Fix tox envs

Merge pull request #79 from oussjarrousse/78-adding-tests
78 adding tests
2023-12-31 22:04:00 +03:00 · 2023-12-31 20:59:17 +02:00 · 2023-12-31 20:47:45 +02:00 · 2023-12-31 21:45:49 +03:00 · 2023-12-31 21:45:12 +03:00 · 2023-12-31 20:42:04 +02:00
48 changed files with 925 additions and 981 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -1,6 +1,9 @@
 .idea
 .pyre/
 example/venv
 # IDE
 .idea
 .vscode
 # Byte-compiled / optimized / DLL files
 __pycache__/
 *.py[cod]
@@ -106,3 +109,6 @@ venv.bak/
 # mypy
 .mypy_cache/
 example/test_db
 # OS related
 .DS_Store
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -1,16 +0,0 @@
 repos:
  # Using this mirror lets us use mypyc-compiled black, which is about 2x faster
  - repo: https://github.com/psf/black-pre-commit-mirror
    rev: 23.12.1
    hooks:
      - id: black
        # It is recommended to specify the latest version of Python
        # supported by your project here, or alternatively use
        # pre-commit's default_language_version, see
        # https://pre-commit.com/#top_level-default_language_version
        language_version: python3.11
  - repo: https://github.com/fsouza/pre-commit-pyre-check
    rev: '199dc59'  # Use the sha / tag you want to point at
    hooks:
    -   id: pyre-check
--- a/.pyre_configuration
+++ b/.pyre_configuration
@@ -1,15 +0,0 @@
 {
  "source_directories": [
    "."
  ],
  "search_path": [
    "env/lib/python3.11/site-packages/"
  ],
  "ignore_all_errors":[
    "*env*/*",
    "example/venv/*",
 "build/*",
 "example/*"
  ]
 }
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,4 +1,9 @@
 # Change Log
 ## 2.9.0
 * Fix a typo,
    Thanks to @jkirkcaldy
 ## 2.8.0
 * Support For Django 4.0+ JSONField
 * Removed jsonfield package from requirements
--- a/README.md
+++ b/README.md
@@ -2,9 +2,6 @@
 A Django app that handles MFA, it supports TOTP, U2F, FIDO2 U2F (Web Authn), Email Tokens , Trusted  Devices and backup codes.
 [![Works with PassKeys](https://github.com/mkalioby/django-mfa2/raw/master/img/Works%20with%20PassKeys-black.png)](https://fidoalliance.org/passkeys/)
 [![Code Style Black](https://img.shields.io/badge/code%20style-black-000000.svg)](https://github.com/psf/black)
 [![Type Checker By Pyre](https://img.shields.io/badge/type%20checker-pyre-orange)](https://pyre-check.org/)
 ### Pip Stats
 [![PyPI version](https://badge.fury.io/py/django-mfa2.svg)](https://badge.fury.io/py/django-mfa2)
 [![Downloads Count](https://static.pepy.tech/personalized-badge/django-mfa2?period=total&units=international_system&left_color=black&right_color=green&left_text=Downloads)](https://pepy.tech/project/django-mfa2)
@@ -14,6 +11,7 @@ A Django app that handles MFA, it supports TOTP, U2F, FIDO2 U2F (Web Authn), Ema
 [![Conda Downloads](https://img.shields.io/conda/dn/conda-forge/django-mfa2.svg)](https://anaconda.org/conda-forge/django-mfa2) 
 [![Conda Version](https://img.shields.io/conda/vn/conda-forge/django-mfa2.svg)](https://anaconda.org/conda-forge/django-mfa2) 
 Web Authencation API (WebAuthn) is state-of-the art techology that is expected to replace passwords.
 ![Andriod Fingerprint](https://cdn-images-1.medium.com/max/800/1*1FWkRE8D7NTA2Kn1DrPjPA.png)
@@ -199,6 +197,43 @@ function some_func() {
 ````
 # Testing
 We use `pytest` and several pytest plugins, especially the `pytest-django` and `pytest-cov` plugins that provide Django fixtures, and test coverage analysis.
 In the root folder, `pytest.ini` contains configurations for running the tests, `requirements_testing.txt` contains the python packages required for running tests, and the folder `tests` contains the actual test files.
 To run the tests, install the packages in requirements and requirements_testing.txt:
 ```bash
 pip install -r requirements.txt -r requirements_testing.txt
 ```
 then simply run pytest
 ```
 pytest
 ```
 to generate the coverage html pages:
 ```
 pytest --cov=. --cov-report html -v
 ```
 the coverage html files will be generated in the `htmlcov` folder
 We use `tox` to test the package against different isolated environments. `tox.ini` contains the configurations for tox. To run the tests in the environments defined in the `tox.ini` file, make sure the python package tox is installed:
 ```
 pip install tox
 ```
 then run tox in the project root:
 ```
 tox
 ```
 # Contributors
 * [mahmoodnasr](https://github.com/mahmoodnasr)
 * [d3cline](https://github.com/d3cline)
@@ -210,6 +245,8 @@ function some_func() {
 * [ezrajrice](https://github.com/ezrajrice)
 * [Spitfireap](https://github.com/Spitfireap)
 * [peterthomassen](https://github.com/peterthomassen)
 * [oussjarrousse](https://github.com/oussjarrousse)
 * [jkirkcaldy](https://github.com/jkirkcaldy)
 # Security contact information
--- a/example/example/auth.py
+++ b/example/example/auth.py
@@ -1,36 +1,30 @@
 from django.shortcuts import render
 from django.http import HttpResponseRedirect
 from django.urls import reverse
-from django.contrib.auth import authenticate, login, logout
+from django.contrib.auth import authenticate,login,logout
 from django.contrib.auth.models import User
 def loginView(request):
-    context = {}
+    context={}
-    if request.method == "POST":
+    if request.method=="POST":
-        username = request.POST["username"]
+        username=request.POST["username"]
-        password = request.POST["password"]
+        password=request.POST["password"]
-        user = authenticate(username=username, password=password)
+        user=authenticate(username=username,password=password)
        if user:
            from mfa.helpers import has_mfa
-
+            res = has_mfa(username = username, request = request)  # has_mfa returns false or HttpResponseRedirect
            res = has_mfa(
                username=username, request=request
            )  # has_mfa returns false or HttpResponseRedirect
            if res:
                return res
-            return create_session(request, user.username)
+            return create_session(request,user.username)
-        context["invalid"] = True
+        context["invalid"]=True
    return render(request, "login.html", context)
-
+def create_session(request,username):
-def create_session(request, username):
+    user=User.objects.get(username=username)
-    user = User.objects.get(username=username)
+    user.backend='django.contrib.auth.backends.ModelBackend'
    user.backend = "django.contrib.auth.backends.ModelBackend"
    login(request, user)
-    return HttpResponseRedirect(reverse("home"))
+    return HttpResponseRedirect(reverse('home'))
 def logoutView(request):
    logout(request)
-    return render(request, "logout.html", {})
+    return  render(request,"logout.html",{})
--- a/example/example/settings.py
+++ b/example/example/settings.py
@@ -21,65 +21,65 @@ BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
 # See https://docs.djangoproject.com/en/2.0/howto/deployment/checklist/
 # SECURITY WARNING: keep the secret key used in production secret!
-SECRET_KEY = "#9)q!_i3@pr-^3oda(e^3$x!kq3b4f33#5l@+=+&vuz+p6gb3g"
+SECRET_KEY = '#9)q!_i3@pr-^3oda(e^3$x!kq3b4f33#5l@+=+&vuz+p6gb3g'
 # SECURITY WARNING: don't run with debug turned on in production!
 DEBUG = True
-ALLOWED_HOSTS = ["*"]
+ALLOWED_HOSTS = ['*']
 # Application definition
 INSTALLED_APPS = [
-    "django.contrib.admin",
+    'django.contrib.admin',
-    "django.contrib.auth",
+    'django.contrib.auth',
-    "django.contrib.contenttypes",
+    'django.contrib.contenttypes',
-    "django.contrib.sessions",
+    'django.contrib.sessions',
-    "django.contrib.messages",
+    'django.contrib.messages',
-    "django.contrib.staticfiles",
+    'django.contrib.staticfiles',
-    "mfa",
+    'mfa',
-    "sslserver",
+    'sslserver'
 ]
 MIDDLEWARE = [
-    "django.middleware.security.SecurityMiddleware",
+    'django.middleware.security.SecurityMiddleware',
-    "django.contrib.sessions.middleware.SessionMiddleware",
+    'django.contrib.sessions.middleware.SessionMiddleware',
-    "django.middleware.common.CommonMiddleware",
+    'django.middleware.common.CommonMiddleware',
-    "django.middleware.csrf.CsrfViewMiddleware",
+    'django.middleware.csrf.CsrfViewMiddleware',
-    "django.contrib.auth.middleware.AuthenticationMiddleware",
+    'django.contrib.auth.middleware.AuthenticationMiddleware',
-    "django.contrib.messages.middleware.MessageMiddleware",
+    'django.contrib.messages.middleware.MessageMiddleware',
-    "django.middleware.clickjacking.XFrameOptionsMiddleware",
+    'django.middleware.clickjacking.XFrameOptionsMiddleware',
 ]
-ROOT_URLCONF = "example.urls"
+ROOT_URLCONF = 'example.urls'
 TEMPLATES = [
    {
-        "BACKEND": "django.template.backends.django.DjangoTemplates",
+        'BACKEND': 'django.template.backends.django.DjangoTemplates',
-        "DIRS": [os.path.join(BASE_DIR, "example", "templates")],
+        'DIRS': [os.path.join(BASE_DIR ,'example','templates' )],
-        "APP_DIRS": True,
+        'APP_DIRS': True,
-        "OPTIONS": {
+        'OPTIONS': {
-            "context_processors": [
+            'context_processors': [
-                "django.template.context_processors.debug",
+                'django.template.context_processors.debug',
-                "django.template.context_processors.request",
+                'django.template.context_processors.request',
-                "django.contrib.auth.context_processors.auth",
+                'django.contrib.auth.context_processors.auth',
-                "django.contrib.messages.context_processors.messages",
+                'django.contrib.messages.context_processors.messages',
            ],
        },
    },
 ]
-WSGI_APPLICATION = "example.wsgi.application"
+WSGI_APPLICATION = 'example.wsgi.application'
 # Database
 # https://docs.djangoproject.com/en/2.0/ref/settings/#databases
 DATABASES = {
-    "default": {
+    'default': {
-        "ENGINE": "django.db.backends.sqlite3",
+        'ENGINE': 'django.db.backends.sqlite3',
-        "NAME": "test_db",
+        'NAME': 'test_db',
    }
 }
@@ -89,16 +89,16 @@ DATABASES = {
 AUTH_PASSWORD_VALIDATORS = [
    {
-        "NAME": "django.contrib.auth.password_validation.UserAttributeSimilarityValidator",
+        'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator',
    },
    {
-        "NAME": "django.contrib.auth.password_validation.MinimumLengthValidator",
+        'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator',
    },
    {
-        "NAME": "django.contrib.auth.password_validation.CommonPasswordValidator",
+        'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator',
    },
    {
-        "NAME": "django.contrib.auth.password_validation.NumericPasswordValidator",
+        'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator',
    },
 ]
@@ -106,9 +106,9 @@ AUTH_PASSWORD_VALIDATORS = [
 # Internationalization
 # https://docs.djangoproject.com/en/2.0/topics/i18n/
-LANGUAGE_CODE = "en-us"
+LANGUAGE_CODE = 'en-us'
-TIME_ZONE = "UTC"
+TIME_ZONE = 'UTC'
 USE_I18N = True
@@ -120,38 +120,37 @@ USE_TZ = True
 # Static files (CSS, JavaScript, Images)
 # https://docs.djangoproject.com/en/2.0/howto/static-files/
-STATIC_URL = "/static/"
+STATIC_URL = '/static/'
-# STATIC_ROOT=(os.path.join(BASE_DIR,'static'))
+#STATIC_ROOT=(os.path.join(BASE_DIR,'static'))
-STATICFILES_DIRS = [os.path.join(BASE_DIR, "static")]
+STATICFILES_DIRS=[os.path.join(BASE_DIR,'static')]
-LOGIN_URL = "/auth/login"
+LOGIN_URL="/auth/login"
-EMAIL_FROM = "Test App"
+EMAIL_FROM='Test App'
-EMAIL_HOST = "smtp.gmail.com"
+EMAIL_HOST="smtp.gmail.com"
-EMAIL_PORT = 587
+EMAIL_PORT=587
-EMAIL_HOST_USER = ""
+EMAIL_HOST_USER=""
-EMAIL_HOST_PASSWORD = ""
+EMAIL_HOST_PASSWORD=''
-EMAIL_USE_TLS = True
+EMAIL_USE_TLS=True
-MFA_UNALLOWED_METHODS = ()  # Methods that shouldn't be allowed for the user
+
-MFA_LOGIN_CALLBACK = "example.auth.create_session"  # A function that should be called by username to login the user in session
+MFA_UNALLOWED_METHODS=()   # Methods that shouldn't be allowed for the user
-MFA_RECHECK = True  # Allow random rechecking of the user
+MFA_LOGIN_CALLBACK="example.auth.create_session"      # A function that should be called by username to login the user in session
-MFA_RECHECK_MIN = 10  # Minimum interval in seconds
+MFA_RECHECK=True           # Allow random rechecking of the user
-MFA_RECHECK_MAX = 30  # Maximum in seconds
+MFA_RECHECK_MIN=10         # Minimum interval in seconds
-MFA_QUICKLOGIN = True  # Allow quick login for returning users by provide only their 2FA
+MFA_RECHECK_MAX=30         # Maximum in seconds
-MFA_HIDE_DISABLE = ("",)  # Can the user disable his key (Added in 1.2.0).
+MFA_QUICKLOGIN=True        # Allow quick login for returning users by provide only their 2FA
-MFA_REDIRECT_AFTER_REGISTRATION = "registered"
+MFA_HIDE_DISABLE=('',)     # Can the user disable his key (Added in 1.2.0).
-MFA_SUCCESS_REGISTRATION_MSG = "Go to Home"
+MFA_REDIRECT_AFTER_REGISTRATION="registered"
 MFA_SUCCESS_REGISTRATION_MSG="Go to Home"
 MFA_ALWAYS_GO_TO_LAST_METHOD = True
 MFA_ENFORCE_RECOVERY_METHOD = True
-MFA_RENAME_METHODS = {"RECOVERY": "Backup Codes", "FIDO2": "Biometric Authentication"}
+MFA_RENAME_METHODS = {"RECOVERY":"Backup Codes","FIDO2":"Biometric Authentication"}
-PASSWORD_HASHERS = DEFAULT_PASSWORD_HASHERS  # Comment if PASSWORD_HASHER already set
+PASSWORD_HASHERS = DEFAULT_PASSWORD_HASHERS #Comment if PASSWORD_HASHER already set
-PASSWORD_HASHERS += ["mfa.recovery.Hash"]
+PASSWORD_HASHERS += ['mfa.recovery.Hash']
-RECOVERY_ITERATION = 1  # Number of iteration for recovery code, higher is more secure, but uses more resources for generation and check...
+RECOVERY_ITERATION = 1 #Number of iteration for recovery code, higher is more secure, but uses more resources for generation and check...
