josh/django-mfa2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: josh:master
Branches Tags
josh:master josh:black josh:dev josh:dependabot/pip/fido2-1.1.1 josh:ConditionalUI josh:v3.0 josh:MoreOptions josh:CVE-2022-42731 josh:v2.5.2 josh:v2.6.1 josh:v2.5.1 josh:recovery_codes josh:v2.6.0 josh:v2.6.0rc1 josh:v2.5b2 josh:v2.5b1 josh:fido==1.0.0 josh:v2.5 josh:ResidentKey josh:v2.4.0 josh:v2.3.0 josh:v2.2.1 josh:Better_TOTP josh:v2.2.0 josh:passwordless josh:redirect josh:Postgres josh:Issue_37 josh:TouchID_4_1.8 josh:TouchID josh:django-1.8 josh:example
josh:v2.8 josh:v2.6.1-release josh:v2.5.1-release josh:v2.6.0-release josh:v2.6rc1 josh:v2.5 josh:v2.5b1 josh:v2.4.0 josh:v2.3.0 josh:v2.2.0 josh:v2.1.0 josh:v2.1.0b1 josh:v2.0.5 josh:v2.0.3 josh:v2.0.1 josh:v2.0 josh:v1.9 josh:v1.7.11 josh:v1.6 josh:v1.3 josh:v1.1.6 josh:v1.1 josh:v1.0.4 josh:0.9
..
compare: josh:dev
Branches Tags
josh:master josh:black josh:dev josh:dependabot/pip/fido2-1.1.1 josh:ConditionalUI josh:v3.0 josh:MoreOptions josh:CVE-2022-42731 josh:v2.5.2 josh:v2.6.1 josh:v2.5.1 josh:recovery_codes josh:v2.6.0 josh:v2.6.0rc1 josh:v2.5b2 josh:v2.5b1 josh:fido==1.0.0 josh:v2.5 josh:ResidentKey josh:v2.4.0 josh:v2.3.0 josh:v2.2.1 josh:Better_TOTP josh:v2.2.0 josh:passwordless josh:redirect josh:Postgres josh:Issue_37 josh:TouchID_4_1.8 josh:TouchID josh:django-1.8 josh:example
josh:v2.8 josh:v2.6.1-release josh:v2.5.1-release josh:v2.6.0-release josh:v2.6rc1 josh:v2.5 josh:v2.5b1 josh:v2.4.0 josh:v2.3.0 josh:v2.2.0 josh:v2.1.0 josh:v2.1.0b1 josh:v2.0.5 josh:v2.0.3 josh:v2.0.1 josh:v2.0 josh:v1.9 josh:v1.7.11 josh:v1.6 josh:v1.3 josh:v1.1.6 josh:v1.1 josh:v1.0.4 josh:0.9

14 Commits
master ... dev

Author SHA1 Message Date
Mohamed ElKalioby
972ccf4888 Fix tox envs 2023-12-31 22:04:00 +03:00
Mohamed El-Kalioby
044f52da6a Merge pull request #79 from oussjarrousse/78-adding-tests 
78 adding tests
 2023-12-31 20:59:17 +02:00
Mohamed El-Kalioby
b1a167ad66 Merge branch 'dev' into 78-adding-tests 2023-12-31 20:47:45 +02:00
Mohamed El-Kalioby
70dd692299 Update README.md 2023-12-31 21:45:49 +03:00
Mohamed El-Kalioby
a1855d3998 Update CHANGELOG.md 2023-12-31 21:45:12 +03:00
Mohamed El-Kalioby
16537baa6f Merge pull request #73 from jkirkcaldy/master 
grammar
 2023-12-31 20:42:04 +02:00
Oussama Jarrousse
e76feeb06b excluding tests when building the package 2023-12-27 12:08:49 +01:00
Oussama Jarrousse
e0335ac4a7 added django3, 4, 5 to the tox environments list 2023-12-27 11:54:23 +01:00
Oussama Jarrousse
54f5eb212a added markers; edited README.md 2023-12-27 11:36:25 +01:00
Oussama Jarrousse
c53b4d1e1a better .gitignore 2023-12-26 17:43:57 +01:00
Oussama Jarrousse
0075f84b29 added .vscode/launch.json 2023-12-26 17:36:26 +01:00
Oussama Jarrousse
6ae4c2508c 2 passed in 0.82s, 32% coverage 2023-12-26 17:33:21 +01:00
Oussama Jarrousse
41256cc76d initial 2023-12-25 17:44:28 +01:00
jkirkcaldy
b94faa1916 grammar 2023-09-21 15:30:00 +01:00
31 changed files with 889 additions and 524 deletions
Expand all files Collapse all files

9
.gitignore vendored
View File

@@ -1,5 +1,9 @@
.idea
example/venv
# IDE
.idea
.vscode
# Byte-compiled / optimized / DLL files
__pycache__/
*.py[cod]
@@ -105,3 +109,6 @@ venv.bak/
# mypy
.mypy_cache/
example/test_db
# OS related
.DS_Store

5
CHANGELOG.md
View File

@@ -1,4 +1,9 @@
# Change Log
## 2.9.0
* Fix a typo,
Thanks to @jkirkcaldy
## 2.8.0
* Support For Django 4.0+ JSONField
* Removed jsonfield package from requirements

40
README.md
View File

@@ -11,6 +11,7 @@ A Django app that handles MFA, it supports TOTP, U2F, FIDO2 U2F (Web Authn), Ema
[![Conda Downloads](https://img.shields.io/conda/dn/conda-forge/django-mfa2.svg)](https://anaconda.org/conda-forge/django-mfa2)
[![Conda Version](https://img.shields.io/conda/vn/conda-forge/django-mfa2.svg)](https://anaconda.org/conda-forge/django-mfa2)
Web Authencation API (WebAuthn) is state-of-the art techology that is expected to replace passwords.
![Andriod Fingerprint](https://cdn-images-1.medium.com/max/800/1*1FWkRE8D7NTA2Kn1DrPjPA.png)
@@ -196,6 +197,43 @@ function some_func() {
````
# Testing
We use `pytest` and several pytest plugins, especially the `pytest-django` and `pytest-cov` plugins that provide Django fixtures, and test coverage analysis.
In the root folder, `pytest.ini` contains configurations for running the tests, `requirements_testing.txt` contains the python packages required for running tests, and the folder `tests` contains the actual test files.
