josh/django-mfa2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: josh:v1.9
Branches Tags
josh:master josh:black josh:dev josh:dependabot/pip/fido2-1.1.1 josh:ConditionalUI josh:v3.0 josh:MoreOptions josh:CVE-2022-42731 josh:v2.5.2 josh:v2.6.1 josh:v2.5.1 josh:recovery_codes josh:v2.6.0 josh:v2.6.0rc1 josh:v2.5b2 josh:v2.5b1 josh:fido==1.0.0 josh:v2.5 josh:ResidentKey josh:v2.4.0 josh:v2.3.0 josh:v2.2.1 josh:Better_TOTP josh:v2.2.0 josh:passwordless josh:redirect josh:Postgres josh:Issue_37 josh:TouchID_4_1.8 josh:TouchID josh:django-1.8 josh:example
josh:v2.8 josh:v2.6.1-release josh:v2.5.1-release josh:v2.6.0-release josh:v2.6rc1 josh:v2.5 josh:v2.5b1 josh:v2.4.0 josh:v2.3.0 josh:v2.2.0 josh:v2.1.0 josh:v2.1.0b1 josh:v2.0.5 josh:v2.0.3 josh:v2.0.1 josh:v2.0 josh:v1.9 josh:v1.7.11 josh:v1.6 josh:v1.3 josh:v1.1.6 josh:v1.1 josh:v1.0.4 josh:0.9
..
compare: josh:TouchID_4_1.8
Branches Tags
josh:master josh:black josh:dev josh:dependabot/pip/fido2-1.1.1 josh:ConditionalUI josh:v3.0 josh:MoreOptions josh:CVE-2022-42731 josh:v2.5.2 josh:v2.6.1 josh:v2.5.1 josh:recovery_codes josh:v2.6.0 josh:v2.6.0rc1 josh:v2.5b2 josh:v2.5b1 josh:fido==1.0.0 josh:v2.5 josh:ResidentKey josh:v2.4.0 josh:v2.3.0 josh:v2.2.1 josh:Better_TOTP josh:v2.2.0 josh:passwordless josh:redirect josh:Postgres josh:Issue_37 josh:TouchID_4_1.8 josh:TouchID josh:django-1.8 josh:example
josh:v2.8 josh:v2.6.1-release josh:v2.5.1-release josh:v2.6.0-release josh:v2.6rc1 josh:v2.5 josh:v2.5b1 josh:v2.4.0 josh:v2.3.0 josh:v2.2.0 josh:v2.1.0 josh:v2.1.0b1 josh:v2.0.5 josh:v2.0.3 josh:v2.0.1 josh:v2.0 josh:v1.9 josh:v1.7.11 josh:v1.6 josh:v1.3 josh:v1.1.6 josh:v1.1 josh:v1.0.4 josh:0.9

5 Commits
v1.9 ... TouchID_4_

Author SHA1 Message Date
Mohamed El-Kalioby
b39fa1a99b Adding Touch ID to Django 1.8 2021-01-30 17:10:33 +03:00
Mohamed ElKalioby
c5b62ada65 Update Changlog 2020-08-28 18:33:46 +03:00
Mohamed ElKalioby
3d37d0a51f closes #6 2020-06-18 18:54:20 +03:00
Mohamed ElKalioby
a820206a24 Fix is_authenticated #13 2020-06-18 18:24:42 +03:00
Mohamed ElKalioby
bc407ca39b Closes #14 2020-06-18 18:16:39 +03:00
8 changed files with 60 additions and 12 deletions
Expand all files Collapse all files

9
CHANGELOG.md
View File

@@ -1,5 +1,14 @@
# Change Log
## v1.9.1
* Fixed: is_authenticated #13
* Fixed: is_anonymous #6
thanks to @d3cline,
## v1.7
* Better Error Management
* Better Token recheck
## v 1.6.0
* Fixed some issues for django>= 2.0
* Added example app.

6
mfa/FIDO2.py
View File

@@ -136,7 +136,11 @@ def authenticate_complete(request):
mfa["next_check"] = int((datetime.datetime.now()+ datetime.timedelta(
seconds=random.randint(settings.MFA_RECHECK_MIN, settings.MFA_RECHECK_MAX))).strftime("%s"))
request.session["mfa"] = mfa
if not request.user.is_authenticated():
try:
authenticated=request.user.is_authenticated
except:
authenticated = request.user.is_authenticated()
if not authenticated:
res=login(request)
if not "location" in res: return reset_cookie(request)
return HttpResponse(simplejson.dumps({'status':"OK","redirect":res["location"]}),content_type="application/json")