-TOKEN_ISSUER_NAME = "PROJECT_NAME"  # TOTP Issuer name
+TOKEN_ISSUER_NAME="PROJECT_NAME"      #TOTP Issuer name
-U2F_APPID = "https://localhost:9000"  # URL For U2F
+U2F_APPID="https://localhost:9000"    #URL For U2F
-FIDO_SERVER_ID = (
+FIDO_SERVER_ID="localhost"      # Server rp id for FIDO2, it the full domain of your project
-    "localhost"  # Server rp id for FIDO2, it the full domain of your project
+FIDO_SERVER_NAME="TestApp"
 )
 FIDO_SERVER_NAME = "TestApp"
--- a/example/example/urls.py
+++ b/example/example/urls.py
@@ -14,16 +14,15 @@ Including another URLconf
    2. Add a URL to urlpatterns:  path('blog/', include('blog.urls'))
 """
 from django.contrib import admin
-from django.urls import path, re_path, include
+from django.urls import path,re_path,include
-from . import views, auth
+from . import views,auth
 from mfa import TrustedDevice
 urlpatterns = [
-    path("admin/", admin.site.urls),
+    path('admin/', admin.site.urls),
-    path("mfa/", include("mfa.urls")),
+    path('mfa/', include('mfa.urls')),
-    path("auth/login", auth.loginView, name="login"),
+    path('auth/login',auth.loginView,name="login"),
-    path("auth/logout", auth.logoutView, name="logout"),
+    path('auth/logout',auth.logoutView,name="logout"),
-    path("devices/add/", TrustedDevice.add, name="add_trusted_device"),
+    path('devices/add/', TrustedDevice.add,name="add_trusted_device"),
-    re_path("^$", views.home, name="home"),
+    re_path('^$',views.home,name='home'),
-    path("registered/", views.registered, name="registered"),
+    path('registered/',views.registered,name='registered')
 ]
--- a/example/example/views.py
+++ b/example/example/views.py
@@ -4,9 +4,8 @@ from django.contrib.auth.decorators import login_required
@login_required()
 def home(request):
-    return render(request, "home.html", {})
+    return render(request,"home.html",{})
@login_required()
 def registered(request):
-    return render(request, "home.html", {"registered": True})
+    return render(request,"home.html",{"registered":True})
--- a/mfa/Common.py
+++ b/mfa/Common.py
@@ -1,26 +1,19 @@
 from django.conf import settings
 from django.core.mail import EmailMessage
 try:
    from django.urls import reverse
-except ImportError:
+except:
-    from django.core.urlresolver import reverse  # pyre-ignore[21]
+    from django.core.urlresolver import reverse
-
+def send(to,subject,body):
 def send(to, subject, body):
    from_email_address = settings.EMAIL_HOST_USER
-    if "@" not in from_email_address:
+    if '@' not in from_email_address:
        from_email_address = settings.DEFAULT_FROM_EMAIL
    From = "%s <%s>" % (settings.EMAIL_FROM, from_email_address)
-    email = EmailMessage(subject, body, From, to)
+    email = EmailMessage(subject,body,From,to)
    email.content_subtype = "html"
    return email.send(False)
 def get_redirect_url():
-    return {
+    return {"redirect_html": reverse(getattr(settings, 'MFA_REDIRECT_AFTER_REGISTRATION', 'mfa_home')),
-        "redirect_html": reverse(
+            "reg_success_msg":getattr(settings,"MFA_SUCCESS_REGISTRATION_MSG")}
            getattr(settings, "MFA_REDIRECT_AFTER_REGISTRATION", "mfa_home")
        ),
        "reg_success_msg": getattr(settings, "MFA_SUCCESS_REGISTRATION_MSG"),
    }
--- a/mfa/Email.py
+++ b/mfa/Email.py
@@ -1,107 +1,72 @@
 from django.shortcuts import render
 from django.views.decorators.cache import never_cache
 from django.template.context_processors import csrf
-import datetime, random
+import datetime,random
 from random import randint
 from .models import *
-
+#from django.template.context import RequestContext
 from .views import login
 from .Common import send
-
+def sendEmail(request,username,secret):
 def sendEmail(request, username, secret):
    """Send Email to the user after rendering `mfa_email_token_template`"""
    from django.contrib.auth import get_user_model
    User = get_user_model()
-    key = getattr(User, "USERNAME_FIELD", "username")
+    key = getattr(User, 'USERNAME_FIELD', 'username')
    kwargs = {key: username}
    user = User.objects.get(**kwargs)
-    res = render(
+    res=render(request,"mfa_email_token_template.html",{"request":request,"user":user,'otp':secret})
-        request,
+    return send([user.email],"OTP", res.content.decode())
        "mfa_email_token_template.html",
        {"request": request, "user": user, "otp": secret},
    )
    return send([user.email], "OTP", res.content.decode())
@never_cache
 def start(request):
    """Start adding email as a 2nd factor"""
    context = csrf(request)
    if request.method == "POST":
-        if request.session["email_secret"] == request.POST["otp"]:  # if successful
+        if request.session["email_secret"] == request.POST["otp"]:  #if successful
-            uk = User_Keys()
+            uk=User_Keys()
-            uk.username = request.user.username
+            uk.username=request.user.username
-            uk.key_type = "Email"
+            uk.key_type="Email"
-            uk.enabled = 1
+            uk.enabled=1
            uk.save()
            from django.http import HttpResponseRedirect
            try:
-                from django.core.urlresolvers import reverse  # pyre-ignore[21]
+                from django.core.urlresolvers import reverse
            except:
                from django.urls import reverse
-            if (
+            if getattr(settings, 'MFA_ENFORCE_RECOVERY_METHOD', False) and not User_Keys.objects.filter(
-                getattr(settings, "MFA_ENFORCE_RECOVERY_METHOD", False)
+                    key_type="RECOVERY", username=request.user.username).exists():
-                and not User_Keys.objects.filter(
+                request.session["mfa_reg"] = {"method": "Email",
-                    key_type="RECOVERY", username=request.user.username
+                                              "name": getattr(settings, "MFA_RENAME_METHODS", {}).get("Email", "Email")}
                ).exists()
            ):
                request.session["mfa_reg"] = {
                    "method": "Email",
                    "name": getattr(settings, "MFA_RENAME_METHODS", {}).get(
                        "Email", "Email"
                    ),
                }
            else:
-                return HttpResponseRedirect(
+                return HttpResponseRedirect(reverse(getattr(settings,'MFA_REDIRECT_AFTER_REGISTRATION','mfa_home')))
                    reverse(
                        getattr(settings, "MFA_REDIRECT_AFTER_REGISTRATION", "mfa_home")
                    )
                )
        context["invalid"] = True
    else:
-        request.session["email_secret"] = str(
+        request.session["email_secret"] = str(randint(0,100000))  #generate a random integer
            randint(0, 100000)
        )  # generate a random integer
        if sendEmail(request, request.user.username, request.session["email_secret"]):
            context["sent"] = True
-    return render(request, "Email/Add.html", context)
+    return render(request,"Email/Add.html", context)
@never_cache
 def auth(request):
    """Authenticating the user by email."""
-    context = csrf(request)
+    context=csrf(request)
-    if request.method == "POST":
+    if request.method=="POST":
-        if request.session["email_secret"] == request.POST["otp"].strip():
+        if request.session["email_secret"]==request.POST["otp"].strip():
-            uk = User_Keys.objects.get(
+            uk = User_Keys.objects.get(username=request.session["base_username"], key_type="Email")
-                username=request.session["base_username"], key_type="Email"
+            mfa = {"verified": True, "method": "Email","id":uk.id}
            )
            mfa = {"verified": True, "method": "Email", "id": uk.id}
            if getattr(settings, "MFA_RECHECK", False):
-                mfa["next_check"] = datetime.datetime.timestamp(
+                mfa["next_check"] = datetime.datetime.timestamp(datetime.datetime.now() + datetime.timedelta(
-                    datetime.datetime.now()
+                    seconds = random.randint(settings.MFA_RECHECK_MIN, settings.MFA_RECHECK_MAX)))
                    + datetime.timedelta(
                        seconds=random.randint(
                            settings.MFA_RECHECK_MIN, settings.MFA_RECHECK_MAX
                        )
                    )
                )
            request.session["mfa"] = mfa
            from django.utils import timezone
-
+            uk.last_used=timezone.now()
            uk.last_used = timezone.now()
            uk.save()
            return login(request)
-        context["invalid"] = True
+        context["invalid"]=True
    else:
        request.session["email_secret"] = str(randint(0, 100000))
-        if sendEmail(
+        if sendEmail(request, request.session["base_username"], request.session["email_secret"]):
            request, request.session["base_username"], request.session["email_secret"]
        ):
            context["sent"] = True
-    return render(request, "Email/Auth.html", context)
+    return render(request,"Email/Auth.html", context)
--- a/mfa/FIDO2.py
+++ b/mfa/FIDO2.py
@@ -1,14 +1,15 @@
 from fido2.client import Fido2Client
 from fido2.server import Fido2Server, PublicKeyCredentialRpEntity
 from fido2.webauthn import AttestationObject, AuthenticatorData, CollectedClientData
 from django.template.context_processors import csrf
 from django.views.decorators.csrf import csrf_exempt
 from django.shortcuts import render
-
+# from django.template.context import RequestContext
 import simplejson
 from fido2 import cbor
 from django.http import HttpResponse
 from django.conf import settings
-from .models import User_Keys
+from .models import *
 from fido2.utils import websafe_decode, websafe_encode
 from fido2.webauthn import AttestedCredentialData
 from .views import login, reset_cookie
@@ -17,7 +18,6 @@ from .Common import get_redirect_url
 from django.utils import timezone
 from django.http import JsonResponse
 def recheck(request):
    """Starts FIDO2 recheck"""
    context = csrf(request)
@@ -28,28 +28,21 @@ def recheck(request):
 def getServer():
    """Get Server Info from settings and returns a Fido2Server"""
-    rp = PublicKeyCredentialRpEntity(
+    rp = PublicKeyCredentialRpEntity(id=settings.FIDO_SERVER_ID, name=settings.FIDO_SERVER_NAME)
        id=settings.FIDO_SERVER_ID, name=settings.FIDO_SERVER_NAME
    )
    return Fido2Server(rp)
 def begin_registeration(request):
    """Starts registering a new FIDO Device, called from API"""
    server = getServer()
-    registration_data, state = server.register_begin(
+    registration_data, state = server.register_begin({
-        {
+        u'id': request.user.username.encode("utf8"),
-            "id": request.user.username.encode("utf8"),
+        u'name': (request.user.first_name + " " + request.user.last_name),
-            "name": (request.user.first_name + " " + request.user.last_name),
+        u'displayName': request.user.username,
-            "displayName": request.user.username,
+    }, getUserCredentials(request.user.username))
-        },
+    request.session['fido_state'] = state
        getUserCredentials(request.user.username),
    )
    request.session["fido_state"] = state
-    return HttpResponse(
+    return HttpResponse(cbor.encode(registration_data), content_type = 'application/octet-stream')
        cbor.encode(registration_data), content_type="application/octet-stream"
    )
@csrf_exempt
@@ -57,81 +50,53 @@ def complete_reg(request):
    """Completes the registeration, called by API"""
    try:
        if not "fido_state" in request.session:
-            return JsonResponse(
+            return JsonResponse({'status': 'ERR', "message": "FIDO Status can't be found, please try again"})
                {
                    "status": "ERR",
                    "message": "FIDO Status can't be found, please try again",
                }
            )
        data = cbor.decode(request.body)
-        client_data = CollectedClientData(data["clientDataJSON"])
+        client_data = CollectedClientData(data['clientDataJSON'])
-        att_obj = AttestationObject((data["attestationObject"]))
+        att_obj = AttestationObject((data['attestationObject']))
        server = getServer()
        auth_data = server.register_complete(
-            request.session.pop("fido_state"), client_data, att_obj
+            request.session.pop('fido_state'),
            client_data,
            att_obj
        )
        encoded = websafe_encode(auth_data.credential_data)
        uk = User_Keys()
        uk.username = request.user.username
-        uk.properties = {
+        uk.properties = {"device": encoded, "type": att_obj.fmt, }
            "device": encoded,
            "type": att_obj.fmt,
        }
        uk.owned_by_enterprise = getattr(settings, "MFA_OWNED_BY_ENTERPRISE", False)
        uk.key_type = "FIDO2"
        uk.save()
-        if (
+        if getattr(settings, 'MFA_ENFORCE_RECOVERY_METHOD', False) and not User_Keys.objects.filter(key_type = "RECOVERY", username=request.user.username).exists():
-            getattr(settings, "MFA_ENFORCE_RECOVERY_METHOD", False)
+            request.session["mfa_reg"] = {"method":"FIDO2","name": getattr(settings, "MFA_RENAME_METHODS", {}).get("FIDO2", "FIDO2")}
-            and not User_Keys.objects.filter(
+            return HttpResponse(simplejson.dumps({'status': 'RECOVERY'}))
                key_type="RECOVERY", username=request.user.username
            ).exists()
        ):
            request.session["mfa_reg"] = {
                "method": "FIDO2",
                "name": getattr(settings, "MFA_RENAME_METHODS", {}).get(
                    "FIDO2", "FIDO2"
                ),
            }
            return HttpResponse(simplejson.dumps({"status": "RECOVERY"}))
        else:
-            return HttpResponse(simplejson.dumps({"status": "OK"}))
+            return HttpResponse(simplejson.dumps({'status': 'OK'}))
    except Exception as exp:
        import traceback
        print(traceback.format_exc())
        try:
            from raven.contrib.django.raven_compat.models import client
            client.captureException()
        except:
            pass
-        return JsonResponse(
+        return JsonResponse({'status': 'ERR', "message": "Error on server, please try again later"})
            {"status": "ERR", "message": "Error on server, please try again later"}
        )
 def start(request):
    """Start Registration a new FIDO Token"""
    context = csrf(request)
    context.update(get_redirect_url())
-    context["method"] = {
+    context["method"] = {"name":getattr(settings,"MFA_RENAME_METHODS",{}).get("FIDO2","FIDO2 Security Key")}
-        "name": getattr(settings, "MFA_RENAME_METHODS", {}).get(
+    context["RECOVERY_METHOD"]=getattr(settings,"MFA_RENAME_METHODS",{}).get("RECOVERY","Recovery codes")
            "FIDO2", "FIDO2 Security Key"
        )
    }
    context["RECOVERY_METHOD"] = getattr(settings, "MFA_RENAME_METHODS", {}).get(
        "RECOVERY", "Recovery codes"
    )
    return render(request, "FIDO2/Add.html", context)
 def getUserCredentials(username):
    credentials = []
-    for uk in User_Keys.objects.filter(username=username, key_type="FIDO2"):
+    for uk in User_Keys.objects.filter(username = username, key_type = "FIDO2"):
-        credentials.append(
+        credentials.append(AttestedCredentialData(websafe_decode(uk.properties["device"])))
            AttestedCredentialData(websafe_decode(uk.properties["device"]))
        )
    return credentials
@@ -142,12 +107,10 @@ def auth(request):
 def authenticate_begin(request):
    server = getServer()
-    credentials = getUserCredentials(
+    credentials = getUserCredentials(request.session.get("base_username", request.user.username))
        request.session.get("base_username", request.user.username)
    )
    auth_data, state = server.authenticate_begin(credentials)
-    request.session["fido_state"] = state
+    request.session['fido_state'] = state
-    return HttpResponse(cbor.encode(auth_data), content_type="application/octet-stream")
+    return HttpResponse(cbor.encode(auth_data), content_type = "application/octet-stream")
@csrf_exempt
@@ -158,76 +121,49 @@ def authenticate_complete(request):
        server = getServer()
        credentials = getUserCredentials(username)
        data = cbor.decode(request.body)
-        credential_id = data["credentialId"]
+        credential_id = data['credentialId']
-        client_data = CollectedClientData(data["clientDataJSON"])
+        client_data = CollectedClientData(data['clientDataJSON'])
-        auth_data = AuthenticatorData(data["authenticatorData"])
+        auth_data = AuthenticatorData(data['authenticatorData'])
-        signature = data["signature"]
+        signature = data['signature']
        try:
            cred = server.authenticate_complete(
-                request.session.pop("fido_state"),
+                request.session.pop('fido_state'),
                credentials,
                credential_id,
                client_data,
                auth_data,
-                signature,
+                signature
            )
        except ValueError:
-            return HttpResponse(
+            return HttpResponse(simplejson.dumps({'status': "ERR",
-                simplejson.dumps(
+                                                  "message": "Wrong challenge received, make sure that this is your security and try again."}),
-                    {
+                                content_type = "application/json")
                        "status": "ERR",
                        "message": "Wrong challenge received, make sure that this is your security and try again.",
                    }
                ),
                content_type="application/json",
            )
        except Exception as excep:
            try:
                from raven.contrib.django.raven_compat.models import client
                client.captureException()
            except:
                pass
-            return HttpResponse(
+            return HttpResponse(simplejson.dumps({'status': "ERR",
-                simplejson.dumps({"status": "ERR", "message": str(excep)}),
+                                                  "message": str(excep)}),
-                content_type="application/json",
+                                content_type = "application/json")
            )
        if request.session.get("mfa_recheck", False):
            import time
            request.session["mfa"]["rechecked_at"] = time.time()
-            return HttpResponse(
+            return HttpResponse(simplejson.dumps({'status': "OK"}),
-                simplejson.dumps({"status": "OK"}), content_type="application/json"
+                                content_type = "application/json")
            )
        else:
            import random
-
+            keys = User_Keys.objects.filter(username = username, key_type = "FIDO2", enabled = 1)