To run the tests, install the packages in requirements and requirements_testing.txt:
```bash
pip install -r requirements.txt -r requirements_testing.txt
```
then simply run pytest
```
pytest
```
to generate the coverage html pages:
```
pytest --cov=. --cov-report html -v
```
the coverage html files will be generated in the `htmlcov` folder
We use `tox` to test the package against different isolated environments. `tox.ini` contains the configurations for tox. To run the tests in the environments defined in the `tox.ini` file, make sure the python package tox is installed:
```
pip install tox
```
then run tox in the project root:
```
tox
```
# Contributors
* [mahmoodnasr](https://github.com/mahmoodnasr)
* [d3cline](https://github.com/d3cline)
@@ -207,6 +245,8 @@ function some_func() {
* [ezrajrice](https://github.com/ezrajrice)
* [Spitfireap](https://github.com/Spitfireap)
* [peterthomassen](https://github.com/peterthomassen)
* [oussjarrousse](https://github.com/oussjarrousse)
* [jkirkcaldy](https://github.com/jkirkcaldy)
# Security contact information

2
mfa/apps.py
View File

@@ -1,4 +1,4 @@
from django.apps import AppConfig
class myAppNameConfig(AppConfig):
name = 'mfa'
verbose_name = 'A Much Better Name'
verbose_name = 'Django MFA2'

8
mfa/helpers.py
View File

@@ -4,14 +4,8 @@ from . import TrustedDevice, U2F, FIDO2, totp
import simplejson
from django.shortcuts import HttpResponse
from mfa.views import verify,goto
from mfa.recovery import delTokens
def has_mfa(request,username):
uk = User_Keys.objects.filter(username=username,enabled=1)
if uk.count()==1:
for u in uk:
if u.key_type == "RECOVERY":
delTokens(request)
elif uk.count()>0:
if User_Keys.objects.filter(username=username,enabled=1).count()>0:
return verify(request, username)
return False

1
mfa/static/mfa/js/bootstrap-toggle.min.js.map
View File

@@ -1 +0,0 @@
{"version":3,"file":"bootstrap-toggle.min.js","sources":["bootstrap-toggle.js"],"names":["$","Plugin","option","this","each","$this","data","options","Toggle","element","$element","extend","defaults","render","VERSION","DEFAULTS","on","off","onstyle","offstyle","size","style","width","height","prototype","attr","_onstyle","_offstyle","$toggleOn","html","addClass","$toggleOff","$toggleHandle","$toggleGroup","append","$toggle","prop","wrap","parent","Math","max","outerWidth","outerHeight","css","update","trigger","toggle","silent","removeClass","enable","removeAttr","disable","change","proxy","destroy","remove","removeData","unwrap","old","fn","bootstrapToggle","Constructor","noConflict","document","e","$checkbox","find","preventDefault","jQuery"],"mappings":";;;;;;;CASE,SAAUA,GACV,YAoID,SAASC,GAAOC,GACf,MAAOC,MAAKC,KAAK,WAChB,GAAIC,GAAUL,EAAEG,MACZG,EAAUD,EAAMC,KAAK,aACrBC,EAA2B,gBAAVL,IAAsBA,CAEtCI,IAAMD,EAAMC,KAAK,YAAcA,EAAO,GAAIE,GAAOL,KAAMI,IACvC,gBAAVL,IAAsBI,EAAKJ,IAASI,EAAKJ,OAtItD,GAAIM,GAAS,SAAUC,EAASF,GAC/BJ,KAAKO,SAAYV,EAAES,GACnBN,KAAKI,QAAYP,EAAEW,UAAWR,KAAKS,WAAYL,GAC/CJ,KAAKU,SAGNL,GAAOM,QAAW,QAElBN,EAAOO,UACNC,GAAI,KACJC,IAAK,MACLC,QAAS,UACTC,SAAU,UACVC,KAAM,SACNC,MAAO,GACPC,MAAO,KACPC,OAAQ,MAGTf,EAAOgB,UAAUZ,SAAW,WAC3B,OACCI,GAAIb,KAAKO,SAASe,KAAK,YAAcjB,EAAOO,SAASC,GACrDC,IAAKd,KAAKO,SAASe,KAAK,aAAejB,EAAOO,SAASE,IACvDC,QAASf,KAAKO,SAASe,KAAK,iBAAmBjB,EAAOO,SAASG,QAC/DC,SAAUhB,KAAKO,SAASe,KAAK,kBAAoBjB,EAAOO,SAASI,SACjEC,KAAMjB,KAAKO,SAASe,KAAK,cAAgBjB,EAAOO,SAASK,KACzDC,MAAOlB,KAAKO,SAASe,KAAK,eAAiBjB,EAAOO,SAASM,MAC3DC,MAAOnB,KAAKO,SAASe,KAAK,eAAiBjB,EAAOO,SAASO,MAC3DC,OAAQpB,KAAKO,SAASe,KAAK,gBAAkBjB,EAAOO,SAASQ,SAI/Df,EAAOgB,UAAUX,OAAS,WACzBV,KAAKuB,SAAW,OAASvB,KAAKI,QAAQW,QACtCf,KAAKwB,UAAY,OAASxB,KAAKI,QAAQY,QACvC,IAAIC,GAA6B,UAAtBjB,KAAKI,QAAQa,KAAmB,SAClB,UAAtBjB,KAAKI,QAAQa,KAAmB,SACV,SAAtBjB,KAAKI,QAAQa,KAAkB,SAC/B,GACCQ,EAAY5B,EAAE,uBAAuB6B,KAAK1B,KAAKI,QAAQS,IACzDc,SAAS3B,KAAKuB,SAAW,IAAMN,GAC7BW,EAAa/B,EAAE,uBAAuB6B,KAAK1B,KAAKI,QAAQU,KAC1Da,SAAS3B,KAAKwB,UAAY,IAAMP,EAAO,WACrCY,EAAgBhC,EAAE,gDACpB8B,SAASV,GACPa,EAAejC,EAAE,8BACnBkC,OAAON,EAAWG,EAAYC,GAC5BG,EAAUnC,EAAE,iDACd8B,SAAU3B,KAAKO,SAAS0B,KAAK,WAAajC,KAAKuB,SAAWvB,KAAKwB,UAAU,QACzEG,SAASV,GAAMU,SAAS3B,KAAKI,QAAQc,MAEvClB,MAAKO,SAAS2B,KAAKF,GACnBnC,EAAEW,OAAOR,MACRgC,QAAShC,KAAKO,SAAS4B,SACvBV,UAAWA,EACXG,WAAYA,EACZE,aAAcA,IAEf9B,KAAKgC,QAAQD,OAAOD,EAEpB,IAAIX,GAAQnB,KAAKI,QAAQe,OAASiB,KAAKC,IAAIZ,EAAUa,aAAcV,EAAWU,cAAeT,EAAcS,aAAa,EACpHlB,EAASpB,KAAKI,QAAQgB,QAAUgB,KAAKC,IAAIZ,EAAUc,cAAeX,EAAWW,cACjFd,GAAUE,SAAS,aACnBC,EAAWD,SAAS,cACpB3B,KAAKgC,QAAQQ,KAAMrB,MAAOA,EAAOC,OAAQA,IACrCpB,KAAKI,QAAQgB,SAChBK,EAAUe,IAAI,cAAef,EAAUL,SAAW,MAClDQ,EAAWY,IAAI,cAAeZ,EAAWR,SAAW,OAErDpB,KAAKyC,QAAO,GACZzC,KAAK0C,SAAQ,IAGdrC,EAAOgB,UAAUsB,OAAS,WACrB3C,KAAKO,SAAS0B,KAAK,WAAYjC,KAAKc,MACnCd,KAAKa,MAGXR,EAAOgB,UAAUR,GAAK,SAAU+B,GAC/B,MAAI5C,MAAKO,SAAS0B,KAAK,aAAoB,GAC3CjC,KAAKgC,QAAQa,YAAY7C,KAAKwB,UAAY,QAAQG,SAAS3B,KAAKuB,UAChEvB,KAAKO,SAAS0B,KAAK,WAAW,QACzBW,GAAQ5C,KAAK0C,aAGnBrC,EAAOgB,UAAUP,IAAM,SAAU8B,GAChC,MAAI5C,MAAKO,SAAS0B,KAAK,aAAoB,GAC3CjC,KAAKgC,QAAQa,YAAY7C,KAAKuB,UAAUI,SAAS3B,KAAKwB,UAAY,QAClExB,KAAKO,SAAS0B,KAAK,WAAW,QACzBW,GAAQ5C,KAAK0C,aAGnBrC,EAAOgB,UAAUyB,OAAS,WACzB9C,KAAKgC,QAAQe,WAAW,YACxB/C,KAAKO,SAAS0B,KAAK,YAAY,IAGhC5B,EAAOgB,UAAU2B,QAAU,WAC1BhD,KAAKgC,QAAQV,KAAK,WAAY,YAC9BtB,KAAKO,SAAS0B,KAAK,YAAY,IAGhC5B,EAAOgB,UAAUoB,OAAS,SAAUG,GAC/B5C,KAAKO,SAAS0B,KAAK,YAAajC,KAAKgD,UACpChD,KAAK8C,SACN9C,KAAKO,SAAS0B,KAAK,WAAYjC,KAAKa,GAAG+B,GACtC5C,KAAKc,IAAI8B,IAGfvC,EAAOgB,UAAUqB,QAAU,SAAUE,GACpC5C,KAAKO,SAASO,IAAI,oBACb8B,GAAQ5C,KAAKO,SAAS0C,SAC3BjD,KAAKO,SAASM,GAAG,mBAAoBhB,EAAEqD,MAAM,WAC5ClD,KAAKyC,UACHzC,QAGJK,EAAOgB,UAAU8B,QAAU,WAC1BnD,KAAKO,SAASO,IAAI,oBAClBd,KAAK8B,aAAasB,SAClBpD,KAAKO,SAAS8C,WAAW,aACzBrD,KAAKO,SAAS+C,SAiBf,IAAIC,GAAM1D,EAAE2D,GAAGC,eAEf5D,GAAE2D,GAAGC,gBAA8B3D,EACnCD,EAAE2D,GAAGC,gBAAgBC,YAAcrD,EAKnCR,EAAE2D,GAAGb,OAAOgB,WAAa,WAExB,MADA9D,GAAE2D,GAAGC,gBAAkBF,EAChBvD,MAMRH,EAAE,WACDA,EAAE,6CAA6C4D,oBAGhD5D,EAAE+D,UAAU/C,GAAG,kBAAmB,2BAA4B,SAASgD,GACtE,GAAIC,GAAYjE,EAAEG,MAAM+D,KAAK,uBAC7BD,GAAUL,gBAAgB,UAC1BI,EAAEG,oBAGFC"}

