Adding Touch ID to Django 1.8

Add Thanks to the contributors

CHANGELOG.md

@@ -1,5 +1,14 @@
 # Change Log
 
+## v1.9.1
+   * Fixed: is_authenticated #13
+   * Fixed: is_anonymous #6
+    
+    thanks to @d3cline,  
+
+## v1.7
+  * Better Error Management
+  * Better Token recheck
 ## v 1.6.0
   * Fixed some issues for django>= 2.0
   * Added example app.

README.md

@@ -8,10 +8,10 @@ Web Authencation API (WebAuthn) is state-of-the art techology that is expected t
 ![Andriod Fingerprint](https://cdn-images-1.medium.com/max/800/1*1FWkRE8D7NTA2Kn1DrPjPA.png)
 
 For FIDO2, the following are supported
- * **security keys** (Firefox 60+, Chrome 67+, Edge 18+),
+ * **security keys** (Firefox 60+, Chrome 67+, Edge 18+, Safari 13 on Mac OS, Chrome on Andriod, Safari on iOS 13.3+),
  * **Windows Hello** (Firefox 67+, Chrome 72+ , Edge) ,
  * **Apple's Touch ID** (Chrome 70+ on Mac OS X ),
- * **android-safetynet** (Chrome 70+)
+ * **android-safetynet** (Chrome 70+, Firefox 68+)
  * **NFC devices using PCSC** (Not Tested, but as supported in fido2)
 