            keys = User_Keys.objects.filter(
                username=username, key_type="FIDO2", enabled=1
            )
            for k in keys:
-                if (
+                if AttestedCredentialData(websafe_decode(k.properties["device"])).credential_id == cred.credential_id:
                    AttestedCredentialData(
                        websafe_decode(k.properties["device"])
                    ).credential_id
                    == cred.credential_id
                ):
                    k.last_used = timezone.now()
                    k.save()
-                    mfa = {"verified": True, "method": "FIDO2", "id": k.id}
+                    mfa = {"verified": True, "method": "FIDO2", 'id': k.id}
                    if getattr(settings, "MFA_RECHECK", False):
-                        mfa["next_check"] = datetime.datetime.timestamp(
+                        mfa["next_check"] = datetime.datetime.timestamp((datetime.datetime.now() + datetime.timedelta(
-                            (
+                            seconds = random.randint(settings.MFA_RECHECK_MIN, settings.MFA_RECHECK_MAX))))
                                datetime.datetime.now()
                                + datetime.timedelta(
                                    seconds=random.randint(
                                        settings.MFA_RECHECK_MIN,
                                        settings.MFA_RECHECK_MAX,
                                    )
                                )
                            )
                        )
                    request.session["mfa"] = mfa
                    try:
                        authenticated = request.user.is_authenticated
@@ -235,20 +171,11 @@ def authenticate_complete(request):
                        authenticated = request.user.is_authenticated()
                    if not authenticated:
                        res = login(request)
-                        if not "location" in res:
+                        if not "location" in res: return reset_cookie(request)
-                            return reset_cookie(request)
+                        return HttpResponse(simplejson.dumps({'status': "OK", "redirect": res["location"]}),
-                        return HttpResponse(
+                                            content_type = "application/json")
-                            simplejson.dumps(
+                    return HttpResponse(simplejson.dumps({'status': "OK"}),
-                                {"status": "OK", "redirect": res["location"]}
+                                        content_type = "application/json")
                            ),
                            content_type="application/json",
                        )
                    return HttpResponse(
                        simplejson.dumps({"status": "OK"}),
                        content_type="application/json",
                    )
    except Exception as exp:
-        return HttpResponse(
+        return HttpResponse(simplejson.dumps({'status': "ERR", "message": exp.message}),
-            simplejson.dumps({"status": "ERR", "message": exp.message}),
+                            content_type = "application/json")
            content_type="application/json",
        )
--- a/mfa/TrustedDevice.py
+++ b/mfa/TrustedDevice.py
@@ -2,177 +2,138 @@ import string
 import random
 from django.shortcuts import render
 from django.http import HttpResponse
 from django.template.context import RequestContext
 from django.template.context_processors import csrf
 from .models import *
 import user_agents
 from django.utils import timezone
 from django.urls import reverse
 from .models import User_Keys
 def id_generator(size=6, chars=string.ascii_uppercase + string.digits):
-    x = "".join(random.choice(chars) for _ in range(size))
+    x=''.join(random.choice(chars) for _ in range(size))
-    if not User_Keys.objects.filter(properties__icontains='"key": "%s"' % x).exists():
+    if not User_Keys.objects.filter(properties__icontains='"key": "%s"'%x).exists(): return x
-        return x
+    else: return id_generator(size,chars)
    return id_generator(size, chars)
 def getUserAgent(request):
-    device_id = request.session.get("td_id", None)
+    id=id=request.session.get("td_id",None)
-    if device_id:
+    if id:
-        tk = User_Keys.objects.get(id=device_id)
+        tk=User_Keys.objects.get(id=id)
-        if tk.properties.get("user_agent", "") != "":
+        if tk.properties.get("user_agent","")!="":
            ua = user_agents.parse(tk.properties["user_agent"])
-            res = render(None, "TrustedDevices/user-agent.html", context={"ua": ua})
+            res = render(None, "TrustedDevices/user-agent.html", context={"ua":ua})
            return HttpResponse(res)
-    return HttpResponse("No Device provide", status=401)
+    return HttpResponse("")
 def trust_device(request):
    tk = User_Keys.objects.get(id=request.session["td_id"])
-    tk.properties["status"] = "trusted"
+    tk.properties["status"]="trusted"
    tk.save()
    del request.session["td_id"]
    return HttpResponse("OK")
 def checkTrusted(request):
    res = ""
-    id = request.session.get("td_id", "")
+    id=request.session.get("td_id","")
-    if id != "":
+    if id!="":
        try:
            tk = User_Keys.objects.get(id=id)
-            if tk.properties["status"] == "trusted":
+            if tk.properties["status"] == "trusted": res = "OK"
                res = "OK"
        except:
            pass
    return HttpResponse(res)
 def getCookie(request):
    tk = User_Keys.objects.get(id=request.session["td_id"])
    if tk.properties["status"] == "trusted":
-        context = {"added": True}
+        context={"added":True}
-        response = render(request, "TrustedDevices/Done.html", context)
+        response = render(request,"TrustedDevices/Done.html", context)
        from datetime import datetime, timedelta
        expires = datetime.now() + timedelta(days=180)
-        tk.expires = expires
+        tk.expires=expires
        tk.save()
        response.set_cookie("deviceid", tk.properties["signature"], expires=expires)
        return response
 def add(request):
-    context = csrf(request)
+    context=csrf(request)
-    if request.method == "GET":
+    if request.method=="GET":
-        context.update(
+        context.update({"username":request.GET.get('u',''),"key":request.GET.get('k','')})
-            {"username": request.GET.get("u", ""), "key": request.GET.get("k", "")}
+        return render(request,"TrustedDevices/Add.html",context)
        )
        return render(request, "TrustedDevices/Add.html", context)
    else:
-        key = request.POST["key"].replace("-", "").replace(" ", "").upper()
+        key=request.POST["key"].replace("-","").replace(" ","").upper()
        context["username"] = request.POST["username"]
        context["key"] = request.POST["key"]
-        trusted_keys = User_Keys.objects.filter(
+        trusted_keys=User_Keys.objects.filter(username=request.POST["username"],properties__icontains='"key": "%s"'%key)
-            username=request.POST["username"], properties__icontains='"key": "%s"' % key
+        cookie=False
        )
        cookie = False
        if trusted_keys.exists():
-            tk = trusted_keys[0]
+            tk=trusted_keys[0]
-            request.session["td_id"] = tk.id
+            request.session["td_id"]=tk.id
-            ua = request.META["HTTP_USER_AGENT"]
+            ua=request.META['HTTP_USER_AGENT']
-            agent = user_agents.parse(ua)
+            agent=user_agents.parse(ua)
            if agent.is_pc:
-                context["invalid"] = "This is a PC, it can't used as a trusted device."
+                context["invalid"]="This is a PC, it can't used as a trusted device."
            else:
-                tk.properties["user_agent"] = ua
+                tk.properties["user_agent"]=ua
                tk.save()
-                context["success"] = True
+                context["success"]=True
            # tk.properties["user_agent"]=ua
            # tk.save()
            # context["success"]=True
        else:
-            context[
+            context["invalid"]="The username or key is wrong, please check and try again."
                "invalid"
            ] = "The username or key is wrong, please check and try again."
        return render(request, "TrustedDevices/Add.html", context)
        return  render(request,"TrustedDevices/Add.html", context)
 def start(request):
-    if (
+    if User_Keys.objects.filter(username=request.user.username,key_type="Trusted Device").count()>= 2:
-        User_Keys.objects.filter(
+        return render(request,"TrustedDevices/start.html",{"not_allowed":True})
-            username=request.user.username, key_type="Trusted Device"
+    td=None
-        ).count()
+    if not request.session.get("td_id",None):
-        >= 2
+        td=User_Keys()
-    ):
+        td.username=request.user.username
-        return render(request, "TrustedDevices/start.html", {"not_allowed": True})
+        td.properties={"key":id_generator(),"status":"adding"}
-    td = None
+        td.key_type="Trusted Device"
    if not request.session.get("td_id", None):
        td = User_Keys()
        td.username = request.user.username
        td.properties = {"key": id_generator(), "status": "adding"}
        td.key_type = "Trusted Device"
        td.save()
-        request.session["td_id"] = td.id
+        request.session["td_id"]=td.id
    try:
-        if td == None:
+        if td==None: td=User_Keys.objects.get(id=request.session["td_id"])
-            td = User_Keys.objects.get(id=request.session["td_id"])
+        context={"key":td.properties["key"],"url":request.scheme+"://"+request.get_host() + reverse('add_trusted_device')}
        context = {
            "key": td.properties["key"],
            "url": request.scheme
            + "://"
            + request.get_host()
            + reverse("add_trusted_device"),
        }
    except:
        del request.session["td_id"]
        return start(request)
-    return render(request, "TrustedDevices/start.html", context)
+    return render(request,"TrustedDevices/start.html",context)
 def send_email(request):
-    body = render(request, "TrustedDevices/email.html", {}).content
+    body=render(request,"TrustedDevices/email.html",{}).content
    from .Common import send
-
+    e=request.user.email
-    e = request.user.email
+    if e=="":
-    if e == "":
+        e=request.session.get("user",{}).get("email","")
-        e = request.session.get("user", {}).get("email", "")
+    if e=="":
    if e == "":
        res = "User has no email on the system."
-    elif send([e], "Add Trusted Device Link", body):
+    elif send([e],"Add Trusted Device Link",body):
-        res = "Sent Successfully"
+        res="Sent Successfully"
    else:
-        res = "Error occured, please try again later."
+        res="Error occured, please try again later."
    return HttpResponse(res)
 def verify(request):
-    if request.COOKIES.get("deviceid", None):
+    if request.COOKIES.get('deviceid',None):
        from jose import jwt
-
+        json= jwt.decode(request.COOKIES.get('deviceid'),settings.SECRET_KEY)
-        json = jwt.decode(request.COOKIES.get("deviceid"), settings.SECRET_KEY)
+        if json["username"].lower()== request.session['base_username'].lower():
        if json["username"].lower() == request.session["base_username"].lower():
            try:
-                uk = User_Keys.objects.get(
+                uk = User_Keys.objects.get(username=request.POST["username"].lower(), properties__icontains='"key": "%s"'%json["key"])
                    username=request.POST["username"].lower(),
                    properties__icontains='"key": "%s"' % json["key"],
                )
                if uk.enabled and uk.properties["status"] == "trusted":
-                    uk.last_used = timezone.now()
+                    uk.last_used=timezone.now()
                    uk.save()
-                    request.session["mfa"] = {
+                    request.session["mfa"] = {"verified": True, "method": "Trusted Device","id":uk.id}
                        "verified": True,
                        "method": "Trusted Device",
                        "id": uk.id,
                    }
                    return True
            except:
                import traceback
                print(traceback.format_exc())
                return False
    return False
--- a/mfa/U2F.py
+++ b/mfa/U2F.py
@@ -1,171 +1,123 @@
-from u2flib_server.u2f import (
+
-    begin_registration,
+from u2flib_server.u2f import (begin_registration, begin_authentication,
-    begin_authentication,
+                               complete_registration, complete_authentication)
    complete_registration,
    complete_authentication,
 )
 from cryptography import x509
 from cryptography.hazmat.backends import default_backend
 from cryptography.hazmat.primitives.serialization import Encoding
 from django.shortcuts import render
 import simplejson
-
+#from django.template.context import RequestContext
 from django.template.context_processors import csrf
 from django.http import HttpResponse
 from django.conf import settings
-from .models import User_Keys
+from django.http import HttpResponse
 from .models import *
 from .views import login
 from .Common import get_redirect_url
 import datetime
 from django.utils import timezone
 def recheck(request):
    context = csrf(request)
-    context["mode"] = "recheck"
+    context["mode"]="recheck"
    s = sign(request.user.username)
    request.session["_u2f_challenge_"] = s[0]
    context["token"] = s[1]
-    request.session["mfa_recheck"] = True
+    request.session["mfa_recheck"]=True
-    return render(request, "U2F/recheck.html", context)
+    return render(request,"U2F/recheck.html", context)
 def process_recheck(request):
-    x = validate(request, request.user.username)
+    x=validate(request,request.user.username)
-    if x == True:
+    if x==True:
        import time
        request.session["mfa"]["rechecked_at"] = time.time()
-        return HttpResponse(
+        return HttpResponse(simplejson.dumps({"recheck":True}),content_type="application/json")
            simplejson.dumps({"recheck": True}), content_type="application/json"
        )
    return x
 def check_errors(request, data):
    if "errorCode" in data:
-        if data["errorCode"] == 0:
+        if data["errorCode"] == 0: return True
            return True
        if data["errorCode"] == 4:
            return HttpResponse("Invalid Security Key")
        if data["errorCode"] == 1:
            return auth(request)
    return True
-
+def validate(request,username):
 def validate(request, username):
    import datetime, random
    data = simplejson.loads(request.POST["response"])
-    res = check_errors(request, data)
+    res= check_errors(request,data)
-    if res != True:
+    if res!=True:
        return res
-    challenge = request.session.pop("_u2f_challenge_")
+    challenge = request.session.pop('_u2f_challenge_')
    device, c, t = complete_authentication(challenge, data, [settings.U2F_APPID])
    try:
-        key = User_Keys.objects.get(
+        key=User_Keys.objects.get(username=username,properties__icontains='"publicKey": "%s"'%device["publicKey"])
-            username=username,
+        key.last_used=timezone.now()
            properties__icontains='"publicKey": "%s"' % device["publicKey"],
        )
        key.last_used = timezone.now()
        key.save()
-        mfa = {"verified": True, "method": "U2F", "id": key.id}
+        mfa = {"verified": True, "method": "U2F","id":key.id}
        if getattr(settings, "MFA_RECHECK", False):
-            mfa["next_check"] = datetime.datetime.timestamp(
+            mfa["next_check"] = datetime.datetime.timestamp((datetime.datetime.now()
-                (
+                                     + datetime.timedelta(
-                    datetime.datetime.now()
+                        seconds=random.randint(settings.MFA_RECHECK_MIN, settings.MFA_RECHECK_MAX))))
                    + datetime.timedelta(
                        seconds=random.randint(
                            settings.MFA_RECHECK_MIN, settings.MFA_RECHECK_MAX
                        )
                    )
                )
            )
        request.session["mfa"] = mfa
        return True
    except:
        return False
 def auth(request):
    context = csrf(request)
    s = sign(request.session["base_username"])
    request.session["_u2f_challenge_"] = s[0]
    context["token"] = s[1]
    context["method"] = {
        "name": getattr(settings, "MFA_RENAME_METHODS", {}).get(
            "U2F", "Classical Security Key"
        )
    }
    return render(request, "U2F/Auth.html", context)
 def auth(request):
    context=csrf(request)
    s=sign(request.session["base_username"])
    request.session["_u2f_challenge_"]=s[0]
    context["token"]=s[1]
    context["method"] = {"name": getattr(settings, "MFA_RENAME_METHODS", {}).get("U2F", "Classical Security Key")}
    return render(request,"U2F/Auth.html",context)
 def start(request):
    enroll = begin_registration(settings.U2F_APPID, [])
-    request.session["_u2f_enroll_"] = enroll.json
+    request.session['_u2f_enroll_'] = enroll.json
-    context = csrf(request)
+    context=csrf(request)
-    context["token"] = simplejson.dumps(enroll.data_for_client)
+    context["token"]=simplejson.dumps(enroll.data_for_client)
    context.update(get_redirect_url())
-    context["method"] = {
+    context["method"] = {"name": getattr(settings, "MFA_RENAME_METHODS", {}).get("U2F", "Classical Security Key")}
-        "name": getattr(settings, "MFA_RENAME_METHODS", {}).get(
+    context["RECOVERY_METHOD"] = getattr(settings, "MFA_RENAME_METHODS", {}).get("RECOVERY", "Recovery codes")
-            "U2F", "Classical Security Key"
+    return render(request,"U2F/Add.html",context)
        )
    }
    context["RECOVERY_METHOD"] = getattr(settings, "MFA_RENAME_METHODS", {}).get(
        "RECOVERY", "Recovery codes"
    )
    return render(request, "U2F/Add.html", context)
 def bind(request):
    import hashlib
-
+    enroll = request.session['_u2f_enroll_']
-    enroll = request.session["_u2f_enroll_"]
+    data=simplejson.loads(request.POST["response"])
    data = simplejson.loads(request.POST["response"])
    device, cert = complete_registration(enroll, data, [settings.U2F_APPID])
    cert = x509.load_der_x509_certificate(cert, default_backend())
-    cert_hash = hashlib.md5(cert.public_bytes(Encoding.PEM)).hexdigest()
+    cert_hash=hashlib.md5(cert.public_bytes(Encoding.PEM)).hexdigest()
-    q = User_Keys.objects.filter(key_type="U2F", properties__icontains=cert_hash)
+    q=User_Keys.objects.filter(key_type="U2F", properties__icontains= cert_hash)
    if q.exists():
-        return HttpResponse(
+        return HttpResponse("This key is registered before, it can't be registered again.")
