josh/django-mfa2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: josh:django-1.8
Branches Tags
josh:master josh:black josh:dev josh:dependabot/pip/fido2-1.1.1 josh:ConditionalUI josh:v3.0 josh:MoreOptions josh:CVE-2022-42731 josh:v2.5.2 josh:v2.6.1 josh:v2.5.1 josh:recovery_codes josh:v2.6.0 josh:v2.6.0rc1 josh:v2.5b2 josh:v2.5b1 josh:fido==1.0.0 josh:v2.5 josh:ResidentKey josh:v2.4.0 josh:v2.3.0 josh:v2.2.1 josh:Better_TOTP josh:v2.2.0 josh:passwordless josh:redirect josh:Postgres josh:Issue_37 josh:TouchID_4_1.8 josh:TouchID josh:django-1.8 josh:example
josh:v2.8 josh:v2.6.1-release josh:v2.5.1-release josh:v2.6.0-release josh:v2.6rc1 josh:v2.5 josh:v2.5b1 josh:v2.4.0 josh:v2.3.0 josh:v2.2.0 josh:v2.1.0 josh:v2.1.0b1 josh:v2.0.5 josh:v2.0.3 josh:v2.0.1 josh:v2.0 josh:v1.9 josh:v1.7.11 josh:v1.6 josh:v1.3 josh:v1.1.6 josh:v1.1 josh:v1.0.4 josh:0.9
...
compare: josh:v2.0.1
Branches Tags
josh:master josh:black josh:dev josh:dependabot/pip/fido2-1.1.1 josh:ConditionalUI josh:v3.0 josh:MoreOptions josh:CVE-2022-42731 josh:v2.5.2 josh:v2.6.1 josh:v2.5.1 josh:recovery_codes josh:v2.6.0 josh:v2.6.0rc1 josh:v2.5b2 josh:v2.5b1 josh:fido==1.0.0 josh:v2.5 josh:ResidentKey josh:v2.4.0 josh:v2.3.0 josh:v2.2.1 josh:Better_TOTP josh:v2.2.0 josh:passwordless josh:redirect josh:Postgres josh:Issue_37 josh:TouchID_4_1.8 josh:TouchID josh:django-1.8 josh:example
josh:v2.8 josh:v2.6.1-release josh:v2.5.1-release josh:v2.6.0-release josh:v2.6rc1 josh:v2.5 josh:v2.5b1 josh:v2.4.0 josh:v2.3.0 josh:v2.2.0 josh:v2.1.0 josh:v2.1.0b1 josh:v2.0.5 josh:v2.0.3 josh:v2.0.1 josh:v2.0 josh:v1.9 josh:v1.7.11 josh:v1.6 josh:v1.3 josh:v1.1.6 josh:v1.1 josh:v1.0.4 josh:0.9