1
mfa/static/mfa/js/qrious.min.js.map
View File

File diff suppressed because one or more lines are too long

21
mfa/templates/FIDO2/Add.html
View File

@@ -61,24 +61,21 @@
{% endblock %}
{% block content %}
<div class="col-lg-8 col-md-8 col-12 mx-auto">
<div class="page-header min-height-300 border-radius-xl mt-4" style="background-repeat: no-repeat; background-position: cover; background-size:contain; background-image: url('{% static 'img/keys.jpg'%}');">
<span class="mask bg-gradient-primary opacity-6"></span>
<br/>
<br/>
<div class="container">
<div class="panel panel-default card">
<div class="panel-heading card-header">
<strong> Adding a New {{ method.name }}</strong>
</div>
<div class="card mx-3 mx-md-4 mt-n6 h-100 z-index-0 fadeIn3 fadeInBottom " >
<div class="card-header pb-0 p-3">
<h6 class="mb-0"><strong> Adding a New {{ method.name }}</strong></h6>
</div>
<div class="card-body">
<div class="panel-body card-body">
<div class="row alert alert-pr" id="res" align="center">
<p style="color: green">Your browser should ask you to confirm you identity.</p>
</div>
</div>
</div>
</div>
{% include "modal.html" %}
{% endblock %}

22
mfa/templates/FIDO2/recheck.html
View File

@@ -1,15 +1,14 @@
{% load static %}
<script type="application/javascript" src="{% static 'mfa/js/cbor.js' %}"></script>
<script type="application/javascript" src="{% static 'mfa/js/ua-parser.min.js' %}"></script>
<div class="col-lg-8 col-md-8 col-12 mx-auto">
<div class="page-header min-height-300 border-radius-xl mt-4" style="background-repeat: no-repeat; background-position: cover; background-size:contain; background-image: url('{% static 'img/keys.jpg'%}');">
<span class="mask bg-gradient-primary opacity-6"></span>
<div class="row">
<div class="col-sm-10 col-sm-offset-1 col-xs-12 col-md-10 col-md-offset-1 col-lg-8 col-lg-offset-2 offset-2 col-8">
<div class="panel panel-default card">
<div class="panel-heading card-header">
<strong> Security Key</strong>
</div>
<div class="card mx-3 mx-md-4 mt-n6 h-100 z-index-0 fadeIn3 fadeInBottom " >
<div class="card-header pb-0 p-3">
<h6 class="mb-0"><strong> Security Key</strong></h6>
</div>
<div class="card-body">
<div class="panel-body card-body">
<div class="row">
<div style="padding-left: 15px" class="col-md-10 col-md-offset-1" id="main_paragraph" align="center">
@@ -17,6 +16,7 @@
Welcome back {% comment %}<img src="{% url 'getUserImage' request.session.base_username %}" title="{{ request.session.base_username }}" style="padding: 3px;height: 50px" class="img-circle"/>{% endcomment %} {{ request.session.base_username }}<br/>
<a href="{% url 'mfa_reset_cookie' %}">Not me</a>
<br/>
{% endif %}
<div id="res">
<p style="color: green">please press the button on your security key to prove it is you.</p>
@@ -32,13 +32,19 @@
</form>
</div>
</div>
</div>
<div class="row">
<div class="col-md-12 mb-3" style="padding-left: 25px">
{% if request.session.mfa_methods|length > 1 %}
<a href="{% url 'mfa_methods_list' %}">Select Another Method</a>
{% endif %}
</div>
</div>
</div>
</div>
</div>
</div>
<script type="text/javascript">

30
mfa/templates/MFA.html
View File

@@ -40,15 +40,12 @@
<script src="{% static 'mfa/js/bootstrap-toggle.min.js'%}"></script>
{% endblock %}
{% block content %}
<div class="col-lg-10 col-md-10 col-12 mx-auto">
<div class="page-header min-height-300 border-radius-xl mt-4" style="background-repeat: no-repeat; background-position: cover; background-size:contain; background-image: url('{% static 'img/keys.jpg'%}');">
<span class="mask bg-gradient-primary opacity-6"></span>
</div>
<div class="card mx-3 mx-md-4 mt-n6 h-100 z-index-0 fadeIn3 fadeInBottom " >
<div class="card-body">
<div class="" style="text-align: center">
{{block.super}}
<br/>
<br/>
<div class="container">
<div class="row">
<div class="offset-5 col-2" style="text-align: center">
<div class="btn-group">
<button class="btn btn-success dropdown-toggle" data-toggle="dropdown" data-bs-toggle="dropdown">
Add Method&nbsp;<span class="caret"></span>
@@ -73,9 +70,10 @@
</div>
</div>
</div>
<div class="table-responsive">
<table class="table table-responsive table-striped">
<br/>
<table class="table table-striped">
<tr>
<th>Type</th>
<th>Date Added</th>
<th>Expires On</th>
@@ -87,6 +85,7 @@
{% if keys %}
{% for key in keys %}
<tr>
<td>{{ key.name }}</td>
<td>{{ key.added_on }}</td>
<td>{% if key.expires %}{{ key.expires }}{% else %}N/A{% endif %}</td>
@@ -117,15 +116,10 @@
</tr>
{% endif %}
{% else %}