-            "This key is registered before, it can't be registered again."
+    User_Keys.objects.filter(username=request.user.username,key_type="U2F").delete()
        )
    User_Keys.objects.filter(username=request.user.username, key_type="U2F").delete()
    uk = User_Keys()
    uk.username = request.user.username
    uk.owned_by_enterprise = getattr(settings, "MFA_OWNED_BY_ENTERPRISE", False)
-    uk.properties = {"device": simplejson.loads(device.json), "cert": cert_hash}
+    uk.properties = {"device":simplejson.loads(device.json),"cert":cert_hash}
    uk.key_type = "U2F"
    uk.save()
-    if (
+    if getattr(settings, 'MFA_ENFORCE_RECOVERY_METHOD', False) and not User_Keys.objects.filter(key_type="RECOVERY",
-        getattr(settings, "MFA_ENFORCE_RECOVERY_METHOD", False)
+                                                                                                username=request.user.username).exists():
-        and not User_Keys.objects.filter(
+        request.session["mfa_reg"] = {"method": "U2F",
-            key_type="RECOVERY", username=request.user.username
+                                      "name": getattr(settings, "MFA_RENAME_METHODS", {}).get("U2F", "Classical Security Key")}
-        ).exists()
+        return HttpResponse('RECOVERY')
    ):
        request.session["mfa_reg"] = {
            "method": "U2F",
            "name": getattr(settings, "MFA_RENAME_METHODS", {}).get(
                "U2F", "Classical Security Key"
            ),
        }
        return HttpResponse("RECOVERY")
    return HttpResponse("OK")
 def sign(username):
-    u2f_devices = [
+    u2f_devices=[d.properties["device"] for d in User_Keys.objects.filter(username=username,key_type="U2F")]
        d.properties["device"]
        for d in User_Keys.objects.filter(username=username, key_type="U2F")
    ]
    challenge = begin_authentication(settings.U2F_APPID, u2f_devices)
-    return [challenge.json, simplejson.dumps(challenge.data_for_client)]
+    return [challenge.json,simplejson.dumps(challenge.data_for_client)]
 def verify(request):
-    x = validate(request, request.session["base_username"])
+    x= validate(request,request.session["base_username"])
-    if x == True:
+    if x==True:
        return login(request)
-    else:
+    else: return x
        return x
--- a/mfa/init.py
+++ b/mfa/init.py
@@ -1 +1 @@
-__version__ = "2.2.0"
+__version__="2.2.0"
--- a/mfa/apps.py
+++ b/mfa/apps.py
@@ -1,6 +1,4 @@
 from django.apps import AppConfig
 class myAppNameConfig(AppConfig):
-    name = "mfa"
+    name = 'mfa'
-    verbose_name = "A Much Better Name"
+    verbose_name = 'Django MFA2'
--- a/mfa/helpers.py
+++ b/mfa/helpers.py
@@ -1,46 +1,32 @@
-from .models import User_Keys
+import pyotp
 from .models import *
 from . import TrustedDevice, U2F, FIDO2, totp
 import simplejson
 from django.shortcuts import HttpResponse
-from mfa.views import verify
+from mfa.views import verify,goto
-
+def has_mfa(request,username):
-
+    if User_Keys.objects.filter(username=username,enabled=1).count()>0:
 def has_mfa(request, username):
    if User_Keys.objects.filter(username=username, enabled=1).count() > 0:
        return verify(request, username)
    return False
-
+def is_mfa(request,ignore_methods=[]):
-def is_mfa(request, ignore_methods=[]):
+    if request.session.get("mfa",{}).get("verified",False):
-    if request.session.get("mfa", {}).get("verified", False):
+        if not request.session.get("mfa",{}).get("method",None) in ignore_methods:
        if not request.session.get("mfa", {}).get("method", None) in ignore_methods:
            return True
    return False
 def recheck(request):
-    method = request.session.get("mfa", {}).get("method", None)
+    method=request.session.get("mfa",{}).get("method",None)
    if not method:
-        return HttpResponse(
+        return HttpResponse(simplejson.dumps({"res":False}),content_type="application/json")
-            simplejson.dumps({"res": False}), content_type="application/json"
+    if method=="Trusted Device":
-        )
+        return HttpResponse(simplejson.dumps({"res":TrustedDevice.verify(request)}),content_type="application/json")
-    if method == "Trusted Device":
+    elif method=="U2F":
-        return HttpResponse(
+        return HttpResponse(simplejson.dumps({"html": U2F.recheck(request).content}), content_type="application/json")
            simplejson.dumps({"res": TrustedDevice.verify(request)}),
            content_type="application/json",
        )
    elif method == "U2F":
        return HttpResponse(
            simplejson.dumps({"html": U2F.recheck(request).content}),
            content_type="application/json",
        )
    elif method == "FIDO2":
-        return HttpResponse(
+        return HttpResponse(simplejson.dumps({"html": FIDO2.recheck(request).content}), content_type="application/json")
-            simplejson.dumps({"html": FIDO2.recheck(request).content}),
+    elif method=="TOTP":
-            content_type="application/json",
+        return HttpResponse(simplejson.dumps({"html": totp.recheck(request).content}), content_type="application/json")
-        )
+
-    elif method == "TOTP":
+
-        return HttpResponse(
+
            simplejson.dumps({"html": totp.recheck(request).content}),
            content_type="application/json",
        )
--- a/mfa/middleware.py
+++ b/mfa/middleware.py
@@ -1,25 +1,13 @@
 import time
 from django.http import HttpResponseRedirect
-
+from django.core.urlresolvers import reverse
 try:
    from django.urls import reverse
 except ImportError:
    from django.core.urlresolvers import reverse  # pyre-ignore[21]
 from django.conf import settings
 def process(request):
-    next_check = request.session.get("mfa", {}).get("next_check", False)
+    next_check=request.session.get('mfa',{}).get("next_check",False)
-    if not next_check:
+    if not next_check: return None
-        return None
+    now=int(time.time())
    now = int(time.time())
    if now >= next_check:
-        method = request.session["mfa"]["method"]
+        method=request.session["mfa"]["method"]
        path = request.META["PATH_INFO"]
-        return HttpResponseRedirect(
+        return HttpResponseRedirect(reverse(method+"_auth")+"?next=%s"%(settings.BASE_URL + path).replace("//", "/"))
-            reverse(method + "_auth")
+    return None
            + "?next=%s" % (settings.BASE_URL + path).replace("//", "/")
        )
    return None
--- a/mfa/migrations/0001_initial.py
+++ b/mfa/migrations/0001_initial.py
@@ -5,24 +5,18 @@ from django.db import models, migrations
 class Migration(migrations.Migration):
-    dependencies = []
+
    dependencies = [
    ]
    operations = [
        migrations.CreateModel(
-            name="User_Keys",
+            name='User_Keys',
            fields=[
-                (
+                ('id', models.AutoField(verbose_name='ID', serialize=False, auto_created=True, primary_key=True)),
-                    "id",
+                ('username', models.CharField(max_length=50)),
-                    models.AutoField(
+                ('secret_key', models.CharField(max_length=15)),
-                        verbose_name="ID",
+                ('added_on', models.DateTimeField(auto_now_add=True)),
                        serialize=False,
                        auto_created=True,
                        primary_key=True,
                    ),
                ),
                ("username", models.CharField(max_length=50)),
                ("secret_key", models.CharField(max_length=15)),
                ("added_on", models.DateTimeField(auto_now_add=True)),
            ],
        ),
    ]
--- a/mfa/migrations/0002_user_keys_key_type.py
+++ b/mfa/migrations/0002_user_keys_key_type.py
@@ -5,14 +5,15 @@ from django.db import models, migrations
 class Migration(migrations.Migration):
    dependencies = [
-        ("mfa", "0001_initial"),
+        ('mfa', '0001_initial'),
    ]
    operations = [
        migrations.AddField(
-            model_name="user_keys",
+            model_name='user_keys',
-            name="key_type",
+            name='key_type',
-            field=models.CharField(default=b"TOTP", max_length=25),
+            field=models.CharField(default=b'TOTP', max_length=25),
        ),
    ]
--- a/mfa/migrations/0003_auto_20181114_2159.py
+++ b/mfa/migrations/0003_auto_20181114_2159.py
@@ -5,14 +5,15 @@ from django.db import models, migrations
 class Migration(migrations.Migration):
    dependencies = [
-        ("mfa", "0002_user_keys_key_type"),
+        ('mfa', '0002_user_keys_key_type'),
    ]
    operations = [
        migrations.AlterField(
-            model_name="user_keys",
+            model_name='user_keys',
-            name="secret_key",
+            name='secret_key',
            field=models.CharField(max_length=32),
        ),
    ]
--- a/mfa/migrations/0004_user_keys_enabled.py
+++ b/mfa/migrations/0004_user_keys_enabled.py
@@ -5,14 +5,15 @@ from django.db import models, migrations
 class Migration(migrations.Migration):
    dependencies = [
-        ("mfa", "0003_auto_20181114_2159"),
+        ('mfa', '0003_auto_20181114_2159'),
    ]
    operations = [
        migrations.AddField(
-            model_name="user_keys",
+            model_name='user_keys',
-            name="enabled",
+            name='enabled',
            field=models.BooleanField(default=True),
        ),
    ]
--- a/mfa/migrations/0005_auto_20181115_2014.py
+++ b/mfa/migrations/0005_auto_20181115_2014.py
@@ -2,39 +2,36 @@
 from __future__ import unicode_literals
 from django.db import models, migrations
 try:
    from django.db.models import JSONField
 except ImportError:
    try:
-        from jsonfield.fields import JSONField  # pyre-ignore[21]
+        from jsonfield.fields import JSONField
    except ImportError:
-        raise ImportError(
+        raise ImportError("Can't find a JSONField implementation, please install jsonfield if django < 4.0")
-            "Can't find a JSONField implementation, please install jsonfield if django < 4.0"
+
        )
 def modify_json(apps, schema_editor):
    from django.conf import settings
    if "mysql" in settings.DATABASES.get("default", {}).get("engine", ""):
        migrations.RunSQL("alter table mfa_user_keys modify column properties json;")
 class Migration(migrations.Migration):
    dependencies = [
-        ("mfa", "0004_user_keys_enabled"),
+        ('mfa', '0004_user_keys_enabled'),
    ]
    operations = [
        migrations.RemoveField(
-            model_name="user_keys",
+            model_name='user_keys',
-            name="secret_key",
+            name='secret_key',
        ),
        migrations.AddField(
-            model_name="user_keys",
+            model_name='user_keys',
-            name="properties",
+            name='properties',
            field=JSONField(null=True),
        ),
-        migrations.RunPython(modify_json),
+        migrations.RunPython(modify_json)
    ]
--- a/mfa/migrations/0006_trusted_devices.py
+++ b/mfa/migrations/0006_trusted_devices.py
@@ -5,30 +5,23 @@ from django.db import models, migrations
 class Migration(migrations.Migration):
    dependencies = [
-        ("mfa", "0005_auto_20181115_2014"),
+        ('mfa', '0005_auto_20181115_2014'),
    ]
    operations = [
        migrations.CreateModel(
-            name="Trusted_Devices",
+            name='Trusted_Devices',
            fields=[
-                (
+                ('id', models.AutoField(verbose_name='ID', serialize=False, auto_created=True, primary_key=True)),
-                    "id",
+                ('signature', models.CharField(max_length=255)),
-                    models.AutoField(
+                ('key', models.CharField(max_length=6)),
-                        verbose_name="ID",
+                ('username', models.CharField(max_length=50)),
-                        serialize=False,
+                ('user_agent', models.CharField(max_length=255)),
-                        auto_created=True,
+                ('status', models.CharField(default=b'adding', max_length=255)),
-                        primary_key=True,
+                ('added_on', models.DateTimeField(auto_now_add=True)),
-                    ),
+                ('last_used', models.DateTimeField(default=None, null=True)),
                ),
                ("signature", models.CharField(max_length=255)),
                ("key", models.CharField(max_length=6)),
                ("username", models.CharField(max_length=50)),
                ("user_agent", models.CharField(max_length=255)),
                ("status", models.CharField(default=b"adding", max_length=255)),
                ("added_on", models.DateTimeField(auto_now_add=True)),
                ("last_used", models.DateTimeField(default=None, null=True)),
            ],
        ),
    ]