 In English :), It allows you to verify the user by security keys on PC, Laptops or Mobiles, Windows Hello (Fingerprint, PIN) on Windows 10 Build 1903+ (May 2019 Update) Touch ID on Macbooks (Chrome) and Fingerprint/Face/Iris/PIN on Andriod Phones.
@@ -152,3 +152,7 @@ function some_func() {
   }
 
 ````
+
+# Contributors
+* [mahmoodnasr](https://github.com/mahmoodnasr)
+* [d3cline](https://github.com/d3cline)

mfa/FIDO2.py

@@ -136,7 +136,11 @@ def authenticate_complete(request):
                         mfa["next_check"] = int((datetime.datetime.now()+ datetime.timedelta(
                         seconds=random.randint(settings.MFA_RECHECK_MIN, settings.MFA_RECHECK_MAX))).strftime("%s"))
                     request.session["mfa"] = mfa
-                    if not request.user.is_authenticated():
+                    try:
+                        authenticated=request.user.is_authenticated
+                    except:
+                        authenticated = request.user.is_authenticated()
+                    if not authenticated:
                         res=login(request)
                         if not "location" in res: return reset_cookie(request)
                         return HttpResponse(simplejson.dumps({'status':"OK","redirect":res["location"]}),content_type="application/json")

mfa/migrations/0009_user_keys_owned_by_enterprise.py

@@ -16,5 +16,5 @@ class Migration(migrations.Migration):
             name='owned_by_enterprise',
             field=models.NullBooleanField(default=None),
         ),
-        migrations.RunSQL("update mfa_user_keys set owned_by_enterprise = %s where key_type='FIDO2'"%(1 if getattr(settings,"MFA_OWNED_BY_ENTERPRISE",False) else 0 ))
+        migrations.RunSQL("update mfa_user_keys set owned_by_enterprise = %s where key_type='FIDO2'"%(True if getattr(settings,"MFA_OWNED_BY_ENTERPRISE",False) else False ))
     ]

mfa/templates/FIDO2/Add.html

@@ -2,6 +2,7 @@
 {% load static %}
 {% block head %}
     <script type="application/javascript" src="{% static 'mfa/js/cbor.js'%}"></script>
+    <script type="application/javascript" src="{% static 'mfa/js/ua-parser.min.js'%}"></script>
     <script type="application/javascript">
     function begin_reg(){
     fetch('{% url 'fido2_begin_reg' %}',{}).then(function(response) {
@@ -40,7 +41,17 @@
        $("#res").html("<div class='alert alert-danger'>Registeration Failed as " +reason +", <a href='javascript:void(0)' onclick='begin_reg()'> try again </a> or <a href='{% url 'mfa_home' %}'> Go to Security Home</a></div>")
     })
     }
-    $(document).ready(setTimeout(begin_reg,500))
+    $(document).ready(function (){
+        ua=new UAParser()
+        if (ua.getBrowser().name == "Safari")
+        {
+                $("#res").html("<button class='btn btn-primary' onclick='begin_reg()'>Start...</button>")
+        }
+        else
+        {
+            setTimeout(begin_reg, 500)
+        }
+    })
     </script>
 
 {% endblock %}
@@ -56,7 +67,7 @@
 
 
     <div class="row alert alert-pr" id="res">
-    <p style="color: green">Your broswer should ask you to confirm you indentity.</p>
+    <p style="color: green">Your browser should ask you to confirm you identity.</p>
 
     </div>
         </div>

mfa/templates/FIDO2/recheck.html

@@ -1,5 +1,6 @@
 {%  load static %}
 <script type="application/javascript" src="{% static 'mfa/js/cbor.js' %}"></script>
+<script type="application/javascript" src="{% static 'mfa/js/us-parser.min.js' %}"></script>
 <div class="row">
 
 <div class="col-sm-10 col-sm-offset-1 col-xs-12 col-md-10 col-md-offset-1 col-lg-8 col-lg-offset-2">
@@ -17,7 +18,9 @@
                     <br/>
 
             {% endif %}
-                <p style="color: green">please press the button on your security key to prove it is you.</p>
+                <div id="res">
+                    <p style="color: green">please press the button on your security key to prove it is you.</p>
+                </div>
                 <div id="msgdiv"></div>
                 {% if mode == "auth" %}
                     <form id="u2f_login" action="{% url 'fido2_complete_auth' %}" method="post" enctype="multipart/form-data">
@@ -101,7 +104,11 @@
             $("#main_paragraph").addClass("alert alert-danger")
             $("#main_paragraph").html("FIDO2 must work under secure context")
         } else {
-            authen()
+            ua=UAParser()
+            if (ua.getBrowser().name == "Safari")
+                $("#res").html("<button class='btn btn-success' onclick='authen()'>Authenticate...</button>")
+            else
+                authen()
         }
     });
 

mfa/templates/MFA.html

@@ -20,7 +20,7 @@
         $("#modal-footer").prepend("<button id='actionBtn' class='btn btn-danger' onclick='confirmDel("+id+")'>Confirm Deletion</button>")
         $("#popUpModal").modal()
     }
-    {% if not HIDE_DISABLE %}
+
     function toggleKey(id) {
         $.ajax({
             url:"{% url 'toggle_key' %}?id="+id,
@@ -34,7 +34,6 @@
             }
         })
     }
-    {% endif %}
     </script>
     <link href="{% static  'mfa/css/bootstrap-toggle.min.css' %}" rel="stylesheet">
     <script src="{% static 'mfa/js/bootstrap-toggle.min.js'%}"></script>

mfa/views.py

@@ -1,5 +1,5 @@
 from django.shortcuts import render
-#from django.http import HttpResponse,HttpResponseRedirect
+from django.http import HttpResponse,HttpResponseRedirect
 from .models import *
 try:
     from django.urls import reverse
@@ -7,10 +7,12 @@ except:
     from django.core.urlresolvers import reverse
 from django.template.context_processors import csrf
 from django.template.context import RequestContext
-from django.http import HttpResponseRedirect
 from django.conf import settings
 from . import TrustedDevice
+from django.contrib.auth.decorators import login_required
 from user_agents import parse
+
+@login_required
 def index(request):
     keys=[]
     context={"keys":User_Keys.objects.filter(username=request.user.username),"UNALLOWED_AUTHEN_METHODS":settings.MFA_UNALLOWED_METHODS
@@ -52,6 +54,8 @@ def login(request):
     callable_func = __get_callable_function__(settings.MFA_LOGIN_CALLBACK)
     return callable_func(request,username=request.session["base_username"])
 
+
+@login_required
 def delKey(request):
     key=User_Keys.objects.get(id=request.GET["id"])
     if key.username == request.user.username:
@@ -73,18 +77,20 @@ def __get_callable_function__(func_path):
         raise Exception("Module does not have requested function")
     return callable_func
 
+@login_required
 def toggleKey(request):
     id=request.GET["id"]
     q=User_Keys.objects.filter(username=request.user.username, id=id)
     if q.count()==1:
         key=q[0]
-        key.enabled=not key.enabled
+        if not key.key_type in settings.MFA_HIDE_DISABLE:
-        key.save()
+            key.enabled=not key.enabled
-        return HttpResponse("OK")
+            key.save()
+            return HttpResponse("OK")
+        else:
+            return HttpResponse("You can't change this method.")
     else:
         return HttpResponse("Error")
 
 def goto(request,method):
     return HttpResponseRedirect(reverse(method.lower()+"_auth"))
-
-

setup.py

@@ -4,7 +4,7 @@ from setuptools import find_packages, setup
 
 setup(
     name='django-mfa2',
-    version='1.7.11',
+    version='1.10.0,
     description='Allows user to add 2FA to their accounts',
     long_description=open("README.md").read(),
     long_description_content_type="text/markdown",
@@ -24,7 +24,7 @@ setup(
         'ua-parser',
         'user-agents',
         'python-jose',
-        'fido2 == 0.7',
+        'fido2 == 0.9',
         'jsonLookup'
       ],
     python_requires=">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*",