<tr><td colspan="7" align="center">You didn't have any keys yet.</td> </tr>
<tr><td colspan="7" align="center">You don't have any keys yet.</td> </tr>
{% endif %}
</table>
</div>
</div>
</div>
</div>
{% include "modal.html" %}
{% include "modal.html" %}
{% endblock %}

41
mfa/templates/RECOVERY/Add.html
View File

@@ -1,3 +1,4 @@
{% extends "base.html" %}
{% load static %}
{% block head %}
@@ -97,25 +98,35 @@
</script>
{% endblock %}
{% block content %}
<div class="col-lg-8 col-md-8 col-12 mx-auto">
<div class="page-header min-height-300 border-radius-xl mt-4" style="background-repeat: no-repeat; background-position: cover; background-size:contain; background-image: url('{% static 'img/keys.jpg'%}');">
<span class="mask bg-gradient-primary opacity-6"></span>
</div>
<div class="card mx-3 mx-md-4 mt-n6 h-100 z-index-0 fadeIn3 fadeInBottom " >
<div class="card-header pb-0 p-3">
<h6 class="mb-0">
Recovery Codes List
</h6>
</div>
<div class="card-body">
<div class="tokenrow mb-4" id="tokens">
</div>
<br/>
<br/>
<div class="container d-flex justify-content-center">
<div class="col-md-6 col-md-offset-3" id="two-factor-steps">
<div class="row">
<div class="col-md-4 col-md-offset-4" style="padding-left: 0px" align="center">
<button onclick="confirmRegenerateTokens()" class="btn btn-success">Regenerate</button>
<h4>Recovery Codes List</h4>
</div>
<div class="tokenrow" id="tokens">
</div>
<br/>
<br/>
<div class="row">
<div class="col-md-4 col-md-offset-4" style="padding-left: 0px" align="center">
<button onclick="confirmRegenerateTokens()" class="btn btn-success">Regenerate</button>
</div>
<div class="col-md-6" align="right" style="padding-right: 30px">
<a href="{{redirect_html}}" class="btn btn-default btn-secondary" role="button"> {{reg_success_msg}}</a>
</div>
</div>
</div>
</div>

37
mfa/templates/RECOVERY/recheck.html
View File

@@ -22,18 +22,17 @@
})
}
</script>
<div class="col-lg-8 col-md-8 col-12 mx-auto">
<div class="page-header min-height-300 border-radius-xl mt-4" style="background-repeat: no-repeat; background-position: cover; background-size:contain; background-image: url('{% static 'img/keys.jpg'%}');">
<span class="mask bg-gradient-primary opacity-6"></span>
<div class="row">
<div class="col-sm-10 col-sm-offset-1 col-xs-12 col-md-10 col-md-offset-1 col-lg-10 col-lg-offset-1">
<div class="panel panel-default card">
<div class="panel-heading card-header">
<strong> Recovery code</strong>
</div>
<div class="card mx-3 mx-md-4 mt-n6 h-100 z-index-0 fadeIn3 fadeInBottom " >
<div class="card-header pb-0 p-3">
<h6 class="mb-0">
Recovery code
</h6>
</div>
<div class="card-body">
<form METHOD="POST" ACTION="{% url 'recovery_auth' %}" Id="formLogin" onSubmit="" name="FrontPage_Form1">
<div class="panel-body card-body">
<FORM METHOD="POST" ACTION="{% url 'recovery_auth' %}" Id="formLogin" onSubmit="" name="FrontPage_Form1">
{% csrf_token %}
{% if invalid %}
<div class="alert alert-danger">
@@ -47,30 +46,40 @@
{% endif %}
<fieldset>
<div class="row">
<div class="col-sm-12 col-md-12">
<p>Enter the 11-digits on your authenticator. Or input a recovery code</p>
</div>
</div>
<div class="row">
<div class="col-sm-12 col-md-12">
<div class="form-group">
<div class="input-group input-group-static mb-3">
<div class="input-group mb-3">
<span class="input-group-addon input-group-text">
<i class="glyphicon glyphicon-lock bi bi-lock"></i>
</span>
<input class="form-control" size="11" MaxLength="11" value="" placeholder="e.g abcde-fghij" name="recovery" type="text" id="recovery" autofocus>
</div>
</div>
<div class="form-group d-grid gap-2">
<input type="{% if mode == "auth" %}submit{% elif mode == 'recheck' %}button{% endif %}" {% if mode == "recheck" %}onclick="send_recovery()" {% endif %} class="btn btn-lg btn-success btn-block" value="Sign in">
</div>
</div>
</div>
</fieldset>
</form>
</FORM>
</div>
<div class="row">
<div class="col-md-12 mb-3" style="padding-left: 25px">
{% if request.session.mfa_methods|length > 1 %}
<a href="{% url 'mfa_methods_list' %}">Select Another Method</a>
{% endif %}
</div>
</div>
</div>
</div>
</div>
</div>
{% include "modal.html" %}

33
mfa/templates/TOTP/Add.html
View File

@@ -1,8 +1,13 @@
{% extends "base.html" %}
{% load static %}
{% block head %}
<style>
#two-factor-steps {
border: 1px solid #ccc;
border-radius: 3px;
padding: 15px;
}
.row{
margin: 0px;
}
@@ -82,19 +87,11 @@
{% block content %}
<br/>
<br/>
<div class="container-fluid px-2 px-md-4">
<div class="page-header min-height-300 border-radius-xl mt-4" style="background-repeat: no-repeat; background-position: cover; background-size:contain; background-image: url('{% static 'img/keys.jpg'%}');">
<span class="mask bg-gradient-primary opacity-6"></span>
<div class="container d-flex justify-content-center">
<div class="col-md-6 col-md-offset-3" id="two-factor-steps">
<div class="row" align="center">
<h4>Adding a new {{ method.name }}</h4>
</div>
<div class="card mx-3 mx-md-4 mt-n6 h-100" id="two-factor-steps" >
<div class="card-header pb-0 p-3">
<h6 class="mb-0">Adding a new {{ method.name }}</h6>
</div>
<div class="card-body p-3">
<div class="row">
<p>Scan the image below with the two-factor authentication app on your <a href="javascript:void(0)" onclick="showTOTP()">phone/PC</a>. If you cant use a barcode,