--- a/mfa/migrations/0007_auto_20181230_1549.py
+++ b/mfa/migrations/0007_auto_20181230_1549.py
@@ -5,17 +5,18 @@ from django.db import models, migrations
 class Migration(migrations.Migration):
    dependencies = [
-        ("mfa", "0006_trusted_devices"),
+        ('mfa', '0006_trusted_devices'),
    ]
    operations = [
        migrations.DeleteModel(
-            name="Trusted_Devices",
+            name='Trusted_Devices',
        ),
        migrations.AddField(
-            model_name="user_keys",
+            model_name='user_keys',
-            name="expires",
+            name='expires',
            field=models.DateTimeField(default=None, null=True, blank=True),
        ),
    ]
--- a/mfa/migrations/0008_user_keys_last_used.py
+++ b/mfa/migrations/0008_user_keys_last_used.py
@@ -5,14 +5,15 @@ from django.db import models, migrations
 class Migration(migrations.Migration):
    dependencies = [
-        ("mfa", "0007_auto_20181230_1549"),
+        ('mfa', '0007_auto_20181230_1549'),
    ]
    operations = [
        migrations.AddField(
-            model_name="user_keys",
+            model_name='user_keys',
-            name="last_used",
+            name='last_used',
            field=models.DateTimeField(default=None, null=True, blank=True),
        ),
    ]
--- a/mfa/migrations/0009_user_keys_owned_by_enterprise.py
+++ b/mfa/migrations/0009_user_keys_owned_by_enterprise.py
@@ -6,22 +6,21 @@ from django.conf import settings
 def update_owned_by_enterprise(apps, schema_editor):
-    user_keys = apps.get_model("mfa", "user_keys")
+    user_keys = apps.get_model('mfa', 'user_keys')
-    user_keys.objects.filter(key_type="FIDO2").update(
+    user_keys.objects.filter(key_type='FIDO2').update(owned_by_enterprise=getattr(settings,"MFA_OWNED_BY_ENTERPRISE",False))
        owned_by_enterprise=getattr(settings, "MFA_OWNED_BY_ENTERPRISE", False)
    )
 class Migration(migrations.Migration):
    dependencies = [
-        ("mfa", "0008_user_keys_last_used"),
+        ('mfa', '0008_user_keys_last_used'),
    ]
    operations = [
        migrations.AddField(
-            model_name="user_keys",
+            model_name='user_keys',
-            name="owned_by_enterprise",
+            name='owned_by_enterprise',
            field=models.NullBooleanField(default=None),
        ),
-        migrations.RunPython(update_owned_by_enterprise),
+        migrations.RunPython(update_owned_by_enterprise)
    ]
--- a/mfa/migrations/0010_auto_20201110_0557.py
+++ b/mfa/migrations/0010_auto_20201110_0557.py
@@ -4,14 +4,15 @@ from django.db import migrations, models
 class Migration(migrations.Migration):
    dependencies = [
-        ("mfa", "0009_user_keys_owned_by_enterprise"),
+        ('mfa', '0009_user_keys_owned_by_enterprise'),
    ]
    operations = [
        migrations.AlterField(
-            model_name="user_keys",
+            model_name='user_keys',
-            name="key_type",
+            name='key_type',
-            field=models.CharField(default="TOTP", max_length=25),
+            field=models.CharField(default='TOTP', max_length=25),
        ),
    ]
--- a/mfa/migrations/0011_auto_20210530_0622.py
+++ b/mfa/migrations/0011_auto_20210530_0622.py
@@ -4,14 +4,15 @@ from django.db import migrations, models
 class Migration(migrations.Migration):
    dependencies = [
-        ("mfa", "0010_auto_20201110_0557"),
+        ('mfa', '0010_auto_20201110_0557'),
    ]
    operations = [
        migrations.AlterField(
-            model_name="user_keys",
+            model_name='user_keys',
-            name="owned_by_enterprise",
+            name='owned_by_enterprise',
            field=models.BooleanField(blank=True, default=None, null=True),
        ),
    ]
--- a/mfa/models.py
+++ b/mfa/models.py
@@ -1,52 +1,39 @@
 from django.db import models
 try:
    from django.db.models import JSONField
 except ModuleNotFoundError:
    try:
-        from jsonfield import JSONField  # pyre-ignore[21]
+        from jsonfield import JSONField
-    except ModuleNotFoundError as exc:
+    except ModuleNotFoundError:
-        raise ModuleNotFoundError(
+        raise ModuleNotFoundError("Can't find a JSONField implementation, please install jsonfield if django < 4.0")
            "Can't find a JSONField implementation, please install jsonfield if django < 4.0"
        )
 from jose import jwt
 from django.conf import settings
 #from jsonLookup import shasLookup, hasLookup
 # JSONField.register_lookup(shasLookup)
 # JSONField.register_lookup(hasLookup)
 class User_Keys(models.Model):
-    username = models.CharField(max_length=50)
+    username=models.CharField(max_length = 50)
-    properties = JSONField(null=True)
+    properties=JSONField(null = True)
-    added_on = models.DateTimeField(auto_now_add=True)
+    added_on=models.DateTimeField(auto_now_add = True)
-    key_type = models.CharField(max_length=25, default="TOTP")
+    key_type=models.CharField(max_length = 25,default = "TOTP")
-    enabled = models.BooleanField(default=True)
+    enabled=models.BooleanField(default=True)
-    expires = models.DateTimeField(null=True, default=None, blank=True)
+    expires=models.DateTimeField(null=True,default=None,blank=True)
-    last_used = models.DateTimeField(null=True, default=None, blank=True)
+    last_used=models.DateTimeField(null=True,default=None,blank=True)
-    owned_by_enterprise = models.BooleanField(default=None, null=True, blank=True)
+    owned_by_enterprise=models.BooleanField(default=None,null=True,blank=True)
-    def save(
+    def save(self, force_insert=False, force_update=False, using=None, update_fields=None):
-        self, force_insert=False, force_update=False, using=None, update_fields=None
+        if self.key_type == "Trusted Device" and self.properties.get("signature","") == "":
-    ):
+            self.properties["signature"]= jwt.encode({"username": self.username, "key": self.properties["key"]}, settings.SECRET_KEY)
-        if (
+        super(User_Keys, self).save(force_insert=force_insert, force_update=force_update, using=using, update_fields=update_fields)
            self.key_type == "Trusted Device"
            and self.properties.get("signature", "") == ""
        ):
            self.properties["signature"] = jwt.encode(
                {"username": self.username, "key": self.properties["key"]},
                settings.SECRET_KEY,
            )
        super(User_Keys, self).save(
            force_insert=force_insert,
            force_update=force_update,
            using=using,
            update_fields=update_fields,
        )
    def __unicode__(self):
-        return "%s -- %s" % (self.username, self.key_type)
+        return "%s -- %s"%(self.username,self.key_type)
    def __str__(self):
        return self.__unicode__()
    class Meta:
-        app_label = "mfa"
+        app_label='mfa'
--- a/mfa/recovery.py
+++ b/mfa/recovery.py
@@ -3,145 +3,115 @@ from django.views.decorators.cache import never_cache
 from django.template.context_processors import csrf
 from django.contrib.auth.hashers import make_password, PBKDF2PasswordHasher
 from django.http import HttpResponse
 from django.conf import settings
 from .Common import get_redirect_url
-from .models import User_Keys
+from .models import *
 import simplejson
 import random
 import string
 import datetime
 from django.utils import timezone
 USER_FRIENDLY_NAME = "Recovery Codes"
 class Hash(PBKDF2PasswordHasher):
-    algorithm = "pbkdf2_sha256_custom"
+    algorithm = 'pbkdf2_sha256_custom'
-    iterations = getattr(settings, "RECOVERY_ITERATION", 1)
+    iterations = getattr(settings,"RECOVERY_ITERATION",1)
 def delTokens(request):
-    # Only when all MFA have been deactivated, or to generate new !
+    #Only when all MFA have been deactivated, or to generate new !
-    # We iterate only to clean if any error happend and multiple entry of RECOVERY created for one user
+    #We iterate only to clean if any error happend and multiple entry of RECOVERY created for one user
-    for key in User_Keys.objects.filter(
+    for key in User_Keys.objects.filter(username=request.user.username, key_type = "RECOVERY"):
        username=request.user.username, key_type="RECOVERY"
    ):
        if key.username == request.user.username:
            key.delete()
 def randomGen(n):
-    return "".join(
+    return ''.join(random.choice(string.ascii_uppercase + string.ascii_lowercase + string.digits) for _ in range(n))
        random.choice(string.ascii_uppercase + string.ascii_lowercase + string.digits)
        for _ in range(n)
    )
@never_cache
 def genTokens(request):
-    # Delete old ones
+    #Delete old ones
    delTokens(request)
-    # Then generate new one
+    #Then generate new one
    salt = randomGen(15)
    hashedKeys = []
    clearKeys = []
    for i in range(5):
-        token = randomGen(5) + "-" + randomGen(5)
+            token = randomGen(5) + "-" + randomGen(5)
-        hashedToken = make_password(token, salt, "pbkdf2_sha256_custom")
+            hashedToken = make_password(token, salt, 'pbkdf2_sha256_custom')
-        hashedKeys.append(hashedToken)
+            hashedKeys.append(hashedToken)
-        clearKeys.append(token)
+            clearKeys.append(token)
-    uk = User_Keys()
+    uk=User_Keys()
    uk.username = request.user.username
-    uk.properties = {"secret_keys": hashedKeys, "salt": salt}
+    uk.properties={"secret_keys":hashedKeys, "salt":salt}
-    uk.key_type = "RECOVERY"
+    uk.key_type="RECOVERY"
    uk.enabled = True
    uk.save()
-    return HttpResponse(simplejson.dumps({"keys": clearKeys}))
+    return HttpResponse(simplejson.dumps({"keys":clearKeys}))
 def verify_login(request, username, token):
-    for key in User_Keys.objects.filter(username=username, key_type="RECOVERY"):
+    for key in User_Keys.objects.filter(username=username, key_type = "RECOVERY"):
        secret_keys = key.properties["secret_keys"]
        salt = key.properties["salt"]
        hashedToken = make_password(token, salt, "pbkdf2_sha256_custom")
-        for i, token in enumerate(secret_keys):
+        for i,token in enumerate(secret_keys):
            if hashedToken == token:
                secret_keys.pop(i)
                key.properties["secret_keys"] = secret_keys
-                key.last_used = timezone.now()
+                key.last_used= timezone.now()
                key.save()
                return [True, key.id, len(secret_keys) == 0]
    return [False]
 def getTokenLeft(request):
-    uk = User_Keys.objects.filter(username=request.user.username, key_type="RECOVERY")
+    uk = User_Keys.objects.filter(username=request.user.username, key_type = "RECOVERY")
-    keyLeft = 0
+    keyLeft=0
    for key in uk:
        keyLeft += len(key.properties["secret_keys"])
-    return HttpResponse(simplejson.dumps({"left": keyLeft}))
+    return HttpResponse(simplejson.dumps({"left":keyLeft}))
 def recheck(request):
    context = csrf(request)
-    context["mode"] = "recheck"
+    context["mode"]="recheck"
    if request.method == "POST":
-        if verify_login(request, request.user.username, token=request.POST["recovery"])[
+        if verify_login(request,request.user.username, token=request.POST["recovery"])[0]:
            0
        ]:
            import time
            request.session["mfa"]["rechecked_at"] = time.time()
-            return HttpResponse(
+            return HttpResponse(simplejson.dumps({"recheck": True}), content_type="application/json")
                simplejson.dumps({"recheck": True}), content_type="application/json"
            )
        else:
-            return HttpResponse(
+            return HttpResponse(simplejson.dumps({"recheck": False}), content_type="application/json")
-                simplejson.dumps({"recheck": False}), content_type="application/json"
+    return render(request,"RECOVERY/recheck.html", context)
            )
    return render(request, "RECOVERY/recheck.html", context)
@never_cache
 def auth(request):
    from .views import login
-
+    context=csrf(request)
-    context = csrf(request)
+    if request.method=="POST":
    if request.method == "POST":
        tokenLength = len(request.POST["recovery"])
        if tokenLength == 11 and "RECOVERY" not in settings.MFA_UNALLOWED_METHODS:
-            # Backup code check
+            #Backup code check
-            resBackup = verify_login(
+            resBackup=verify_login(request, request.session["base_username"], token=request.POST["recovery"])
                request,
                request.session["base_username"],
                token=request.POST["recovery"],
            )
            if resBackup[0]:
-                mfa = {
+                mfa = {"verified": True, "method": "RECOVERY","id":resBackup[1], "lastBackup":resBackup[2]}
                    "verified": True,
                    "method": "RECOVERY",
