Allowing Email Token

2019-01-21 18:32:21 +03:00
parent d74e286dff
commit ec97806138
4 changed files with 24 additions and 13 deletions
--- a/mfa/Email.py
+++ b/mfa/Email.py
@@ -1,6 +1,7 @@
 from django.shortcuts import render,render_to_response
 from django.template.context_processors import csrf
-import os
+import datetime,random
+from random import randint
 from .models import *
 from django.template.context import RequestContext
 from .views import login
@@ -9,18 +10,19 @@ def sendEmail(request,username,secret):
    from django.contrib.auth import get_user_model
    User = get_user_model()
    user=User.objects.get(username=username)
-    res=render_to_response("mfa_email_token_template",{"request":request,"user":user,'otp':secret})
+    print secret
+    res=render_to_response("mfa_email_token_template.html",{"request":request,"user":user,'otp':secret})
    from django.conf import settings
    from django.core.mail import EmailMessage
    From = "%s <%s>" % (settings.EMAIL_FROM, settings.EMAIL_HOST_USER)
-    email = EmailMessage("OTP",res.content,From,user.email )
+    email = EmailMessage("OTP",res.content,From,[user.email] )
    email.content_subtype = "html"
    return email.send(False)

 def start(request):
    context = csrf(request)
    if request.method == "POST":
-        if request.session["email_secret"] == request.post["otp"]:
+        if request.session["email_secret"] == request.POST["otp"]:
            uk=User_Keys()
            uk.username=request.user.username
            uk.key_type="Email"
@@ -31,18 +33,23 @@ def start(request):
            return HttpResponseRedirect(reverse('mfa_home'))
        context["invalid"] = True
    else:
-        request.session["email_secret"] = os.urandom(6)
+        request.session["email_secret"] = str(randint(0,100000))
        if sendEmail(request, request.session["base_username"], request.session["email_secret"]):
            context["sent"] = True
    return render_to_response("Email/Add.html", context, context_instance=RequestContext(request))
 def auth(request):
    context=csrf(request)
    if request.method=="POST":
-        if request.session["email_secret"]==request.post["otp"].strip():
+        if request.session["email_secret"]==request.POST["otp"].strip():
+            mfa = {"verified": True, "method": "Email"}
+            if getattr(settings, "MFA_RECHECK", False):
+                mfa["next_check"] = int((datetime.datetime.now() + datetime.timedelta(
+                    seconds = random.randint(settings.MFA_RECHECK_MIN, settings.MFA_RECHECK_MAX))).strftime("%s"))
+            request.session["mfa"] = mfa
            return login(request)
        context["invalid"]=True
    else:
-        request.session["email_secret"]=os.urandom(6)
+        request.session["email_secret"] = str(randint(0, 100000))
        if sendEmail(request, request.session["base_username"], request.session["email_secret"]):
            context["sent"] = True
    return render_to_response("Email/Auth.html", context, context_instance = RequestContext(request))
--- a/mfa/templates/Email/Add.html
+++ b/mfa/templates/Email/Add.html
@@ -1,14 +1,17 @@
 {% extends "base.html" %}
 {% block head %}
 {% endblock %}
-{% block body %}
+{% block content %}
+    <br/>
+    <br/>
+
    <div class="panel panel-default">
      <div class="panel-heading">
 	      <strong> Activate Token by email</strong>
      </div>
      <div class="panel-body">

-      <FORM METHOD="POST" ACTION="{% url 'email_start' %}" Id="formLogin" onSubmit="" name="FrontPage_Form1">
+      <FORM METHOD="POST" ACTION="{% url 'start_email' %}" Id="formLogin"  onSubmit="" name="FrontPage_Form1">


      {% csrf_token %}
@@ -43,7 +46,7 @@

          <div class="form-group">

-	      <input type="{% if mode == "auth" %}submit{% elif mode == 'recheck'  %}button{% endif %}" {% if mode == "recheck" %}onclick="send_totp()" {% endif %} class="btn btn-lg btn-success btn-block" value="Sign in">
+	      <input type="submit" class="btn btn-lg btn-success btn-block" value="Verify">
 	      </div>
      </div>
      </fieldset>
--- a/mfa/templates/select_mfa_method.html
+++ b/mfa/templates/select_mfa_method.html
@@ -15,6 +15,7 @@

              <li><a href="{% url "mfa_goto" method %}">
                  {% if method == "TOTP" %}Authenticator App
+                  {% elif method == "Email" %}Send OTP by Email
                  {% elif method == "U2F" %}Secure Key
                  {% elif method == "FIDO2" %}FIDO2 Secure Key
                  {% endif %}
--- a/mfa/urls.py
+++ b/mfa/urls.py
@@ -8,7 +8,7 @@ url(r'totp/verify', totp.verify, name="verify_otop"),
 url(r'totp/auth', totp.auth, name="totp_auth"),
 url(r'totp/recheck', totp.recheck, name="totp_recheck"),

-url(r'email/start/', Email.start , name="start_new_email"),
+url(r'email/start/', Email.start , name="start_email"),
 url(r'email/auth/', Email.auth , name="email_auth"),

 url(r'u2f/$', U2F.start, name="start_u2f"),