@@ -114,27 +111,23 @@
<div class="row">
<p><b>Enter the six-digit code from the application</b></p>
<p >After scanning the barcode image, the app will display a six-digit code that you can enter below. </p>
<p style="color: #333333;font-size: 10px">After scanning the barcode image, the app will display a six-digit code that you can enter below. </p>
</div>
<div class="row">
<div class="offset-md-4 col-md-4">
<div class="input-group input-group-static">
<input style="display: inline;width: 95%" maxlength="6" size="6" class="form-control" id="answer" placeholder="e.g 785481"/>
</div>
</div>
</div>
<div class="row" style="padding-top: 10px;">
<div class="offset-md-4 col-md-4">
<div class="col-md-4 offset-md-4" style="padding-left: 0px">
<button class="btn btn-success" onclick="verify()">Enable</button>
<a href="{% url 'mfa_home' %}" class="btn btn-default btn-secondary" role="button">Cancel</a>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
{% include "modal.html" %}
{% endblock %}

4
mfa/templates/TOTP/Auth.html
View File

@@ -1,10 +1,10 @@
{% extends "mfa_auth_base.html" %}
{% block head %}
<!--<style>
<style>
.row{
margin-left: 15px;
}
</style>-->
</style>
{% endblock %}
{% block content %}
<br/>

69
mfa/templates/TOTP/recheck.html
View File

@@ -1,19 +1,30 @@
{% extends "mfa_auth_base.html" %}
{% load static %}
<script type="application/javascript">
function send_totp() {
$.ajax({"url":"{% url 'totp_recheck' %}", method:"POST",dataType:"JSON",
data:{"csrfmiddlewaretoken":"{{ csrf_token }}","otp":$("#otp").val()},
success:function (data) {
if (data["recheck"])
mfa_success_function();
else {
mfa_failed_function();
}
}
})
}
</script>
<div class='container'>
<div class="row">
{% block content %}
<div class="col-lg-8 col-md-8 col-12 mx-auto">
<div class="page-header min-height-300 border-radius-xl mt-4" style="background-repeat: no-repeat; background-position: cover; background-size:contain; background-image: url('{% static 'img/keys.jpg'%}');">
<span class="mask bg-gradient-primary opacity-6"></span>
<div class="col-sm-10 col-sm-offset-1 col-xs-12 col-md-10 col-md-offset-1 col-lg-8 col-lg-offset-2">
<div class="panel panel-default card">
<div class="panel-heading card-header">
<strong> One Time Password</strong>
</div>
<div class="card mx-3 mx-md-4 mt-n6 h-100 z-index-0 fadeIn3 fadeInBottom " >
<div class="card-header pb-0 p-3 ">
<h6 class="mb-0">One Time Password</h6>
</div>
<div class="card-body">
<form METHOD="POST" ACTION="{% url 'totp_auth' %}" Id="formLogin" onSubmit="" name="FrontPage_Form1">
<div class="panel-body card-body">
<FORM METHOD="POST" ACTION="{% url 'totp_auth' %}" Id="formLogin" onSubmit="" name="FrontPage_Form1">
{% csrf_token %}
{% if invalid %}
<div class="alert alert-danger">
@@ -26,39 +37,41 @@
</div>
{% endif %}
<fieldset>
<div class=" text-left">
<div class="row">
<div class="col-sm-12 col-md-12">
<p>Enter the 6-digits on your authenticator</p>
</div>
</div>
<div class="row">
<div class="col-sm-12 col-md-12">
<div class="form-group">
<div class="input-group input-group-dynamic mb-3">
<div class="input-group mb-3">
<span class="input-group-addon input-group-text">
<i class="glyphicon glyphicon-lock bi bi-lock"></i>
</span>
<input class="form-control" size="6" MaxLength="6" value="" placeholder="e.g 55552" name="otp" type="text" id="otp" autofocus>
</div>
</div>
<div class="form-group d-grid gap-2">
<input type="{% if mode == "auth" %}submit{% elif mode == 'recheck' %}button{% endif %}" {% if mode == "recheck" %}onclick="send_totp()" {% endif %} class="btn btn-lg btn-success btn-block" value="Sign in">
<input type="{% if mode == "auth" %}submit{% elif mode == 'recheck' %}button{% endif %}" {% if mode == "recheck" %}onclick="send_totp()" {% endif %} class="btn btn-lg btn-success btn-block" value="Sign in"> </div>
</div>
</fieldset>
</form>
<div class="">
</FORM>
</div>
<div class="row">
<div class="col-md-12 mb-3" style="padding-left: 25px">
{% if request.session.mfa_methods|length > 1 %}
<a href="{% url 'mfa_methods_list' %}">Select Another Method</a>
{% endif %}
</div>
</div>
</div>
</div>
</div>
</div>
</div>
{% include "modal.html" %}
{% endblock %}

59
mfa/templates/TrustedDevices/Add.html
View File

@@ -25,17 +25,17 @@
</script>
{% endblock %}
{% block content %}
<div class="col-lg-8 col-md-8 col-12 mx-auto">
<div class="page-header min-height-300 border-radius-xl mt-4" style="background-repeat: no-repeat; background-position: cover; background-size:contain; background-image: url('{% static 'img/keys.jpg'%}');">
<span class="mask bg-gradient-primary opacity-6"></span>
</div>
<div class="card mx-3 mx-md-4 mt-n6 h-100 z-index-0 fadeIn3 fadeInBottom " >
<div class="card-header pb-0 p-3">
<h6 class="mb-0">
<br/>
<br/>
<div class="row">
<div class="col-sm-10 col-sm-offset-1 col-xs-12 col-md-10 col-md-offset-1 col-lg-8 col-lg-offset-2">
<div class="panel panel-default card">
<div class="panel-heading card-header">
<strong> Add Trusted Device</strong>
</h6>
</div>
<div class="card-body">
<div class="panel-body card-body">
{% if success %}
<div class="alert alert-warning">
Please check your PC window, to continue the process.