                    "id": resBackup[1],
                    "lastBackup": resBackup[2],
                }
                # if getattr(settings, "MFA_RECHECK", False):
                #     mfa["next_check"] = datetime.datetime.timestamp((datetime.datetime.now()
                #                             + datetime.timedelta(
                #                 seconds=random.randint(settings.MFA_RECHECK_MIN, settings.MFA_RECHECK_MAX))))
                request.session["mfa"] = mfa
                if resBackup[2]:
-                    # If the last bakup code has just been used, we return a response insead of redirecting to login
+                    #If the last bakup code has just been used, we return a response insead of redirecting to login
                    context["lastBackup"] = True
-                    return render(request, "RECOVERY/Auth.html", context)
+                    return render(request,"RECOVERY/Auth.html", context)                
                return login(request)
-        context["invalid"] = True
+        context["invalid"]=True
-    elif request.method == "GET":
+    elif request.method=="GET":
        mfa = request.session.get("mfa")
        if mfa and mfa["verified"] and mfa["lastBackup"]:
            return login(request)
-    return render(request, "RECOVERY/Auth.html", context)
+    return render(request,"RECOVERY/Auth.html", context)
@never_cache
 def start(request):
@@ -149,4 +119,4 @@ def start(request):
    context = get_redirect_url()
    if "mfa_reg" in request.session:
        context["mfa_redirect"] = request.session["mfa_reg"]["name"]
-    return render(request, "RECOVERY/Add.html", context)
+    return render(request,"RECOVERY/Add.html",context)
--- a/mfa/static/mfa/js/bootstrap-toggle.min.js.map
+++ b/mfa/static/mfa/js/bootstrap-toggle.min.js.map
@@ -1 +0,0 @@
 {"version":3,"file":"bootstrap-toggle.min.js","sources":["bootstrap-toggle.js"],"names":["$","Plugin","option","this","each","$this","data","options","Toggle","element","$element","extend","defaults","render","VERSION","DEFAULTS","on","off","onstyle","offstyle","size","style","width","height","prototype","attr","_onstyle","_offstyle","$toggleOn","html","addClass","$toggleOff","$toggleHandle","$toggleGroup","append","$toggle","prop","wrap","parent","Math","max","outerWidth","outerHeight","css","update","trigger","toggle","silent","removeClass","enable","removeAttr","disable","change","proxy","destroy","remove","removeData","unwrap","old","fn","bootstrapToggle","Constructor","noConflict","document","e","$checkbox","find","preventDefault","jQuery"],"mappings":";;;;;;;CASE,SAAUA,GACV,YAoID,SAASC,GAAOC,GACf,MAAOC,MAAKC,KAAK,WAChB,GAAIC,GAAUL,EAAEG,MACZG,EAAUD,EAAMC,KAAK,aACrBC,EAA2B,gBAAVL,IAAsBA,CAEtCI,IAAMD,EAAMC,KAAK,YAAcA,EAAO,GAAIE,GAAOL,KAAMI,IACvC,gBAAVL,IAAsBI,EAAKJ,IAASI,EAAKJ,OAtItD,GAAIM,GAAS,SAAUC,EAASF,GAC/BJ,KAAKO,SAAYV,EAAES,GACnBN,KAAKI,QAAYP,EAAEW,UAAWR,KAAKS,WAAYL,GAC/CJ,KAAKU,SAGNL,GAAOM,QAAW,QAElBN,EAAOO,UACNC,GAAI,KACJC,IAAK,MACLC,QAAS,UACTC,SAAU,UACVC,KAAM,SACNC,MAAO,GACPC,MAAO,KACPC,OAAQ,MAGTf,EAAOgB,UAAUZ,SAAW,WAC3B,OACCI,GAAIb,KAAKO,SAASe,KAAK,YAAcjB,EAAOO,SAASC,GACrDC,IAAKd,KAAKO,SAASe,KAAK,aAAejB,EAAOO,SAASE,IACvDC,QAASf,KAAKO,SAASe,KAAK,iBAAmBjB,EAAOO,SAASG,QAC/DC,SAAUhB,KAAKO,SAASe,KAAK,kBAAoBjB,EAAOO,SAASI,SACjEC,KAAMjB,KAAKO,SAASe,KAAK,cAAgBjB,EAAOO,SAASK,KACzDC,MAAOlB,KAAKO,SAASe,KAAK,eAAiBjB,EAAOO,SAASM,MAC3DC,MAAOnB,KAAKO,SAASe,KAAK,eAAiBjB,EAAOO,SAASO,MAC3DC,OAAQpB,KAAKO,SAASe,KAAK,gBAAkBjB,EAAOO,SAASQ,SAI/Df,EAAOgB,UAAUX,OAAS,WACzBV,KAAKuB,SAAW,OAASvB,KAAKI,QAAQW,QACtCf,KAAKwB,UAAY,OAASxB,KAAKI,QAAQY,QACvC,IAAIC,GAA6B,UAAtBjB,KAAKI,QAAQa,KAAmB,SAClB,UAAtBjB,KAAKI,QAAQa,KAAmB,SACV,SAAtBjB,KAAKI,QAAQa,KAAkB,SAC/B,GACCQ,EAAY5B,EAAE,uBAAuB6B,KAAK1B,KAAKI,QAAQS,IACzDc,SAAS3B,KAAKuB,SAAW,IAAMN,GAC7BW,EAAa/B,EAAE,uBAAuB6B,KAAK1B,KAAKI,QAAQU,KAC1Da,SAAS3B,KAAKwB,UAAY,IAAMP,EAAO,WACrCY,EAAgBhC,EAAE,gDACpB8B,SAASV,GACPa,EAAejC,EAAE,8BACnBkC,OAAON,EAAWG,EAAYC,GAC5BG,EAAUnC,EAAE,iDACd8B,SAAU3B,KAAKO,SAAS0B,KAAK,WAAajC,KAAKuB,SAAWvB,KAAKwB,UAAU,QACzEG,SAASV,GAAMU,SAAS3B,KAAKI,QAAQc,MAEvClB,MAAKO,SAAS2B,KAAKF,GACnBnC,EAAEW,OAAOR,MACRgC,QAAShC,KAAKO,SAAS4B,SACvBV,UAAWA,EACXG,WAAYA,EACZE,aAAcA,IAEf9B,KAAKgC,QAAQD,OAAOD,EAEpB,IAAIX,GAAQnB,KAAKI,QAAQe,OAASiB,KAAKC,IAAIZ,EAAUa,aAAcV,EAAWU,cAAeT,EAAcS,aAAa,EACpHlB,EAASpB,KAAKI,QAAQgB,QAAUgB,KAAKC,IAAIZ,EAAUc,cAAeX,EAAWW,cACjFd,GAAUE,SAAS,aACnBC,EAAWD,SAAS,cACpB3B,KAAKgC,QAAQQ,KAAMrB,MAAOA,EAAOC,OAAQA,IACrCpB,KAAKI,QAAQgB,SAChBK,EAAUe,IAAI,cAAef,EAAUL,SAAW,MAClDQ,EAAWY,IAAI,cAAeZ,EAAWR,SAAW,OAErDpB,KAAKyC,QAAO,GACZzC,KAAK0C,SAAQ,IAGdrC,EAAOgB,UAAUsB,OAAS,WACrB3C,KAAKO,SAAS0B,KAAK,WAAYjC,KAAKc,MACnCd,KAAKa,MAGXR,EAAOgB,UAAUR,GAAK,SAAU+B,GAC/B,MAAI5C,MAAKO,SAAS0B,KAAK,aAAoB,GAC3CjC,KAAKgC,QAAQa,YAAY7C,KAAKwB,UAAY,QAAQG,SAAS3B,KAAKuB,UAChEvB,KAAKO,SAAS0B,KAAK,WAAW,QACzBW,GAAQ5C,KAAK0C,aAGnBrC,EAAOgB,UAAUP,IAAM,SAAU8B,GAChC,MAAI5C,MAAKO,SAAS0B,KAAK,aAAoB,GAC3CjC,KAAKgC,QAAQa,YAAY7C,KAAKuB,UAAUI,SAAS3B,KAAKwB,UAAY,QAClExB,KAAKO,SAAS0B,KAAK,WAAW,QACzBW,GAAQ5C,KAAK0C,aAGnBrC,EAAOgB,UAAUyB,OAAS,WACzB9C,KAAKgC,QAAQe,WAAW,YACxB/C,KAAKO,SAAS0B,KAAK,YAAY,IAGhC5B,EAAOgB,UAAU2B,QAAU,WAC1BhD,KAAKgC,QAAQV,KAAK,WAAY,YAC9BtB,KAAKO,SAAS0B,KAAK,YAAY,IAGhC5B,EAAOgB,UAAUoB,OAAS,SAAUG,GAC/B5C,KAAKO,SAAS0B,KAAK,YAAajC,KAAKgD,UACpChD,KAAK8C,SACN9C,KAAKO,SAAS0B,KAAK,WAAYjC,KAAKa,GAAG+B,GACtC5C,KAAKc,IAAI8B,IAGfvC,EAAOgB,UAAUqB,QAAU,SAAUE,GACpC5C,KAAKO,SAASO,IAAI,oBACb8B,GAAQ5C,KAAKO,SAAS0C,SAC3BjD,KAAKO,SAASM,GAAG,mBAAoBhB,EAAEqD,MAAM,WAC5ClD,KAAKyC,UACHzC,QAGJK,EAAOgB,UAAU8B,QAAU,WAC1BnD,KAAKO,SAASO,IAAI,oBAClBd,KAAK8B,aAAasB,SAClBpD,KAAKO,SAAS8C,WAAW,aACzBrD,KAAKO,SAAS+C,SAiBf,IAAIC,GAAM1D,EAAE2D,GAAGC,eAEf5D,GAAE2D,GAAGC,gBAA8B3D,EACnCD,EAAE2D,GAAGC,gBAAgBC,YAAcrD,EAKnCR,EAAE2D,GAAGb,OAAOgB,WAAa,WAExB,MADA9D,GAAE2D,GAAGC,gBAAkBF,EAChBvD,MAMRH,EAAE,WACDA,EAAE,6CAA6C4D,oBAGhD5D,EAAE+D,UAAU/C,GAAG,kBAAmB,2BAA4B,SAASgD,GACtE,GAAIC,GAAYjE,EAAEG,MAAM+D,KAAK,uBAC7BD,GAAUL,gBAAgB,UAC1BI,EAAEG,oBAGFC"}
--- a/mfa/static/mfa/js/qrious.min.js.map
+++ b/mfa/static/mfa/js/qrious.min.js.map
--- a/mfa/templates/MFA.html
+++ b/mfa/templates/MFA.html
@@ -116,7 +116,7 @@
            </tr>
            {% endif %}
        {% else %}
-           <tr><td colspan="7" align="center">You didn't have any keys yet.</td> </tr>
+           <tr><td colspan="7" align="center">You don't have any keys yet.</td> </tr>
       {% endif %}
        </table>
    </div>
--- a/mfa/tests.py
+++ b/mfa/tests.py
@@ -1,3 +0,0 @@
 from django.test import TestCase
 # Create your tests here.
--- a/mfa/totp.py
+++ b/mfa/totp.py
@@ -13,115 +13,78 @@ from django.utils import timezone
 import random
-def verify_login(request, username, token):
+def verify_login(request,username,token):
-    for key in User_Keys.objects.filter(username=username, key_type="TOTP"):
+    for key in User_Keys.objects.filter(username=username,key_type = "TOTP"):
        totp = pyotp.TOTP(key.properties["secret_key"])
-        if totp.verify(token, valid_window=30):
+        if  totp.verify(token,valid_window = 30):
-            key.last_used = timezone.now()
+            key.last_used=timezone.now()
            key.save()
-            return [True, key.id]
+            return [True,key.id]
    return [False]
 def recheck(request):
    context = csrf(request)
-    context["mode"] = "recheck"
+    context["mode"]="recheck"
    if request.method == "POST":
-        if verify_login(request, request.user.username, token=request.POST["otp"])[0]:
+        if verify_login(request,request.user.username, token=request.POST["otp"])[0]:
            import time
            request.session["mfa"]["rechecked_at"] = time.time()
-            return HttpResponse(
+            return HttpResponse(simplejson.dumps({"recheck": True}), content_type="application/json")
                simplejson.dumps({"recheck": True}), content_type="application/json"
            )
        else:
-            return HttpResponse(
+            return HttpResponse(simplejson.dumps({"recheck": False}), content_type="application/json")
-                simplejson.dumps({"recheck": False}), content_type="application/json"
+    return render(request,"TOTP/recheck.html", context)
            )
    return render(request, "TOTP/recheck.html", context)
@never_cache
 def auth(request):
-    context = csrf(request)
+    context=csrf(request)
-    if request.method == "POST":
+    if request.method=="POST":
        tokenLength = len(request.POST["otp"])
        if tokenLength == 6:
-            # TOTO code check
+            #TOTO code check
-            res = verify_login(
+            res=verify_login(request,request.session["base_username"],token = request.POST["otp"])
                request, request.session["base_username"], token=request.POST["otp"]
            )
            if res[0]:
-                mfa = {"verified": True, "method": "TOTP", "id": res[1]}
+                mfa = {"verified": True, "method": "TOTP","id":res[1]}
                if getattr(settings, "MFA_RECHECK", False):
-                    mfa["next_check"] = datetime.datetime.timestamp(
+                    mfa["next_check"] = datetime.datetime.timestamp((datetime.datetime.now()
-                        (
+                                            + datetime.timedelta(
-                            datetime.datetime.now()
+                                seconds=random.randint(settings.MFA_RECHECK_MIN, settings.MFA_RECHECK_MAX))))
                            + datetime.timedelta(
                                seconds=random.randint(
                                    settings.MFA_RECHECK_MIN, settings.MFA_RECHECK_MAX
                                )
                            )
                        )
                    )
                request.session["mfa"] = mfa
                return login(request)
-        context["invalid"] = True
+        context["invalid"]=True
-    return render(request, "TOTP/Auth.html", context)
+    return render(request,"TOTP/Auth.html", context)
 def getToken(request):
-    secret_key = pyotp.random_base32()
+    secret_key=pyotp.random_base32()
    totp = pyotp.TOTP(secret_key)
-    request.session["new_mfa_answer"] = totp.now()
+    request.session["new_mfa_answer"]=totp.now()
-    return HttpResponse(
+    return HttpResponse(simplejson.dumps({"qr":pyotp.totp.TOTP(secret_key).provisioning_uri(str(request.user.username), issuer_name = settings.TOKEN_ISSUER_NAME),
-        simplejson.dumps(
+                         "secret_key": secret_key}))
            {
                "qr": pyotp.totp.TOTP(secret_key).provisioning_uri(
                    str(request.user.username), issuer_name=settings.TOKEN_ISSUER_NAME
                ),
                "secret_key": secret_key,
            }
        )
    )
 def verify(request):
-    answer = request.GET["answer"]
+    answer=request.GET["answer"]
-    secret_key = request.GET["key"]
+    secret_key=request.GET["key"]
    totp = pyotp.TOTP(secret_key)
-    if totp.verify(answer, valid_window=60):
+    if totp.verify(answer,valid_window = 60):
-        uk = User_Keys()
+        uk=User_Keys()
-        uk.username = request.user.username
+        uk.username=request.user.username
-        uk.properties = {"secret_key": secret_key}
+        uk.properties={"secret_key":secret_key}
-        # uk.name="Authenticatior #%s"%User_Keys.objects.filter(username=user.username,type="TOTP")
+        #uk.name="Authenticatior #%s"%User_Keys.objects.filter(username=user.username,type="TOTP")
-        uk.key_type = "TOTP"
+        uk.key_type="TOTP"
        uk.save()
-        if (
+        if getattr(settings, 'MFA_ENFORCE_RECOVERY_METHOD', False) and not User_Keys.objects.filter(key_type="RECOVERY",
-            getattr(settings, "MFA_ENFORCE_RECOVERY_METHOD", False)
+                                                                                                    username=request.user.username).exists():
-            and not User_Keys.objects.filter(
+            request.session["mfa_reg"] = {"method": "TOTP",
-                key_type="RECOVERY", username=request.user.username
+                                          "name": getattr(settings, "MFA_RENAME_METHODS", {}).get("TOTP", "TOTP")}
            ).exists()
        ):
            request.session["mfa_reg"] = {
                "method": "TOTP",
                "name": getattr(settings, "MFA_RENAME_METHODS", {}).get("TOTP", "TOTP"),
            }
            return HttpResponse("RECOVERY")
        else:
            return HttpResponse("Success")
-    else:
+    else: return HttpResponse("Error")
        return HttpResponse("Error")
@never_cache
 def start(request):
    """Start Adding Time One Time Password (TOTP)"""
    context = get_redirect_url()
-    context["RECOVERY_METHOD"] = getattr(settings, "MFA_RENAME_METHODS", {}).get(