19 Commits
django-1.8 ... v2.0.1

Author SHA1 Message Date
Mohamed El-Kalioby
5b97d5aa6d Merge pull request #24 from Aquaveo/migration-fix 
Fix for Issue #23
 2020-09-10 09:06:08 +03:00
nswain
f3483868ed Use the ORM to perform migration query. 2020-09-09 17:32:09 -06:00
nswain
f5218bdbdb Simplify migration script. 2020-09-09 13:16:28 -06:00
nswain
d9bc0dd5fd Fix migration script. 2020-09-09 13:09:42 -06:00
Mohamed ElKalioby
4b19d95a7e Upgraded to version 2.0 2020-09-09 19:04:22 +03:00
Mohamed El-Kalioby
01a2766ef5 Merge pull request #19 from Aquaveo/email-fixes 
Two Fixes to Make Email Method More Robust
 2020-09-09 18:28:21 +03:00
nswain
c34efd6ba9 Use decode method to decode the byte string instead of casting it to string and replacing the byte string syntax in the string. 2020-09-09 09:15:53 -06:00
nswain
d48e464c16 Use DEFAULT_FROM_EMAIL instead of EMAIL_HOST_USER for the from email address if EMAIL_HOST_USER does not have an "@" sign in it. 
Some email relay services require a username that is not an email address for the EMAIL_HOST_USER (e.g.: https://sendgrid.com/docs/API_Reference/SMTP_API/integrating_with_the_smtp_api.html)
 2020-09-09 09:15:53 -06:00
nswain
b5b308a757 Removes embedded bytestring syntax from email message body. 
e.g.: "b'Hello user, here's your code: 81244'" -> "Hello user, here's your code: 81244"
 2020-09-09 09:15:53 -06:00
Mohamed El-Kalioby
d00083a0cf Update README.md 2020-08-29 21:26:26 +03:00
Mohamed El-Kalioby
9277819787 Merge pull request #21 from unramk/patch-1 
Update README.md
 2020-08-29 21:21:35 +03:00
unramk
f7baa822f7 Update README.md 
Small typo :)
 2020-08-29 20:18:07 +02:00
Mohamed ElKalioby
d404dc6bee Updated to settings 2020-08-28 19:12:14 +03:00
Mohamed ElKalioby
56eb8821af Fixed Migration with SQLite 2020-08-28 19:10:34 +03:00
Mohamed ElKalioby
e79411d04c Updted to fido2==0.8.1 2020-08-28 19:10:10 +03:00
Mohamed El-Kalioby
d9590c0ea1 Merge pull request #18 from Aquaveo/html-and-style-fixes 
Addresses several structure and style issues with TOTP and Email dialogs
 2020-08-28 18:46:15 +03:00
Mohamed El-Kalioby
b6f8696081 Merge pull request #20 from Aquaveo/never_cache 
Adds never_cache decorator to TOTP and Email views
 2020-08-28 18:38:09 +03:00
nswain
55375f7002 Adds never_cache decorator to TOTP and Email start and auth views to prevent browser from caching previous codes. 2020-08-26 11:06:31 -06:00
nswain
b6992d3ced Addresses several structure and style issues with TOTP and Email dialogs. 
Added missing div tags that were causing style problems.
Reformatted HTML to make it easier to read.
Added whitespace above buttons on TOTP Add dialog.
Changed "6-digit" to "code" on email dialogs because number of digits varies.
 2020-08-26 10:19:38 -06:00
13 changed files with 118 additions and 101 deletions
Expand all files Collapse all files

9
CHANGELOG.md
View File

@@ -1,5 +1,14 @@
# Change Log
## 2.0
* Dropped support to djangp-1.8 and Python 2.7
* Added: never-cache decorator
* Fixes to Make Email Method More Robust
* Addresses several structure and style issues with TOTP and Email dialogs
* Updated to fido2 0.8.1
Thanks to @swainn
## v1.9.1
* Fixed: is_authenticated #13
* Fixed: is_anonymous #6

4
README.md
View File

@@ -53,7 +53,7 @@ Depends on
MFA_RECHECK_MAX=30 # Maximum in seconds
MFA_QUICKLOGIN=True # Allow quick login for returning users by provide only their 2FA
MFA_HIDE_DISABLE=('FIDO2',) # Can the user disable his key (Added in 1.2.0).
MFA_OWNED_BY_ENTERPRISE = FALSE # Who ownes security keys
MFA_OWNED_BY_ENTERPRISE = FALSE # Who owns security keys
TOKEN_ISSUER_NAME="PROJECT_NAME" #TOTP Issuer name
@@ -156,3 +156,5 @@ function some_func() {
# Contributors
* [mahmoodnasr](https://github.com/mahmoodnasr)
* [d3cline](https://github.com/d3cline)
* [swainn](https://github.com/swainn)
* [unramk](https://github.com/unramk)