@@ -46,8 +46,8 @@
</div>
{% else %}
<div class="alert alert-warning text-white">Please make sure you are not in private (incognito) mode <i class="fa fa-user-secret"></i></div>
<form METHOD="POST" ACTION="{% url 'add_td' %}" Id="formLogin" onSubmit="return checkFlag()" name="FrontPage_Form1">
<div class="alert alert-warning">Please make sure you are not in private (incognito) mode <i class="fal fa-user-secret"></i></div>
<FORM METHOD="POST" ACTION="{% url 'add_td' %}" Id="formLogin" onSubmit="return checkFlag()" name="FrontPage_Form1">
{% csrf_token %}
{% if invalid %}
<div class="alert alert-danger">
@@ -60,19 +60,23 @@
</div>
{% endif %}
<fieldset>
<div class="row">
<div>
<div class="col-sm-12 col-md-12">
</div>
</div>
<div class="row">
<div class="col-sm-12 col-md-12">
<div class="form-group">
<div class="input-group input-group-static mb-3">
<div class="input-group mb-3">
<span class="input-group-addon input-group-text">
<i class="glyphicon glyphicon-user bi bi-person"></i>
</span>
<input class="form-control" id="username" size="30" MaxLength="30" placeholder="Username" name="username" value="{{ username }}" type="text" autofocus autocomplete="on">
</div>
</div>
<div class="form-group">
<div class="input-group input-group-static mb-3">
<div class="input-group mb-3">
<span class="input-group-addon input-group-text">
<i class="fa fa-key"></i>
</span>
@@ -80,25 +84,27 @@
</div>
</div>
<div class="form-group">
<span class=" form-check ">
<input class="form-check-input" id='agree' name="agree" type="checkbox">
<span style="color: red"> I confirm that this device is mine and it is only used by me.
</span>
<span class="input-group mb-3">
<input id='agree' name="agree" type="checkbox"><span style="color: red"> I confirm that this device is mine and it is only used by me.</span>
</div>
{% comment %}
<div class="form-group">
<div class="input-group mb-3">
<span class="input-group-addon input-group-text">
<select size="1" name="Institution_Code" style="font-size: 10pt; font-family: Calibri; height: 34px;width: 230px">
{% for ins in institutes %}
<option value="{{ ins.institution_code }}">{{ ins.alias }}</option>
{% endfor %}
</select>
</span>
</div>
</div>
{% endcomment %}
<div class="form-group d-grid gap-2 mt-2">
<div class="form-group d-grid gap-2">
<input type="submit" class="btn btn-lg btn-success btn-block" value="Trust Device">
</div>
</div>
@@ -107,6 +113,13 @@
</form>
{% endif %}
</div>
</div>
{% include "modal.html" %}
{% endblock %}
<div class="panel-footer card-footer">
</div>
</div>
</div>
</div>
{% endblock %}

30
mfa/templates/TrustedDevices/start.html
View File

@@ -78,22 +78,21 @@
</script>
{% endblock %}
{% block content %}
<div class="col-lg-8 col-md-8 col-12 mx-auto">
<div class="page-header min-height-300 border-radius-xl mt-4" style="background-repeat: no-repeat; background-position: cover; background-size:contain; background-image: url('{% static 'img/keys.jpg'%}');">
<span class="mask bg-gradient-primary opacity-6"></span>
<br/>
<br/>
<div class="container">
<div class="col-md-6 col-md-offset-3" id="two-factor-steps">
<div class="row" align="center">
<h4>Add Trusted Device</h4>
</div>
<div class="card mx-3 mx-md-4 mt-n6 h-100 z-index-0 fadeIn3 fadeInBottom " >
<div class="card-header pb-0 p-3">
<h6 class="mb-0">
Add Trusted Device
</h6>
</div>
<div class="card-body">
<div class="row" >
{% if not_allowed %}
<div class="alert alert-danger">You can't add any more devices, you need to remove previously trusted devices first.</div>
{% else %}
<p style="color: green">Allow access from mobile phone and tables.</p><br/>
<br/>
</div>
<div class="row">
<h5>Steps:</h5>
</div>
@@ -109,6 +108,8 @@
<li>Confirm the consent and submit form.</li>
</ol>
</div>
<div class="col-md-6">
<h5>Manual</h5>
<ol>
@@ -121,15 +122,20 @@
</div>
</div>
<div class="row">
<div class="col-md-8 offset-2">
This window will ask to confirm the device.
