josh/django-mfa2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fixed generation issue, warning when user uses its last backup code

Browse Source
This commit is contained in:
Spitap
2022-08-22 12:15:08 +02:00
parent dda23b35cb
commit bcf3ecc15c
5 changed files with 63 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
mfa/totp.py
View File

@@ -53,17 +53,6 @@ def auth(request):
seconds=random.randint(settings.MFA_RECHECK_MIN, settings.MFA_RECHECK_MAX))))
request.session["mfa"] = mfa
return login(request)
elif tokenLength == 10 and "RECOVERY" not in settings.MFA_UNALLOWED_METHODS:
#Backup code check
resBackup=recovery.verify_login(request, request.session["base_username"], token=request.POST["otp"])
if resBackup[0]:
mfa = {"verified": True, "method": "RECOVERY","id":resBackup[1]}
if getattr(settings, "MFA_RECHECK", False):
mfa["next_check"] = datetime.datetime.timestamp((datetime.datetime.now()
+ datetime.timedelta(
seconds=random.randint(settings.MFA_RECHECK_MIN, settings.MFA_RECHECK_MAX))))
request.session["mfa"] = mfa
return login(request)
context["invalid"]=True
return render(request,"TOTP/Auth.html", context)