From 55375f7002e5876108231561743e87432ba8edb1 Mon Sep 17 00:00:00 2001 From: nswain Date: Wed, 26 Aug 2020 11:06:31 -0600 Subject: [PATCH] Adds never_cache decorator to TOTP and Email start and auth views to prevent browser from caching previous codes. --- mfa/Email.py | 3 +++ mfa/totp.py | 3 +++ 2 files changed, 6 insertions(+) diff --git a/mfa/Email.py b/mfa/Email.py index bc638fa..f873e18 100644 --- a/mfa/Email.py +++ b/mfa/Email.py @@ -1,4 +1,5 @@ from django.shortcuts import render +from django.views.decorators.cache import never_cache from django.template.context_processors import csrf import datetime,random from random import randint @@ -15,6 +16,7 @@ def sendEmail(request,username,secret): res=render(request,"mfa_email_token_template.html",{"request":request,"user":user,'otp':secret}) return send([user.email],"OTP", str(res.content)) +@never_cache def start(request): context = csrf(request) if request.method == "POST": @@ -36,6 +38,7 @@ def start(request): if sendEmail(request, request.user.username, request.session["email_secret"]): context["sent"] = True return render(request,"Email/Add.html", context) +@never_cache def auth(request): context=csrf(request) if request.method=="POST": diff --git a/mfa/totp.py b/mfa/totp.py index bb99bba..d8e1f76 100644 --- a/mfa/totp.py +++ b/mfa/totp.py @@ -1,4 +1,5 @@ from django.shortcuts import render +from django.views.decorators.cache import never_cache from django.http import HttpResponse from .models import * from django.template.context_processors import csrf @@ -31,6 +32,7 @@ def recheck(request): return HttpResponse(simplejson.dumps({"recheck": False}), content_type="application/json") return render(request,"TOTP/recheck.html", context) +@never_cache def auth(request): context=csrf(request) if request.method=="POST": @@ -68,5 +70,6 @@ def verify(request): return HttpResponse("Success") else: return HttpResponse("Error") +@never_cache def start(request): return render(request,"TOTP/Add.html",{})