</div>
</div>
{% endif %}
</div>
</div>
</div>
</div>
<br/>
<br/>
<br/>
<br/>
{% include "modal.html" %}
{% include 'mfa_check.html' %}
{% endblock %}

24
mfa/templates/U2F/Add.html
View File

@@ -1,7 +1,16 @@
{% extends "base.html" %}
{% load static %}
{% block head %}
<style>
#two-factor-steps {
border: 1px solid #ccc;
border-radius: 3px;
padding: 15px;
}
.row{
margin: 0px;
}
</style>
<script src="{% static 'mfa/js/u2f-api.js' %}" type="text/javascript"></script>
<script type="text/javascript">
function addToken() {
@@ -34,29 +43,20 @@
</script>
{% endblock %}
{% block content %}
<div class="col-lg-8 col-md-8 col-12 mx-auto">
<div class="page-header min-height-300 border-radius-xl mt-4" style="background-repeat: no-repeat; background-position: cover; background-size:contain; background-image: url('{% static 'img/keys.jpg'%}');">
<span class="mask bg-gradient-primary opacity-6"></span>
</div>
<div class="card mx-3 mx-md-4 mt-n6 h-100 z-index-0 fadeIn3 fadeInBottom " >
<div class="card-body">
<br/>
<br/>
<div class="container">
<div id="two-factor-steps">
<div class="col-md-6 col-md-offset-3" id="two-factor-steps">
<div id="res"></div>
<div class="row" align="center">
<h4>Adding {{ method.name}}</h4>
</div>
<div class="row" align="center">
<div class="row">
<p style="color: green">Your secure Key should be flashing now, please press on button.</p>
</div>
</div>
</div>
</div>
</div>
{% include "modal.html" %}
{% endblock %}

26
mfa/templates/U2F/recheck.html
View File

@@ -1,16 +1,15 @@
{% load static %}
< <div class="col-lg-8 col-md-8 col-12 mx-auto">
<div class="page-header min-height-300 border-radius-xl mt-4" style="background-repeat: no-repeat; background-position: cover; background-size:contain; background-image: url('{% static 'img/keys.jpg'%}');">
<span class="mask bg-gradient-primary opacity-6"></span>
<div class="row">
<div class="col-sm-10 col-sm-offset-1 col-xs-12 col-md-10 col-md-offset-1 col-lg-8 col-lg-offset-2">
<div class="panel panel-default card">
<div class="panel-heading card-header">
<strong> Verify your identity using {{ method.name }}</strong>
</div>
<div class="card mx-3 mx-md-4 mt-n6 h-100 z-index-0 fadeIn3 fadeInBottom " >
<div class="card-header pb-0 p-3">
<h6 class="mb-0">Verify your identity using {{ method.name }}</h6>
</div>
<div class="card-body">
<div class="panel-body card-body">
<div class="row">
<div id="main_paragraph" align="center">
<div style="padding-left: 15px" class="col-md-10 col-md-offset-1" id="main_paragraph" align="center">
<p style="color: green">Your key should be flashing now, please press the button.</p>
{% if mode == "auth" %}
<form id="u2f_login" action="{% url 'u2f_verify' %}" method="post">
@@ -22,18 +21,19 @@
</form>
</div>
</div>
</div>
<div class="row">
<div class="col-md-12 mb-3" style="padding-left: 15px">
{% if request.session.mfa_methods|length > 1 %}
<a href="{% url 'mfa_methods_list' %}">Select Another Method</a>
{% endif %}
</div>
</div>
</div>
</div>
</div>
</div>
<script src="{% static 'mfa/js/u2f-api.js' %}" type="text/javascript"></script>

23
mfa/templates/select_mfa_method.html
View File

@@ -1,20 +1,19 @@
{% extends "mfa_auth_base.html" %}
{% block content %}
<br/>
<div class='container'>
<div class="row">
<div class="container-fluid px-2 px-md-4 mt-6">
<div class="page-header min-height-300 border-radius-xl mt-4" style="background-repeat: no-repeat; background-position: cover; background-size:contain; background-image: url('{% static 'img/keys.jpg'%}');">
<span class="mask bg-gradient-primary opacity-6"></span>
<div class="col-sm-10 col-sm-offset-1 col-xs-12 col-md-10 col-md-offset-1 col-lg-8 col-lg-offset-2 offset-2 col-8">
<div class="panel panel-default card">
<div class="panel-heading card-header">
<strong> Select Second Verification Method</strong>
</div>
<div class="card mx-3 mx-md-4 mt-n6 h-100" >
<div class="card-header pb-0 p-3">
<h6 class="mb-0">Select Second Verification Method</h6>
</div>
<div class="card-body p-3">
<div class="panel-body card-body">
<ul>
{% for method in request.session.mfa_methods %}
<li style="list-style-type: none;"><a class="btn btn-sm btn-outline-primary" href="{% url 'mfa_goto' method %}" >
<li><a href="{% url "mfa_goto" method %}">
{% if method == "TOTP" %}{% if 'TOTP' in RENAME_METHODS %}{{ RENAME_METHODS.TOTP }}{% else %}Authenticator App{% endif %}
{% elif method == "Email" %}{% if 'Email' in RENAME_METHODS %}{{ RENAME_METHODS.Email }}{% else %}Send OTP by Email{% endif %}
{% elif method == "U2F" %}{% if 'U2F' in RENAME_METHODS %}{{ RENAME_METHODS.U2F }}{% else %}Secure Key{% endif %}
@@ -25,7 +24,9 @@
{% endfor %}
</ul>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
{% endblock %}

3
mfa/tests.py
View File

@@ -1,3 +0,0 @@
from django.test import TestCase
# Create your tests here.

109
pytest.ini Normal file
View File

@@ -0,0 +1,109 @@
[pytest]
# Searching
python_files = test_*
python_classes = Tests*
python_functions = test_*
env_files =
.env
# do not search for tests in these folders
norecursedirs = .vscode .tox docs example img mfa venv .coverage django_mfa2.egg-info
# Add folder to PYTHONPATH
# requires pytest >= 7.0.0
pythonpath = .