5
mfa/Common.py
View File

@@ -2,7 +2,10 @@ from django.conf import settings
from django.core.mail import EmailMessage
def send(to,subject,body):
From = "%s <%s>" % (settings.EMAIL_FROM, settings.EMAIL_HOST_USER)
from_email_address = settings.EMAIL_HOST_USER
if '@' not in from_email_address:
from_email_address = settings.DEFAULT_FROM_EMAIL
From = "%s <%s>" % (settings.EMAIL_FROM, from_email_address)
email = EmailMessage(subject,body,From,to)
email.content_subtype = "html"
return email.send(False)

5
mfa/Email.py
View File

@@ -1,4 +1,5 @@
from django.shortcuts import render
from django.views.decorators.cache import never_cache
from django.template.context_processors import csrf
import datetime,random
from random import randint
@@ -13,8 +14,9 @@ def sendEmail(request,username,secret):
kwargs = {key: username}
user = User.objects.get(**kwargs)
res=render(request,"mfa_email_token_template.html",{"request":request,"user":user,'otp':secret})
return send([user.email],"OTP", str(res.content))
return send([user.email],"OTP", res.content.decode())
@never_cache
def start(request):
context = csrf(request)
if request.method == "POST":
@@ -36,6 +38,7 @@ def start(request):
if sendEmail(request, request.user.username, request.session["email_secret"]):
context["sent"] = True
return render(request,"Email/Add.html", context)
@never_cache
def auth(request):
context=csrf(request)
if request.method=="POST":

4
mfa/FIDO2.py
View File

@@ -1,5 +1,5 @@
from fido2.client import ClientData
from fido2.server import Fido2Server, RelyingParty
from fido2.server import Fido2Server, PublicKeyCredentialRpEntity
from fido2.ctap2 import AttestationObject, AuthenticatorData
from django.template.context_processors import csrf
from django.views.decorators.csrf import csrf_exempt
@@ -24,7 +24,7 @@ def recheck(request):
def getServer():
rp = RelyingParty(settings.FIDO_SERVER_ID, settings.FIDO_SERVER_NAME)
rp = PublicKeyCredentialRpEntity(settings.FIDO_SERVER_ID, settings.FIDO_SERVER_NAME)
return Fido2Server(rp)
def begin_registeration(request):
server = getServer()

8
mfa/migrations/0009_user_keys_owned_by_enterprise.py
View File

@@ -4,6 +4,12 @@ from __future__ import unicode_literals
from django.db import models, migrations
from django.conf import settings
def update_owned_by_enterprise(apps, schema_editor):
user_keys = apps.get_model('mfa', 'user_keys')
user_keys.objects.filter(key_type='FIDO2').update(owned_by_enterprise=getattr(settings,"MFA_OWNED_BY_ENTERPRISE",False))
class Migration(migrations.Migration):
dependencies = [
@@ -16,5 +22,5 @@ class Migration(migrations.Migration):
name='owned_by_enterprise',
field=models.NullBooleanField(default=None),
),
migrations.RunSQL("update mfa_user_keys set owned_by_enterprise = %s where key_type='FIDO2'"%(True if getattr(settings,"MFA_OWNED_BY_ENTERPRISE",False) else False ))
migrations.RunPython(update_owned_by_enterprise)
]