+    context["RECOVERY_METHOD"] = getattr(settings, "MFA_RENAME_METHODS", {}).get("RECOVERY", "Recovery codes")
-        "RECOVERY", "Recovery codes"
+    context["method"] = {"name":getattr(settings,"MFA_RENAME_METHODS",{}).get("TOTP","Authenticator")}
-    )
+    return render(request,"TOTP/Add.html",context)
    context["method"] = {
        "name": getattr(settings, "MFA_RENAME_METHODS", {}).get("TOTP", "Authenticator")
    }
    return render(request, "TOTP/Add.html", context)
--- a/mfa/urls.py
+++ b/mfa/urls.py
@@ -1,55 +1,56 @@
-from . import views, totp, U2F, TrustedDevice, helpers, FIDO2, Email, recovery
+from . import views,totp,U2F,TrustedDevice,helpers,FIDO2,Email,recovery
-
+#app_name='mfa'
 # app_name='mfa'
 try:
-    from django.urls import re_path as url
+    from django.urls import  re_path as url
-except ImportError:
+except:
-    from django.conf.urls import url  # pyre-ignore[21]
+     from django.conf.urls import  url
 urlpatterns = [
-    url(r"totp/start/", totp.start, name="start_new_otop"),
+    url(r'totp/start/', totp.start , name="start_new_otop"),
-    url(r"totp/getToken", totp.getToken, name="get_new_otop"),
+    url(r'totp/getToken', totp.getToken , name="get_new_otop"),
-    url(r"totp/verify", totp.verify, name="verify_otop"),
+    url(r'totp/verify', totp.verify, name="verify_otop"),
-    url(r"totp/auth", totp.auth, name="totp_auth"),
+    url(r'totp/auth', totp.auth, name="totp_auth"),
-    url(r"totp/recheck", totp.recheck, name="totp_recheck"),
+    url(r'totp/recheck', totp.recheck, name="totp_recheck"),
-    url(r"recovery/start", recovery.start, name="manage_recovery_codes"),
+
-    url(
+    url(r'recovery/start', recovery.start, name="manage_recovery_codes"),
-        r"recovery/getTokenLeft", recovery.getTokenLeft, name="get_recovery_token_left"
+    url(r'recovery/getTokenLeft', recovery.getTokenLeft, name="get_recovery_token_left"),
-    ),
+    url(r'recovery/genTokens', recovery.genTokens, name="regen_recovery_tokens"),
-    url(r"recovery/genTokens", recovery.genTokens, name="regen_recovery_tokens"),
+    url(r'recovery/auth', recovery.auth, name="recovery_auth"),
-    url(r"recovery/auth", recovery.auth, name="recovery_auth"),
+    url(r'recovery/recheck', recovery.recheck, name="recovery_recheck"),
-    url(r"recovery/recheck", recovery.recheck, name="recovery_recheck"),
+
-    url(r"email/start/", Email.start, name="start_email"),
+    url(r'email/start/', Email.start , name="start_email"),
-    url(r"email/auth/", Email.auth, name="email_auth"),
+    url(r'email/auth/', Email.auth , name="email_auth"),
-    url(r"u2f/$", U2F.start, name="start_u2f"),
+
-    url(r"u2f/bind", U2F.bind, name="bind_u2f"),
+    url(r'u2f/$', U2F.start, name="start_u2f"),
-    url(r"u2f/auth", U2F.auth, name="u2f_auth"),
+    url(r'u2f/bind', U2F.bind, name="bind_u2f"),
-    url(r"u2f/process_recheck", U2F.process_recheck, name="u2f_recheck"),
+    url(r'u2f/auth', U2F.auth, name="u2f_auth"),
-    url(r"u2f/verify", U2F.verify, name="u2f_verify"),
+    url(r'u2f/process_recheck', U2F.process_recheck, name="u2f_recheck"),
-    url(r"fido2/$", FIDO2.start, name="start_fido2"),
+    url(r'u2f/verify', U2F.verify, name="u2f_verify"),
-    url(r"fido2/auth", FIDO2.auth, name="fido2_auth"),
+
-    url(r"fido2/begin_auth", FIDO2.authenticate_begin, name="fido2_begin_auth"),
+    url(r'fido2/$', FIDO2.start, name="start_fido2"),
-    url(
+    url(r'fido2/auth', FIDO2.auth, name="fido2_auth"),
-        r"fido2/complete_auth", FIDO2.authenticate_complete, name="fido2_complete_auth"
+    url(r'fido2/begin_auth', FIDO2.authenticate_begin, name="fido2_begin_auth"),
-    ),
+    url(r'fido2/complete_auth', FIDO2.authenticate_complete, name="fido2_complete_auth"),
-    url(r"fido2/begin_reg", FIDO2.begin_registeration, name="fido2_begin_reg"),
+    url(r'fido2/begin_reg', FIDO2.begin_registeration, name="fido2_begin_reg"),
-    url(r"fido2/complete_reg", FIDO2.complete_reg, name="fido2_complete_reg"),
+    url(r'fido2/complete_reg', FIDO2.complete_reg, name="fido2_complete_reg"),
-    url(r"fido2/recheck", FIDO2.recheck, name="fido2_recheck"),
+    url(r'fido2/recheck', FIDO2.recheck, name="fido2_recheck"),
-    url(r"td/$", TrustedDevice.start, name="start_td"),
+
-    url(r"td/add", TrustedDevice.add, name="add_td"),
+
-    url(r"td/send_link", TrustedDevice.send_email, name="td_sendemail"),
+    url(r'td/$', TrustedDevice.start, name="start_td"),
-    url(r"td/get-ua", TrustedDevice.getUserAgent, name="td_get_useragent"),
+    url(r'td/add', TrustedDevice.add, name="add_td"),
-    url(r"td/trust", TrustedDevice.trust_device, name="td_trust_device"),
+    url(r'td/send_link', TrustedDevice.send_email, name="td_sendemail"),
-    url(r"u2f/checkTrusted", TrustedDevice.checkTrusted, name="td_checkTrusted"),
+    url(r'td/get-ua', TrustedDevice.getUserAgent, name="td_get_useragent"),
-    url(r"u2f/secure_device", TrustedDevice.getCookie, name="td_securedevice"),
+    url(r'td/trust', TrustedDevice.trust_device, name="td_trust_device"),
-    url(r"^$", views.index, name="mfa_home"),
+    url(r'u2f/checkTrusted', TrustedDevice.checkTrusted, name="td_checkTrusted"),
-    url(r"goto/(.*)", views.goto, name="mfa_goto"),
+    url(r'u2f/secure_device', TrustedDevice.getCookie, name="td_securedevice"),
-    url(r"selct_method", views.show_methods, name="mfa_methods_list"),
+
-    url(r"recheck", helpers.recheck, name="mfa_recheck"),
+    url(r'^$', views.index, name="mfa_home"),
-    url(r"toggleKey", views.toggleKey, name="toggle_key"),
+    url(r'goto/(.*)', views.goto, name="mfa_goto"),
-    url(r"delete", views.delKey, name="mfa_delKey"),
+    url(r'selct_method', views.show_methods, name="mfa_methods_list"),
-    url(r"reset", views.reset_cookie, name="mfa_reset_cookie"),
+    url(r'recheck', helpers.recheck, name="mfa_recheck"),
-]
+    url(r'toggleKey', views.toggleKey, name="toggle_key"),
-# print(urlpatterns)
+    url(r'delete', views.delKey, name="mfa_delKey"),
    url(r'reset', views.reset_cookie, name="mfa_reset_cookie"),
            ]
 # print(urlpatterns)
--- a/mfa/views.py
+++ b/mfa/views.py
@@ -1,121 +1,102 @@
 import importlib
 from django.shortcuts import render
-from django.http import HttpResponse, HttpResponseRedirect
+from django.http import HttpResponse,HttpResponseRedirect
-
+from .models import *
 try:
    from django.urls import reverse
 except:
-    from django.core.urlresolvers import reverse  # pyre-ignore[21]
+    from django.core.urlresolvers import reverse
-from django.contrib.auth.decorators import login_required
+from django.template.context_processors import csrf
-from user_agents import parse
+from django.template.context import RequestContext
 from django.conf import settings
 from . import TrustedDevice
-from .models import User_Keys
+from django.contrib.auth.decorators import login_required
-
+from user_agents import parse
@login_required
 def index(request):
-    keys = []
+    keys=[]
-    context = {
+    context={"keys":User_Keys.objects.filter(username=request.user.username),"UNALLOWED_AUTHEN_METHODS":settings.MFA_UNALLOWED_METHODS
-        "keys": User_Keys.objects.filter(username=request.user.username),
+             ,"HIDE_DISABLE":getattr(settings,"MFA_HIDE_DISABLE",[]),'RENAME_METHODS':getattr(settings,'MFA_RENAME_METHODS',{})}
        "UNALLOWED_AUTHEN_METHODS": settings.MFA_UNALLOWED_METHODS,
        "HIDE_DISABLE": getattr(settings, "MFA_HIDE_DISABLE", []),
        "RENAME_METHODS": getattr(settings, "MFA_RENAME_METHODS", {}),
    }
    for k in context["keys"]:
-        k.name = getattr(settings, "MFA_RENAME_METHODS", {}).get(k.key_type, k.key_type)
+        k.name = getattr(settings,'MFA_RENAME_METHODS',{}).get(k.key_type,k.key_type)
-        if k.key_type == "Trusted Device":
+        if k.key_type =="Trusted Device":
-            setattr(k, "device", parse(k.properties.get("user_agent", "-----")))
+            setattr(k,"device",parse(k.properties.get("user_agent","-----")))
        elif k.key_type == "FIDO2":
-            setattr(k, "device", k.properties.get("type", "----"))
+            setattr(k,"device",k.properties.get("type","----"))
        elif k.key_type == "RECOVERY":
            context["recovery"] = k
            continue
        keys.append(k)
-    context["keys"] = keys
+    context["keys"]=keys
-    return render(request, "MFA.html", context)
+    return render(request,"MFA.html",context)
-
+def verify(request,username):
 def verify(request, username):
    request.session["base_username"] = username
-    # request.session["base_password"] = password
+    #request.session["base_password"] = password
-    keys = User_Keys.objects.filter(username=username, enabled=1)
+    keys=User_Keys.objects.filter(username=username,enabled=1)
-    methods = list(set([k.key_type for k in keys]))
+    methods=list(set([k.key_type for k in keys]))
-    if "Trusted Device" in methods and not request.session.get(
+    if "Trusted Device" in methods and not request.session.get("checked_trusted_device",False):
        "checked_trusted_device", False
    ):
        if TrustedDevice.verify(request):
            return login(request)
        methods.remove("Trusted Device")
    request.session["mfa_methods"] = methods
-    if len(methods) == 1:
+    if len(methods)==1:
-        return HttpResponseRedirect(reverse(methods[0].lower() + "_auth"))
+        return HttpResponseRedirect(reverse(methods[0].lower()+"_auth"))
-    if getattr(settings, "MFA_ALWAYS_GO_TO_LAST_METHOD", False):
+    if getattr(settings,"MFA_ALWAYS_GO_TO_LAST_METHOD",False):
        keys = keys.exclude(last_used__isnull=True).order_by("last_used")
-        if keys.count() > 0:
+        if keys.count()>0:
            return HttpResponseRedirect(reverse(keys[0].key_type.lower() + "_auth"))
    return show_methods(request)
 def show_methods(request):
-    return render(
+    return render(request,"select_mfa_method.html", {'RENAME_METHODS':getattr(settings,'MFA_RENAME_METHODS',{})})
        request,
        "select_mfa_method.html",
        {"RENAME_METHODS": getattr(settings, "MFA_RENAME_METHODS", {})},
    )
 def reset_cookie(request):
-    response = HttpResponseRedirect(settings.LOGIN_URL)
+    response=HttpResponseRedirect(settings.LOGIN_URL)
    response.delete_cookie("base_username")
    return response
 def login(request):
    from django.contrib import auth
    from django.conf import settings
    callable_func = __get_callable_function__(settings.MFA_LOGIN_CALLBACK)
-    return callable_func(request, username=request.session["base_username"])
+    return callable_func(request,username=request.session["base_username"])
@login_required
 def delKey(request):
-    key = User_Keys.objects.get(id=request.GET["id"])
+    key=User_Keys.objects.get(id=request.GET["id"])
    if key.username == request.user.username:
        key.delete()
        return HttpResponse("Deleted Successfully")
    else:
        return HttpResponse("Error: You own this token so you can't delete it")
 def __get_callable_function__(func_path):
    import importlib
-
+    if not '.' in func_path:
    if not "." in func_path:
        raise Exception("class Name should include modulename.classname")
    parsed_str = func_path.split(".")
-    module_name, func_name = ".".join(parsed_str[:-1]), parsed_str[-1]
+    module_name , func_name = ".".join(parsed_str[:-1]) , parsed_str[-1]
    imported_module = importlib.import_module(module_name)
-    callable_func = getattr(imported_module, func_name)
+    callable_func = getattr(imported_module,func_name)
    if not callable_func:
        raise Exception("Module does not have requested function")
    return callable_func
@login_required
 def toggleKey(request):
-    id = request.GET["id"]
+    id=request.GET["id"]
-    q = User_Keys.objects.filter(username=request.user.username, id=id)
+    q=User_Keys.objects.filter(username=request.user.username, id=id)
-    if q.count() == 1:
+    if q.count()==1:
-        key = q[0]
+        key=q[0]
        if not key.key_type in settings.MFA_HIDE_DISABLE:
-            key.enabled = not key.enabled
+            key.enabled=not key.enabled
            key.save()
            return HttpResponse("OK")
        else:
@@ -123,6 +104,5 @@ def toggleKey(request):
    else:
        return HttpResponse("Error")
-
+def goto(request,method):
-def goto(request, method):
+    return HttpResponseRedirect(reverse(method.lower()+"_auth"))
    return HttpResponseRedirect(reverse(method.lower() + "_auth"))
--- a/pytest.ini
+++ b/pytest.ini
@@ -0,0 +1,109 @@
 [pytest]
 # Searching
 python_files = test_*
 python_classes = Tests*
 python_functions = test_*
 env_files =
  .env
 # do not search for tests in these folders
 norecursedirs = .vscode .tox docs example img mfa venv .coverage django_mfa2.egg-info
 # Add folder to PYTHONPATH
 # requires pytest >= 7.0.0
 pythonpath = .
