From ed204c1d856d66077ce179ad8881d65f3f7211d8 Mon Sep 17 00:00:00 2001
From: Mohamed ElKalioby <melkalioby@kfshrc.edu.sa>
Date: Thu, 20 Jun 2019 16:05:23 +0300
Subject: [PATCH] Add id to the session dict, Jumped to v1.5

---
 mfa/CHANGELOG.md     | 9 +++++++++
 mfa/Email.py         | 5 +++--
 mfa/FIDO2.py         | 2 +-
 mfa/TrustedDevice.py | 2 +-
 mfa/U2F.py           | 2 +-
 mfa/__init__.py      | 2 +-
 mfa/totp.py          | 9 +++++----
 setup.py             | 2 +-
 8 files changed, 22 insertions(+), 11 deletions(-)

diff --git a/mfa/CHANGELOG.md b/mfa/CHANGELOG.md
index a3d7611..d6bb96f 100644
--- a/mfa/CHANGELOG.md
+++ b/mfa/CHANGELOG.md
@@ -1,4 +1,13 @@
 # Change Log
 
+## v.1.5.0
+* Added id the key used to validate to the session dictionary as 'id'
+## v1.4.0
+* Updated to FIDO == 0.7
+
+## v1.3.0
+  * Updated to FIDO2 == 0.6
+  * Windows Hello is now supported.
+
 ## v1.2.0
  * Added:  MFA_HIDE_DISABLE setting option to disable users from deactivating their keys.
\ No newline at end of file
diff --git a/mfa/Email.py b/mfa/Email.py
index 02c3c4f..32c97de 100644
--- a/mfa/Email.py
+++ b/mfa/Email.py
@@ -37,12 +37,13 @@ def auth(request):
     context=csrf(request)
     if request.method=="POST":
         if request.session["email_secret"]==request.POST["otp"].strip():
-            mfa = {"verified": True, "method": "Email"}
+            uk = User_Keys.objects.get(username=request.session["base_username"], key_type="Email")
+            mfa = {"verified": True, "method": "Email","id":uk.id}
             if getattr(settings, "MFA_RECHECK", False):
                 mfa["next_check"] = int((datetime.datetime.now() + datetime.timedelta(
                     seconds = random.randint(settings.MFA_RECHECK_MIN, settings.MFA_RECHECK_MAX))).strftime("%s"))
             request.session["mfa"] = mfa
-            uk=User_Keys.objects.get(username=request.session["base_username"],key_type="Email")
+
             from django.utils import timezone
             uk.last_used=timezone.now()
             uk.save()
diff --git a/mfa/FIDO2.py b/mfa/FIDO2.py
index b1ce154..32de73a 100644
--- a/mfa/FIDO2.py
+++ b/mfa/FIDO2.py
@@ -107,7 +107,7 @@ def authenticate_complete(request):
         if AttestedCredentialData(websafe_decode(k.properties["device"])).credential_id == cred.credential_id:
             k.last_used = timezone.now()
             k.save()
-            mfa = {"verified": True, "method": "FIDO2"}
+            mfa = {"verified": True, "method": "FIDO2",'id':k.id}
             if getattr(settings, "MFA_RECHECK", False):
                 mfa["next_check"] = int((datetime.datetime.now()+ datetime.timedelta(
                 seconds=random.randint(settings.MFA_RECHECK_MIN, settings.MFA_RECHECK_MAX))).strftime("%s"))
diff --git a/mfa/TrustedDevice.py b/mfa/TrustedDevice.py
index c58827c..8235532 100644
--- a/mfa/TrustedDevice.py
+++ b/mfa/TrustedDevice.py
@@ -128,7 +128,7 @@ def verify(request):
                 if uk.enabled and uk.properties["status"] == "trusted":
                     uk.last_used=timezone.now()
                     uk.save()
-                    request.session["mfa"] = {"verified": True, "method": "Trusted Device"}
+                    request.session["mfa"] = {"verified": True, "method": "Trusted Device","id":uk.id}
                     return True
             except:
                 return False
diff --git a/mfa/U2F.py b/mfa/U2F.py
index 719714d..68618d6 100644
--- a/mfa/U2F.py
+++ b/mfa/U2F.py
@@ -52,7 +52,7 @@ def validate(request,username):
     key=User_Keys.objects.get(username=username,properties__shas="$.device.publicKey=%s"%device["publicKey"])
     key.last_used=timezone.now()
     key.save()
-    mfa = {"verified": True, "method": "U2F"}
+    mfa = {"verified": True, "method": "U2F","id":key.id}
     if getattr(settings, "MFA_RECHECK", False):
         mfa["next_check"] = int((datetime.datetime.now()
                                  + datetime.timedelta(
diff --git a/mfa/__init__.py b/mfa/__init__.py
index 9e383a9..681b439 100644
--- a/mfa/__init__.py
+++ b/mfa/__init__.py
@@ -1 +1 @@
-__version__="1.4.1"
\ No newline at end of file
+__version__="1.5.0"
\ No newline at end of file
diff --git a/mfa/totp.py b/mfa/totp.py
index 24c3616..8eb0748 100644
--- a/mfa/totp.py
+++ b/mfa/totp.py
@@ -16,8 +16,8 @@ def verify_login(request,username,token):
         if  totp.verify(token,valid_window = 30):
             key.last_used=timezone.now()
             key.save()
-            return True
-    return False
+            return [True,key.id]
+    return [False]
 
 def recheck(request):
     context = csrf(request)
@@ -32,8 +32,9 @@ def recheck(request):
 def auth(request):
     context=csrf(request)
     if request.method=="POST":
-        if verify_login(request,request.session["base_username"],token = request.POST["otp"]):
-            mfa = {"verified": True, "method": "TOTP"}
+        res=verify_login(request,request.session["base_username"],token = request.POST["otp"])
+        if res[0]:
+            mfa = {"verified": True, "method": "TOTP","id":res[1]}
             if getattr(settings, "MFA_RECHECK", False):
                 mfa["next_check"] = int((datetime.datetime.now()
                                          + datetime.timedelta(
diff --git a/setup.py b/setup.py
index 8369cdd..591e1d2 100644
--- a/setup.py
+++ b/setup.py
@@ -4,7 +4,7 @@ from setuptools import find_packages, setup
 
 setup(
     name='django-mfa2',
-    version='1.4.1',
+    version='1.5.0',
     description='Allows user to add 2FA to their accounts',
     long_description=open("README.md").read(),
     long_description_content_type="text/markdown",