88
mfa/templates/Email/Add.html
View File

@@ -2,54 +2,50 @@
{% block head %}
{% endblock %}
{% block content %}
<br/>
<br/>
<div class="panel panel-default">
<div class="panel-heading">
<strong> Activate Token by email</strong>
</div>
<div class="panel-body">
<br/>
<br/>
<div class="container">
<div class="panel panel-default">
<div class="panel-heading">
<strong> Activate Token by email</strong>
</div>
<div class="panel-body">
<FORM METHOD="POST" ACTION="{% url 'start_email' %}" Id="formLogin" onSubmit="" name="FrontPage_Form1">
{% csrf_token %}
{% if invalid %}
<div class="alert alert-danger">
Sorry, The provided token is not valid.
{% csrf_token %}
{% if invalid %}
<div class="alert alert-danger">
Sorry, The provided token is not valid.
</div>
{% endif %}
{% if quota %}
<div class="alert alert-warning">
{{ quota }}
</div>
{% endif %}
<fieldset>
<div class="row">
<div class="col-sm-12 col-md-12">
<p>Enter the code sent to your email.</p>
</div>
</div>
{% endif %}
{% if quota %}
<div class="alert alert-warning">
{{ quota }}
<div class="row">
<div class="col-sm-12 col-md-12">
<div class="form-group">
<div class="input-group">
<span class="input-group-addon">
<i class="glyphicon glyphicon-lock"></i>
</span>
<input class="form-control" size="6" MaxLength="6" value="" placeholder="e.g 55552" name="otp" type="text" id="otp" autofocus>
</div>
</div>
<div class="form-group">
<input type="submit" class="btn btn-lg btn-success btn-block" value="Verify">
</div>
</div>
</div>
{% endif %}
<fieldset>
<div class="row">
<div class="col-sm-12 col-md-12">
<p>Enter the 6-digits sent to your email.</p>
</div>
</div>
<div class="row">
<div class="col-sm-12 col-md-12">
<div class="form-group">
<div class="input-group">
<span class="input-group-addon">
<i class="glyphicon glyphicon-lock"></i>
</span>
<input class="form-control" size="6" MaxLength="6" value="" placeholder="e.g 55552" name="otp" type="text" id="otp" autofocus>
</div>
</div>
<div class="form-group">
<input type="submit" class="btn btn-lg btn-success btn-block" value="Verify">
</div>
</div>
</fieldset>
</fieldset>
</FORM>
</div>
</div>
</div>
</div>
{% endblock %}

2
mfa/templates/Email/recheck.html
View File

@@ -39,7 +39,7 @@
<fieldset>
<div class="row">
<div class="col-sm-12 col-md-12">
<p>Enter the 6-digits sent to your email.</p>
<p>Enter the code sent to your email.</p>
</div>
</div>

2
mfa/templates/MFA.html
View File

@@ -66,7 +66,7 @@
{% endif %}
</ul>
</div>
</div>
<br/>
<br/>
<table class="table table-striped">

54
mfa/templates/TOTP/Add.html
View File

@@ -2,7 +2,7 @@
{% extends "base.html" %}
{% load static %}
{% block head %}
<style>
<style>
#two-factor-steps {
border: 1px solid #ccc;
border-radius: 3px;
@@ -12,8 +12,8 @@
margin: 0px;
}
</style>
<script src="{% static 'mfa/js/qrious.min.js' %}" type="text/javascript"></script>
<script type="text/javascript">
<script src="{% static 'mfa/js/qrious.min.js' %}" type="text/javascript"></script>
<script type="text/javascript">
var key="";
$(document).ready(function addToken() {
$.ajax({
@@ -61,49 +61,49 @@
</script>
{% endblock %}
{% block content %}
<br/>
<br/>
<div class="container">
<div class="col-md-6 col-md-offset-3" id="two-factor-steps">
<div class="row" align="center">
<h4>Adding Authenticator</h4>
</div>
<div class="row">
<br/>
<br/>
<div class="container">
<div class="col-md-6 col-md-offset-3" id="two-factor-steps">
<div class="row" align="center">
<h4>Adding Authenticator</h4>
</div>
<div class="row">
<p>Scan the image below with the two-factor authentication app on your <a href="javascript:void(0)" onclick="showTOTP()">phone/PC</a> phone/PC. If you cant use a barcode,
<a href="javascript:void(0)" onclick="showKey()">enter this text</a> instead. </p>
<p>Scan the image below with the two-factor authentication app on your <a href="javascript:void(0)" onclick="showTOTP()">phone/PC</a>. If you cant use a barcode,
<a href="javascript:void(0)" onclick="showKey()">enter this text</a> instead. </p>
</div>
<div class="row">
<div align="center" style="display: none" id="second_step">
<div align="center" style="display: none" id="second_step">
<img id="qr"/>
<img id="qr"/>
</div>
<div class="row">
<div class="row">
<p><b>Enter the six-digit code from the application</b></p>
<p style="color: #333333;font-size: 10px">After scanning the barcode image, the app will display a six-digit code that you can enter below. </p>
</div>
</div>
<div class="row">
<input style="display: inline;width: 95%" maxlength="6" size="6" class="form-control" id="answer" placeholder="e.g 785481"/>
<input style="display: inline;width: 95%" maxlength="6" size="6" class="form-control" id="answer" placeholder="e.g 785481"/>
</div>
<div class="row">
<div class="col-md-6" style="padding-left: 0px">
<button class="btn btn-success" onclick="verify()">Enable</button>
</div>
<div class="col-md-6" align="right" style="padding-right: 30px">
<a href="{% url 'mfa_home' %}"><button class="btn btn-default">Cancel</button></a>
<div class="row" style="padding-top: 10px;">
<div class="col-md-6" style="padding-left: 0px">
<button class="btn btn-success" onclick="verify()">Enable</button>
</div>
<div class="col-md-6" align="right" style="padding-right: 30px">
<a href="{% url 'mfa_home' %}"><button class="btn btn-default">Cancel</button></a>
</div>
</div>
</div>
</div>
</div>
</div>
{% include "modal.html" %}
</div>
{% include "modal.html" %}
{% endblock %}