# https://pytest-django.readthedocs.io/en/latest/usage.html
DJANGO_SETTINGS_MODULE = tests.settings
# do not override the debug mode (True/False) set in the django settings module
# https://pytest-django.readthedocs.io/en/latest/usage.html#additional-pytest-ini-settings
django_debug_mode = keep
#
# set env variables
# https://tech.serhatteker.com/post/2020-02/test-env-vars-in-python/
# https://github.com/pytest-dev/pytest-env
; env =
; KEY=value
addopts =
# verbose
-v
# more verbosity
# -vv
# Don't show warnings
# -p no:warnings
# generates coverage report
# note that enabling pytest coverage will cause debugging pytest to fail on pycharm
# add the --no-cov to the pytest configuration on pycharm to allow for debugging pytest
--cov=./mfa
# surpress generating converage if one or more tests failed
; --no-cov-on-fail
# do not run migrations => faster test initialization
# --nomigrations
# Show hypthesis statistics whereever hypothesis was used
# ignore these tests/files when looking for tests
#--ignore=
# black
# --black
--hypothesis-show-statistics
# Add --reuse-db if you want to speed up tests by reusing the database between test runs.
#--reuse-db
# Define additional pytest markers so that using them in test will not trigger warnings
# To show the help line use: % pytest --marker
# To run pytest on a specifc marker use: pytest -m mark
# to run pytestt on several markers use quotation and logic operators as in:
# pytest -m "mark1 and mark2"
# pytest -m "mark1 or mark2"
# pytest -m "mark1 and not mark2"
markers =
API: tests of server api functions whether it is exposed as REST API or otherwise
BLACK_BOX: Black Box tests
WHITE_BOX: White Box tests
ENVIRONMENT: tests for the environment
CONFIGURATION: tests related configurations
LOGGING: tests related to logging
UNIT: Unit tests
INTEGRATION: Integration testing
UTILS: tests for utilities
FOCUS: tests under the microscope... under the spotlight... in focus
FUNC: functional teesting
REGRESSION: tests for fixed bugs
DJANGO: tests related to DJANGO
HTTP_REQUEST: tests of functions that handles HTTP REQUESTS
HTTP_GET: tests of functions that handles HTTP_GET_REQUESTS
HTTP_POST: tests of functions that handles HTTP_POST_REQUESTS
AUTH: tests related to user authentication
SQL_DB: tests related to the sql database
CLI: tests related to flask-cli
SERVER: tests for the server
API_V1: API related tests
PRIVILEGED_USER: tests for privileged users
NON_PRIVILEGED_USER: tests for non-privileged users
PERMISSIONS: tests related to permissions
ANNONYMOUS_USER: tests for non-authenticated users
AUTHENTICATED_USER: tests for authenticated users
ENDPOINTS: tests for endpoints (API nodes)
SERIALIZERS: tests for serializers
VIEWS: tests for DRF viewsets
FILTERS: tests for DRF filters
MODELS: tests for models
VALIDATORS: tests for validators
ERROR_HANDLING: tests for error handling
SECURITY: tests for security

2
requirements.txt
View File

@@ -6,5 +6,5 @@ python-u2flib-server
ua-parser
user-agents
python-jose
fido2 == 1.0.0
fido2==1.1.2
jsonLookup

10
requirements_testing.txt Normal file
View File

@@ -0,0 +1,10 @@
tox
pytest>=7.0.0
pytest-xdist
pytest-cov # Test coverage
pytest-dotenv # plugin to load environment from .env file
pytest-env # plugin to allow passing environment variable to pytest environmentt
pytest-mock # plugin that provides a mocker fixture which is a thin-wrapper around the patching API provided by the mock package
hypothesis # plugin that helps in automatize generating random values instead of static values in pyttests
pytest-django # pytest support for Django
validators # a package containing several validator functions

4
setup.py
View File

@@ -14,7 +14,7 @@ setup(
url = 'https://github.com/mkalioby/django-mfa2/',
download_url='https://github.com/mkalioby/django-mfa2/',
license='MIT',
packages=find_packages(),
packages=find_packages(exclude=("tests",)),
install_requires=[
'django >= 2.0',
'simplejson',
@@ -23,7 +23,7 @@ setup(
'ua-parser',
'user-agents',
'python-jose',
'fido2 == 1.0.0',
'fido2 == 1.1.2',
],
python_requires=">=3.5",
include_package_data=True,

0
tests/__init__.py Normal file
View File

19
tests/conftest.py Normal file
View File

@@ -0,0 +1,19 @@
import pytest
# @pytest.fixture
# def api_request(rf):
# request = rf.get('/url')
# # Modify the request object as needed (e.g., set user, add data)
# return request
# @pytest.fixture
# def create_test_model(db):
# def make_model(**kwargs):
# return MyModel.objects.create(**kwargs)
# return make_model
@pytest.fixture
def authenticated_user(client, django_user_model):
user = django_user_model.objects.create_user(username='test', password='123')
client.login(username='test', password='123')
return user

51
tests/settings.py Normal file
View File

@@ -0,0 +1,51 @@
import os
SECRET_KEY = 'fake-key-for-testing'
INSTALLED_APPS = [
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'mfa'
]
ROOT_URLCONF="mfa.urls"
DATABASES = {
'default': {
'ENGINE': 'django.db.backends.sqlite3',
'NAME': ':memory:',
}
}
MIDDLEWARE = [
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
]
BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
TEMPLATES = [
{
'BACKEND': 'django.template.backends.django.DjangoTemplates',
'DIRS': [
os.path.join(BASE_DIR ,'mfa','templates' ),
os.path.join(BASE_DIR ,'tests','templates' )
],
'APP_DIRS': True,
'OPTIONS': {
'context_processors': [
'django.template.context_processors.debug',
'django.template.context_processors.request',
'django.contrib.auth.context_processors.auth',
'django.contrib.messages.context_processors.messages',
],
},
},
]
MFA_UNALLOWED_METHODS = []

11
tests/templates/base.html Normal file
View File

@@ -0,0 +1,11 @@
<!DOCTYPE html>
<html lang="en">
<head>
{% block head %}
{% endblock %}
</head>
<body>
{% block content %}
{% endblock %}
</body>
</html>

29
tests/test_views.py Normal file
View File

@@ -0,0 +1,29 @@
import pytest
from django.urls import reverse
@pytest.mark.VIEWS
@pytest.mark.DJANGO
@pytest.mark.ANNONYMOUS_USER
@pytest.mark.django_db
def test_index_unauthenticated(client):
url = reverse("mfa_home")
response = client.get(url)
assert response is not None
assert response.status_code == 302
assert response.url=="/accounts/login/?next=/"
@pytest.mark.VIEWS
@pytest.mark.AUTHENTICATED_USER
@pytest.mark.django_db
def test_index_authenticated(client, authenticated_user):
url = reverse("mfa_home")
response = client.get(url)
assert response is not None
assert response.status_code == 200
assert isinstance(response.templates, list)
assert len(response.templates) == 4
for template in response.templates:
assert template.name in ["modal.html", "base.html", "mfa_base.html", "MFA.html"]

52
tox.ini Normal file
View File

@@ -0,0 +1,52 @@
# Tox (https://tox.readthedocs.io/) is a tool for running tests
# in multiple virtualenvs. This configuration file will run the
# test suite on all supported python versions. To use it, "pip install tox"
# and then run "tox" from this directory.
#
# See also https://tox.readthedocs.io/en/latest/config.html for more
# configuration options.
[tox]
# Choose your Python versions. They have to be available
# on the system the tests are run on.
# comma separated
envlist =
python{3.6,3.7,3.8,3.9}-django2.2
python{3.6,3.7,3.8,3.9}-django3
python{3.8,3.9,3.10,3.11}-django4
python{3.8,3.9,3.10,3.11}-django5
# Tell tox to not require a setup.py file
;skipsdist = True
isolated_build = True
[testenv]
# https://tox.wiki/en/latest/example/basic.html#using-a-different-default-pypi-url
;setenv =
; PIP_INDEX_URL = https://pypi.my-alternative-index.org
# https://tech.serhatteker.com/post/2020-02/test-env-vars-in-python/
;setenv =
; NAME=value
# https://tox.wiki/en/latest/example/basic.html#passing-down-environment-variables
# passenv = ENV_VAR_NAME
# https://tox.wiki/en/latest/example/pytest.html#extended-example-change-dir-before-test-and-use-per-virtualenv-tempdir
;changedir = tests
deps =
django22: django>=2.2,<2.3
django32: django>=3.2,<3.3
django40: django>=4.0,<4.1
django41: django>=4.1,<4.2
django42: django>=4.2,<4.3
django50: django==5.0
-rrequirements.txt
-rrequirements_testing.txt
# https://tox.wiki/en/latest/example/basic.html#ignoring-a-command-exit-code
commands =
; pytest --junitxml=report.xml
pytest {posargs}