 # https://pytest-django.readthedocs.io/en/latest/usage.html
 DJANGO_SETTINGS_MODULE = tests.settings
 # do not override the debug mode (True/False) set in the django settings module
 # https://pytest-django.readthedocs.io/en/latest/usage.html#additional-pytest-ini-settings
 django_debug_mode = keep
 #
 # set env variables
 # https://tech.serhatteker.com/post/2020-02/test-env-vars-in-python/
 # https://github.com/pytest-dev/pytest-env
 ; env =
    ; KEY=value
 addopts =
    # verbose
    -v
    # more verbosity
    # -vv
    # Don't show warnings
    # -p no:warnings
    # generates coverage report
    # note that enabling pytest coverage will cause debugging pytest to fail on pycharm
    # add the --no-cov to the pytest configuration on pycharm to allow for debugging pytest
    --cov=./mfa
    # surpress generating converage if one or more tests failed
    ; --no-cov-on-fail
    # do not run migrations => faster test initialization
    # --nomigrations
    # Show hypthesis statistics whereever hypothesis was used
    # ignore these tests/files when looking for tests
    #--ignore=
    # black
    # --black
    --hypothesis-show-statistics
    # Add --reuse-db if you want to speed up tests by reusing the database between test runs.
    #--reuse-db
 # Define additional pytest markers so that using them in test will not trigger warnings
 # To show the help line use: % pytest --marker
 # To run pytest on a specifc marker use: pytest -m mark
 # to run pytestt on several markers use quotation and logic operators as in:
 # pytest -m "mark1 and mark2"
 # pytest -m "mark1 or mark2"
 # pytest -m "mark1 and not mark2"
 markers =
    API: tests of server api functions whether it is exposed as REST API or otherwise
    BLACK_BOX: Black Box tests
    WHITE_BOX: White Box tests
    ENVIRONMENT: tests for the environment
    CONFIGURATION: tests related configurations
    LOGGING: tests related to logging
    UNIT: Unit tests
    INTEGRATION: Integration testing
    UTILS: tests for utilities
    FOCUS: tests under the microscope... under the spotlight... in focus
    FUNC: functional teesting
    REGRESSION: tests for fixed bugs
    DJANGO: tests related to DJANGO
    HTTP_REQUEST: tests of functions that handles HTTP REQUESTS
    HTTP_GET: tests of functions that handles HTTP_GET_REQUESTS
    HTTP_POST: tests of functions that handles HTTP_POST_REQUESTS
    AUTH: tests related to user authentication
    SQL_DB: tests related to the sql database
    CLI: tests related to flask-cli
    SERVER: tests for the server
    API_V1: API related tests
    PRIVILEGED_USER: tests for privileged users
    NON_PRIVILEGED_USER: tests for non-privileged users
    PERMISSIONS: tests related to permissions
    ANNONYMOUS_USER: tests for non-authenticated users
    AUTHENTICATED_USER: tests for authenticated users
    ENDPOINTS: tests for endpoints (API nodes)
    SERIALIZERS: tests for serializers
    VIEWS: tests for DRF viewsets
    FILTERS: tests for DRF filters
    MODELS: tests for models
    VALIDATORS: tests for validators
    ERROR_HANDLING: tests for error handling
    SECURITY: tests for security
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,11 +1,10 @@
 django >= 2.2
 jsonfield
 simplejson
 pyotp
 python-u2flib-server
 ua-parser
 user-agents
 python-jose
-fido2 == 1.1.0
+fido2==1.1.2
 jsonLookup
 raven
 pyre-check
--- a/requirements_testing.txt
+++ b/requirements_testing.txt
@@ -0,0 +1,10 @@
 tox
 pytest>=7.0.0
 pytest-xdist
 pytest-cov          # Test coverage
 pytest-dotenv       # plugin to load environment from .env file
 pytest-env          # plugin to allow passing environment variable to pytest environmentt
 pytest-mock         # plugin that provides a mocker fixture which is a thin-wrapper around the patching API provided by the mock package
 hypothesis          # plugin that helps in automatize generating random values instead of static values in pyttests
 pytest-django       # pytest support for Django
 validators          # a package containing several validator functions
--- a/setup.py
+++ b/setup.py
@@ -14,7 +14,7 @@ setup(
    url = 'https://github.com/mkalioby/django-mfa2/',
    download_url='https://github.com/mkalioby/django-mfa2/',
    license='MIT',
-    packages=find_packages(),
+    packages=find_packages(exclude=("tests",)),
    install_requires=[
        'django >= 2.0',
        'simplejson',
@@ -23,7 +23,7 @@ setup(
        'ua-parser',
        'user-agents',
        'python-jose',
-        'fido2 == 1.0.0',
+        'fido2 == 1.1.2',
      ],
    python_requires=">=3.5",
    include_package_data=True,
--- a/tests/init.py
+++ b/tests/init.py
--- a/tests/conftest.py
+++ b/tests/conftest.py
@@ -0,0 +1,19 @@
 import pytest
 # @pytest.fixture
 # def api_request(rf):
 #     request = rf.get('/url')
 #     # Modify the request object as needed (e.g., set user, add data)
 #     return request
 # @pytest.fixture
 # def create_test_model(db):
 #     def make_model(**kwargs):
 #         return MyModel.objects.create(**kwargs)
 #     return make_model
@pytest.fixture
 def authenticated_user(client, django_user_model):
    user = django_user_model.objects.create_user(username='test', password='123')
    client.login(username='test', password='123')
    return user
--- a/tests/settings.py
+++ b/tests/settings.py
@@ -0,0 +1,51 @@
 import os
 SECRET_KEY = 'fake-key-for-testing'
 INSTALLED_APPS = [
    'django.contrib.auth',
    'django.contrib.contenttypes',
    'django.contrib.sessions',    
    'mfa'
 ]
 ROOT_URLCONF="mfa.urls"
 DATABASES = {
    'default': {
        'ENGINE': 'django.db.backends.sqlite3',
        'NAME': ':memory:',
    }
 }
 MIDDLEWARE = [
    'django.middleware.security.SecurityMiddleware',
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.middleware.common.CommonMiddleware',
    'django.middleware.csrf.CsrfViewMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
    'django.middleware.clickjacking.XFrameOptionsMiddleware',
 ]
 BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
 TEMPLATES = [
    {
        'BACKEND': 'django.template.backends.django.DjangoTemplates',
        'DIRS': [
            os.path.join(BASE_DIR ,'mfa','templates' ),
            os.path.join(BASE_DIR ,'tests','templates' )
        ],
        'APP_DIRS': True,
        'OPTIONS': {
            'context_processors': [
                'django.template.context_processors.debug',
                'django.template.context_processors.request',
                'django.contrib.auth.context_processors.auth',
                'django.contrib.messages.context_processors.messages',
            ],
        },
    },
 ]
 MFA_UNALLOWED_METHODS = []
--- a/tests/templates/base.html
+++ b/tests/templates/base.html
@@ -0,0 +1,11 @@
 <!DOCTYPE html>
 <html lang="en">
    <head>
        {% block head %}
        {% endblock %}
    </head>
    <body>
        {% block content %}
        {% endblock %}
    </body>
 </html>
--- a/tests/test_views.py
+++ b/tests/test_views.py
@@ -0,0 +1,29 @@
 import pytest
 from django.urls import reverse
@pytest.mark.VIEWS
@pytest.mark.DJANGO
@pytest.mark.ANNONYMOUS_USER
@pytest.mark.django_db
 def test_index_unauthenticated(client):
    url = reverse("mfa_home")
    response = client.get(url)
    assert response is not None
    assert response.status_code == 302
    assert response.url=="/accounts/login/?next=/"
@pytest.mark.VIEWS
@pytest.mark.AUTHENTICATED_USER
@pytest.mark.django_db
 def test_index_authenticated(client, authenticated_user):
    url = reverse("mfa_home")
    response = client.get(url)
    assert response is not None
    assert response.status_code == 200
    assert isinstance(response.templates, list)
    assert len(response.templates) == 4
    for template in response.templates:
        assert template.name in ["modal.html", "base.html", "mfa_base.html", "MFA.html"]
--- a/tox.ini
+++ b/tox.ini
@@ -0,0 +1,52 @@
 # Tox (https://tox.readthedocs.io/) is a tool for running tests
 # in multiple virtualenvs. This configuration file will run the
 # test suite on all supported python versions. To use it, "pip install tox"
 # and then run "tox" from this directory.
 #
 # See also https://tox.readthedocs.io/en/latest/config.html for more
 # configuration options.
 [tox]
 # Choose your Python versions. They have to be available
 # on the system the tests are run on.
 # comma separated
 envlist =
    python{3.6,3.7,3.8,3.9}-django2.2
    python{3.6,3.7,3.8,3.9}-django3
    python{3.8,3.9,3.10,3.11}-django4
    python{3.8,3.9,3.10,3.11}-django5
 # Tell tox to not require a setup.py file
 ;skipsdist = True
 isolated_build = True
 [testenv]
 # https://tox.wiki/en/latest/example/basic.html#using-a-different-default-pypi-url
 ;setenv =
 ;    PIP_INDEX_URL = https://pypi.my-alternative-index.org
 # https://tech.serhatteker.com/post/2020-02/test-env-vars-in-python/
 ;setenv =
 ;    NAME=value
 # https://tox.wiki/en/latest/example/basic.html#passing-down-environment-variables
 # passenv = ENV_VAR_NAME
 # https://tox.wiki/en/latest/example/pytest.html#extended-example-change-dir-before-test-and-use-per-virtualenv-tempdir
 ;changedir = tests
 deps =
    django22: django>=2.2,<2.3
    django32: django>=3.2,<3.3
    django40: django>=4.0,<4.1
    django41: django>=4.1,<4.2
    django42: django>=4.2,<4.3
    django50: django==5.0
    -rrequirements.txt
    -rrequirements_testing.txt
 # https://tox.wiki/en/latest/example/basic.html#ignoring-a-command-exit-code
 commands =
 ;   pytest --junitxml=report.xml
    pytest {posargs}
Author	SHA1	Message	Date
Mohamed ElKalioby	972ccf4888	Fix tox envs	2023-12-31 22:04:00 +03:00
Mohamed El-Kalioby	044f52da6a	Merge pull request #79 from oussjarrousse/78-adding-tests 78 adding tests	2023-12-31 20:59:17 +02:00
Mohamed El-Kalioby	b1a167ad66	Merge branch 'dev' into 78-adding-tests	2023-12-31 20:47:45 +02:00
Mohamed El-Kalioby	70dd692299	Update README.md	2023-12-31 21:45:49 +03:00
Mohamed El-Kalioby	a1855d3998	Update CHANGELOG.md	2023-12-31 21:45:12 +03:00
Mohamed El-Kalioby	16537baa6f	Merge pull request #73 from jkirkcaldy/master grammar	2023-12-31 20:42:04 +02:00
Oussama Jarrousse	e76feeb06b	excluding tests when building the package	2023-12-27 12:08:49 +01:00
Oussama Jarrousse	e0335ac4a7	added django3, 4, 5 to the tox environments list	2023-12-27 11:54:23 +01:00
Oussama Jarrousse	54f5eb212a	added markers; edited README.md	2023-12-27 11:36:25 +01:00
Oussama Jarrousse	c53b4d1e1a	better .gitignore	2023-12-26 17:43:57 +01:00
Oussama Jarrousse	0075f84b29	added .vscode/launch.json	2023-12-26 17:36:26 +01:00
Oussama Jarrousse	6ae4c2508c	2 passed in 0.82s, 32% coverage	2023-12-26 17:33:21 +01:00
Oussama Jarrousse	41256cc76d	initial	2023-12-25 17:44:28 +01:00
jkirkcaldy	b94faa1916	grammar	2023-09-21 15:30:00 +01:00
		`@@ -1 +0,0 @@`
			{"version":3,"file":"bootstrap-toggle.min.js","sources":["bootstrap-toggle.js"],"names":["$","Plugin","option","this","each","$this","data","options","Toggle","element","$element","extend","defaults","render","VERSION","DEFAULTS","on","off","onstyle","offstyle","size","style","width","height","prototype","attr","_onstyle","_offstyle","$toggleOn","html","addClass","$toggleOff","$toggleHandle","$toggleGroup","append","$toggle","prop","wrap","parent","Math","max","outerWidth","outerHeight","css","update","trigger","toggle","silent","removeClass","enable","removeAttr","disable","change","proxy","destroy","remove","removeData","unwrap","old","fn","bootstrapToggle","Constructor","noConflict","document","e","$checkbox","find","preventDefault","jQuery"],"mappings":";;;;;;;CASE,SAAUA,GACV,YAoID,SAASC,GAAOC,GACf,MAAOC,MAAKC,KAAK,WAChB,GAAIC,GAAUL,EAAEG,MACZG,EAAUD,EAAMC,KAAK,aACrBC,EAA2B,gBAAVL,IAAsBA,CAEtCI,IAAMD,EAAMC,KAAK,YAAcA,EAAO,GAAIE,GAAOL,KAAMI,IACvC,gBAAVL,IAAsBI,EAAKJ,IAASI,EAAKJ,OAtItD,GAAIM,GAAS,SAAUC,EAASF,GAC/BJ,KAAKO,SAAYV,EAAES,GACnBN,KAAKI,QAAYP,EAAEW,UAAWR,KAAKS,WAAYL,GAC/CJ,KAAKU,SAGNL,GAAOM,QAAW,QAElBN,EAAOO,UACNC,GAAI,KACJC,IAAK,MACLC,QAAS,UACTC,SAAU,UACVC,KAAM,SACNC,MAAO,GACPC,MAAO,KACPC,OAAQ,MAGTf,EAAOgB,UAAUZ,SAAW,WAC3B,OACCI,GAAIb,KAAKO,SAASe,KAAK,YAAcjB,EAAOO,SAASC,GACrDC,IAAKd,KAAKO,SAASe,KAAK,aAAejB,EAAOO,SAASE,IACvDC,QAASf,KAAKO,SAASe,KAAK,iBAAmBjB,EAAOO,SAASG,QAC/DC,SAAUhB,KAAKO,SAASe,KAAK,kBAAoBjB,EAAOO,SAASI,SACjEC,KAAMjB,KAAKO,SAASe,KAAK,cAAgBjB,EAAOO,SAASK,KACzDC,MAAOlB,KAAKO,SAASe,KAAK,eAAiBjB,EAAOO,SAASM,MAC3DC,MAAOnB,KAAKO,SAASe,KAAK,eAAiBjB,EAAOO,SAASO,MAC3DC,OAAQpB,KAAKO,SAASe,KAAK,gBAAkBjB,EAAOO,SAASQ,SAI/Df,EAAOgB,UAAUX,OAAS,WACzBV,KAAKuB,SAAW,OAASvB,KAAKI,QAAQW,QACtCf,KAAKwB,UAAY,OAASxB,KAAKI,QAAQY,QACvC,IAAIC,GAA6B,UAAtBjB,KAAKI,QAAQa,KAAmB,SAClB,UAAtBjB,KAAKI,QAAQa,KAAmB,SACV,SAAtBjB,KAAKI,QAAQa,KAAkB,SAC/B,GACCQ,EAAY5B,EAAE,uBAAuB6B,KAAK1B,KAAKI,QAAQS,IACzDc,SAAS3B,KAAKuB,SAAW,IAAMN,GAC7BW,EAAa/B,EAAE,uBAAuB6B,KAAK1B,KAAKI,QAAQU,KAC1Da,SAAS3B,KAAKwB,UAAY,IAAMP,EAAO,WACrCY,EAAgBhC,EAAE,gDACpB8B,SAASV,GACPa,EAAejC,EAAE,8BACnBkC,OAAON,EAAWG,EAAYC,GAC5BG,EAAUnC,EAAE,iDACd8B,SAAU3B,KAAKO,SAAS0B,KAAK,WAAajC,KAAKuB,SAAWvB,KAAKwB,UAAU,QACzEG,SAASV,GAAMU,SAAS3B,KAAKI,QAAQc,MAEvClB,MAAKO,SAAS2B,KAAKF,GACnBnC,EAAEW,OAAOR,MACRgC,QAAShC,KAAKO,SAAS4B,SACvBV,UAAWA,EACXG,WAAYA,EACZE,aAAcA,IAEf9B,KAAKgC,QAAQD,OAAOD,EAEpB,IAAIX,GAAQnB,KAAKI,QAAQe,OAASiB,KAAKC,IAAIZ,EAAUa,aAAcV,EAAWU,cAAeT,EAAcS,aAAa,EACpHlB,EAASpB,KAAKI,QAAQgB,QAAUgB,KAAKC,IAAIZ,EAAUc,cAAeX,EAAWW,cACjFd,GAAUE,SAAS,aACnBC,EAAWD,SAAS,cACpB3B,KAAKgC,QAAQQ,KAAMrB,MAAOA,EAAOC,OAAQA,IACrCpB,KAAKI,QAAQgB,SAChBK,EAAUe,IAAI,cAAef,EAAUL,SAAW,MAClDQ,EAAWY,IAAI,cAAeZ,EAAWR,SAAW,OAErDpB,KAAKyC,QAAO,GACZzC,KAAK0C,SAAQ,IAGdrC,EAAOgB,UAAUsB,OAAS,WACrB3C,KAAKO,SAAS0B,KAAK,WAAYjC,KAAKc,MACnCd,KAAKa,MAGXR,EAAOgB,UAAUR,GAAK,SAAU+B,GAC/B,MAAI5C,MAAKO,SAAS0B,KAAK,aAAoB,GAC3CjC,KAAKgC,QAAQa,YAAY7C,KAAKwB,UAAY,QAAQG,SAAS3B,KAAKuB,UAChEvB,KAAKO,SAAS0B,KAAK,WAAW,QACzBW,GAAQ5C,KAAK0C,aAGnBrC,EAAOgB,UAAUP,IAAM,SAAU8B,GAChC,MAAI5C,MAAKO,SAAS0B,KAAK,aAAoB,GAC3CjC,KAAKgC,QAAQa,YAAY7C,KAAKuB,UAAUI,SAAS3B,KAAKwB,UAAY,QAClExB,KAAKO,SAAS0B,KAAK,WAAW,QACzBW,GAAQ5C,KAAK0C,aAGnBrC,EAAOgB,UAAUyB,OAAS,WACzB9C,KAAKgC,QAAQe,WAAW,YACxB/C,KAAKO,SAAS0B,KAAK,YAAY,IAGhC5B,EAAOgB,UAAU2B,QAAU,WAC1BhD,KAAKgC,QAAQV,KAAK,WAAY,YAC9BtB,KAAKO,SAAS0B,KAAK,YAAY,IAGhC5B,EAAOgB,UAAUoB,OAAS,SAAUG,GAC/B5C,KAAKO,SAAS0B,KAAK,YAAajC,KAAKgD,UACpChD,KAAK8C,SACN9C,KAAKO,SAAS0B,KAAK,WAAYjC,KAAKa,GAAG+B,GACtC5C,KAAKc,IAAI8B,IAGfvC,EAAOgB,UAAUqB,QAAU,SAAUE,GACpC5C,KAAKO,SAASO,IAAI,oBACb8B,GAAQ5C,KAAKO,SAAS0C,SAC3BjD,KAAKO,SAASM,GAAG,mBAAoBhB,EAAEqD,MAAM,WAC5ClD,KAAKyC,UACHzC,QAGJK,EAAOgB,UAAU8B,QAAU,WAC1BnD,KAAKO,SAASO,IAAI,oBAClBd,KAAK8B,aAAasB,SAClBpD,KAAKO,SAAS8C,WAAW,aACzBrD,KAAKO,SAAS+C,SAiBf,IAAIC,GAAM1D,EAAE2D,GAAGC,eAEf5D,GAAE2D,GAAGC,gBAA8B3D,EACnCD,EAAE2D,GAAGC,gBAAgBC,YAAcrD,EAKnCR,EAAE2D,GAAGb,OAAOgB,WAAa,WAExB,MADA9D,GAAE2D,GAAGC,gBAAkBF,EAChBvD,MAMRH,EAAE,WACDA,EAAE,6CAA6C4D,oBAGhD5D,EAAE+D,UAAU/C,GAAG,kBAAmB,2BAA4B,SAASgD,GACtE,GAAIC,GAAYjE,EAAEG,MAAM+D,KAAK,uBAC7BD,GAAUL,gBAAgB,UAC1BI,EAAEG,oBAGFC"}
		`@@ -1,3 +0,0 @@`
			`from django.test import TestCase`

			`# Create your tests here.`