3
mfa/totp.py
View File

@@ -1,4 +1,5 @@
from django.shortcuts import render
from django.views.decorators.cache import never_cache
from django.http import HttpResponse
from .models import *
from django.template.context_processors import csrf
@@ -31,6 +32,7 @@ def recheck(request):
return HttpResponse(simplejson.dumps({"recheck": False}), content_type="application/json")
return render(request,"TOTP/recheck.html", context)
@never_cache
def auth(request):
context=csrf(request)
if request.method=="POST":
@@ -68,5 +70,6 @@ def verify(request):
return HttpResponse("Success")
else: return HttpResponse("Error")
@never_cache
def start(request):
return render(request,"TOTP/Add.html",{})

19
requirements.txt
View File

@@ -1,11 +1,10 @@
django >= 1.7
jsonfield
simplejson
pyotp
python-u2flib-server
ua-parser
user-agents
python-jose
fido2 == 0.7
jsonLookup
jsonfield
simplejson
pyotp
python-u2flib-server
ua-parser
user-agents
python-jose
fido2 == 0.8.1
jsonLookup

16
setup.py
View File

@@ -4,7 +4,7 @@ from setuptools import find_packages, setup
setup(
name='django-mfa2',
version='1.9.1',
version='2.0.0',
description='Allows user to add 2FA to their accounts',
long_description=open("README.md").read(),
long_description_content_type="text/markdown",
@@ -24,32 +24,28 @@ setup(
'ua-parser',
'user-agents',
'python-jose',
'fido2 == 0.7.2',
'fido2 == 0.8.1',
'jsonLookup'
],
python_requires=">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*",
python_requires=">=3.5",
include_package_data=True,
zip_safe=False, # because we're including static files
classifiers=[
"Development Status :: 5 - Production/Stable",
"Environment :: Web Environment",
"Framework :: Django",
"Framework :: Django :: 1.7",
"Framework :: Django :: 1.8",
"Framework :: Django :: 1.9",
"Framework :: Django :: 1.10",
"Framework :: Django :: 1.11",
"Framework :: Django :: 2.0",
"Framework :: Django :: 2.1",
"Framework :: Django :: 2.2",
"Intended Audience :: Developers",
"Operating System :: OS Independent",
"Programming Language :: Python",
"Programming Language :: Python :: 2",
"Programming Language :: Python :: 2.7",
"Programming Language :: Python :: 3",
"Programming Language :: Python :: 3.4",
"Programming Language :: Python :: 3.5",
"Programming Language :: Python :: 3.6",
"Programming Language :: Python :: 3.7",
"Programming Language :: Python :: 3.8",
"Topic :: Software Development :: Libraries :: Python Modules",
]
)