9
mfa/static/mfa/js/ua-parser.min.js vendored Normal file
View File

File diff suppressed because one or more lines are too long

15
mfa/templates/FIDO2/Add.html
View File

@@ -2,6 +2,7 @@
{% load static %}
{% block head %}
<script type="application/javascript" src="{% static 'mfa/js/cbor.js'%}"></script>
<script type="application/javascript" src="{% static 'mfa/js/ua-parser.min.js'%}"></script>
<script type="application/javascript">
function begin_reg(){
fetch('{% url 'fido2_begin_reg' %}',{}).then(function(response) {
@@ -40,7 +41,17 @@
$("#res").html("<div class='alert alert-danger'>Registeration Failed as " +reason +", <a href='javascript:void(0)' onclick='begin_reg()'> try again </a> or <a href='{% url 'mfa_home' %}'> Go to Security Home</a></div>")
})
}
$(document).ready(setTimeout(begin_reg,500))
$(document).ready(function (){
ua=new UAParser()
if (ua.getBrowser().name == "Safari")
{
$("#res").html("<button class='btn btn-primary' onclick='begin_reg()'>Start...</button>")
}
else
{
setTimeout(begin_reg, 500)
}
})
</script>
{% endblock %}
@@ -56,7 +67,7 @@
<div class="row alert alert-pr" id="res">
<p style="color: green">Your broswer should ask you to confirm you indentity.</p>
<p style="color: green">Your browser should ask you to confirm you identity.</p>
</div>
</div>

7
mfa/templates/FIDO2/recheck.html
View File

@@ -1,5 +1,6 @@
{% load static %}
<script type="application/javascript" src="{% static 'mfa/js/cbor.js' %}"></script>
<script type="application/javascript" src="{% static 'mfa/js/us-parser.min.js' %}"></script>
<div class="row">
<div class="col-sm-10 col-sm-offset-1 col-xs-12 col-md-10 col-md-offset-1 col-lg-8 col-lg-offset-2">
@@ -17,7 +18,9 @@
<br/>
{% endif %}
<div id="res">
<p style="color: green">please press the button on your security key to prove it is you.</p>
</div>
<div id="msgdiv"></div>
{% if mode == "auth" %}
<form id="u2f_login" action="{% url 'fido2_complete_auth' %}" method="post" enctype="multipart/form-data">
@@ -101,6 +104,10 @@
$("#main_paragraph").addClass("alert alert-danger")
$("#main_paragraph").html("FIDO2 must work under secure context")
} else {
ua=UAParser()
if (ua.getBrowser().name == "Safari")
$("#res").html("<button class='btn btn-success' onclick='authen()'>Authenticate...</button>")
else
authen()
}
});

3
mfa/templates/MFA.html
View File

@@ -20,7 +20,7 @@
$("#modal-footer").prepend("<button id='actionBtn' class='btn btn-danger' onclick='confirmDel("+id+")'>Confirm Deletion</button>")
$("#popUpModal").modal()
}
{% if not HIDE_DISABLE %}
function toggleKey(id) {
$.ajax({
url:"{% url 'toggle_key' %}?id="+id,
@@ -34,7 +34,6 @@
}
})
}
{% endif %}
</script>
<link href="{% static 'mfa/css/bootstrap-toggle.min.css' %}" rel="stylesheet">
<script src="{% static 'mfa/js/bootstrap-toggle.min.js'%}"></script>

9
mfa/views.py
View File

@@ -9,7 +9,10 @@ from django.template.context_processors import csrf
from django.template.context import RequestContext
from django.conf import settings
from . import TrustedDevice
from django.contrib.auth.decorators import login_required
from user_agents import parse
@login_required
def index(request):
keys=[]
context={"keys":User_Keys.objects.filter(username=request.user.username),"UNALLOWED_AUTHEN_METHODS":settings.MFA_UNALLOWED_METHODS
@@ -51,6 +54,8 @@ def login(request):
callable_func = __get_callable_function__(settings.MFA_LOGIN_CALLBACK)
return callable_func(request,username=request.session["base_username"])
@login_required
def delKey(request):
key=User_Keys.objects.get(id=request.GET["id"])
if key.username == request.user.username:
@@ -72,14 +77,18 @@ def __get_callable_function__(func_path):
raise Exception("Module does not have requested function")
return callable_func
@login_required
def toggleKey(request):
id=request.GET["id"]
q=User_Keys.objects.filter(username=request.user.username, id=id)
if q.count()==1:
key=q[0]
if not key.key_type in settings.MFA_HIDE_DISABLE:
key.enabled=not key.enabled
key.save()
return HttpResponse("OK")
else:
return HttpResponse("You can't change this method.")
else:
return HttpResponse("Error")

4
setup.py
View File

@@ -4,7 +4,7 @@ from setuptools import find_packages, setup
setup(
name='django-mfa2',
version='1.8.0',
version='1.10.0,
description='Allows user to add 2FA to their accounts',
long_description=open("README.md").read(),
long_description_content_type="text/markdown",
@@ -24,7 +24,7 @@ setup(
'ua-parser',
'user-agents',
'python-jose',
'fido2 == 0.7.2',
'fido2 == 0.9',
'jsonLookup'
],
python_requires=">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*",