--- a/README.md
+++ b/README.md
@@ -1,12 +1,12 @@
 # django-mfa2
-A Django app that handles MFA, it supports TOTP, U2F, FIDO2 U2F (Web Authn), and Trusted Devices
+A Django app that handles MFA, it supports TOTP, U2F, FIDO2 U2F (Web Authn), Email Tokens , and Trusted Devices
 
 
 For FIDO2, both security keys and android-safetynet are supported.
 
 Trusted device is a mode for the user to add a device that doesn't support security keys like iOS and andriod without fingerprints or NFC.
 
-`*Note*: U2F and FIDO2 can only be served under secure context (https)`
+`**Note**: U2F and FIDO2 can only be served under secure context (https)`
 
 Depends on
 
@@ -44,6 +44,13 @@ Depends on
    FIDO_SERVER_NAME=u"MDL"
    FIDO_LOGIN_URL=BASE_URL
    ```
+   **Method Names**
+   * U2F
+   * FIDO2
+   * TOTP
+   * Trusted_Devices
+   * Email
+   
 1. Break your login function
 
    Usually your login function will check for username and password, log the user in if the username and password are correct and create the user session, to support mfa, this has to change
@@ -77,6 +84,7 @@ Depends on
     ```
 1. Provide `mfa_auth_base.html` in your templaes with block called 'head' and 'content'
     The template will be included during the user login.
+    If you will use Email Token method, then you have to provide template named `mfa_email_token_template.html` that will content the format of the email with parameter named `user` and `otp`.
 1. To match the look and feel of your project, MFA includes `base.html` but it needs blocks named `head` & `content` to added its content to it.
 1. Somewhere in your app, add a link to 'mfa_home'
 ```<l><a href="{% url 'mfa_home' %}">Security</a> </l>```
diff --git a/mfa/Email.py b/mfa/Email.py
index 8dba6d4..778b25b 100644
--- a/mfa/Email.py
+++ b/mfa/Email.py
@@ -46,6 +46,10 @@ def auth(request):
                 mfa["next_check"] = int((datetime.datetime.now() + datetime.timedelta(
                     seconds = random.randint(settings.MFA_RECHECK_MIN, settings.MFA_RECHECK_MAX))).strftime("%s"))
             request.session["mfa"] = mfa
+            uk=User_Keys.objects.get(username=request.session["base_username"],key_type="Email")
+            from django.utils import timezone
+            uk.last_used=timezone.now()
+            uk.save()
             return login(request)
         context["invalid"]=True
     else:
diff --git a/setup.py b/setup.py
index 27699ef..f3f2b59 100644
--- a/setup.py
+++ b/setup.py
@@ -4,7 +4,7 @@ from setuptools import find_packages, setup
 
 setup(
     name='django-mfa2',
-    version='0.8.8',
+    version='0.9.0',
     description='Allows user to add 2FA to their accounts',
     author='Mohamed El-Kalioby',
     author_email = 'mkalioby@mkalioby.com',
@@ -23,6 +23,7 @@ setup(
         'user-agents',
         'python-jose',
         'fido2==0.5'
+        'jsonLookup'
       ],
     include_package_data=True,
       zip_safe=False, # because we're including static files