josh/django-mfa2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: josh:v2.0.1
Branches Tags
josh:master josh:black josh:dev josh:dependabot/pip/fido2-1.1.1 josh:ConditionalUI josh:v3.0 josh:MoreOptions josh:CVE-2022-42731 josh:v2.5.2 josh:v2.6.1 josh:v2.5.1 josh:recovery_codes josh:v2.6.0 josh:v2.6.0rc1 josh:v2.5b2 josh:v2.5b1 josh:fido==1.0.0 josh:v2.5 josh:ResidentKey josh:v2.4.0 josh:v2.3.0 josh:v2.2.1 josh:Better_TOTP josh:v2.2.0 josh:passwordless josh:redirect josh:Postgres josh:Issue_37 josh:TouchID_4_1.8 josh:TouchID josh:django-1.8 josh:example
josh:v2.8 josh:v2.6.1-release josh:v2.5.1-release josh:v2.6.0-release josh:v2.6rc1 josh:v2.5 josh:v2.5b1 josh:v2.4.0 josh:v2.3.0 josh:v2.2.0 josh:v2.1.0 josh:v2.1.0b1 josh:v2.0.5 josh:v2.0.3 josh:v2.0.1 josh:v2.0 josh:v1.9 josh:v1.7.11 josh:v1.6 josh:v1.3 josh:v1.1.6 josh:v1.1 josh:v1.0.4 josh:0.9
..
compare: josh:TouchID_4_1.8
Branches Tags
josh:master josh:black josh:dev josh:dependabot/pip/fido2-1.1.1 josh:ConditionalUI josh:v3.0 josh:MoreOptions josh:CVE-2022-42731 josh:v2.5.2 josh:v2.6.1 josh:v2.5.1 josh:recovery_codes josh:v2.6.0 josh:v2.6.0rc1 josh:v2.5b2 josh:v2.5b1 josh:fido==1.0.0 josh:v2.5 josh:ResidentKey josh:v2.4.0 josh:v2.3.0 josh:v2.2.1 josh:Better_TOTP josh:v2.2.0 josh:passwordless josh:redirect josh:Postgres josh:Issue_37 josh:TouchID_4_1.8 josh:TouchID josh:django-1.8 josh:example
josh:v2.8 josh:v2.6.1-release josh:v2.5.1-release josh:v2.6.0-release josh:v2.6rc1 josh:v2.5 josh:v2.5b1 josh:v2.4.0 josh:v2.3.0 josh:v2.2.0 josh:v2.1.0 josh:v2.1.0b1 josh:v2.0.5 josh:v2.0.3 josh:v2.0.1 josh:v2.0 josh:v1.9 josh:v1.7.11 josh:v1.6 josh:v1.3 josh:v1.1.6 josh:v1.1 josh:v1.0.4 josh:0.9

1 Commits
v2.0.1 ... TouchID_4_

Author SHA1 Message Date
Mohamed El-Kalioby
b39fa1a99b Adding Touch ID to Django 1.8 2021-01-30 17:10:33 +03:00
16 changed files with 132 additions and 122 deletions
Expand all files Collapse all files

9
CHANGELOG.md
View File

@@ -1,14 +1,5 @@
# Change Log # Change Log
## 2.0
* Dropped support to djangp-1.8 and Python 2.7
* Added: never-cache decorator
* Fixes to Make Email Method More Robust
* Addresses several structure and style issues with TOTP and Email dialogs
* Updated to fido2 0.8.1
Thanks to @swainn
## v1.9.1 ## v1.9.1
* Fixed: is_authenticated #13 * Fixed: is_authenticated #13
* Fixed: is_anonymous #6 * Fixed: is_anonymous #6

4
README.md
View File

@@ -53,7 +53,7 @@ Depends on
MFA_RECHECK_MAX=30 # Maximum in seconds MFA_RECHECK_MAX=30 # Maximum in seconds
MFA_QUICKLOGIN=True # Allow quick login for returning users by provide only their 2FA MFA_QUICKLOGIN=True # Allow quick login for returning users by provide only their 2FA
MFA_HIDE_DISABLE=('FIDO2',) # Can the user disable his key (Added in 1.2.0). MFA_HIDE_DISABLE=('FIDO2',) # Can the user disable his key (Added in 1.2.0).
MFA_OWNED_BY_ENTERPRISE = FALSE # Who owns security keys MFA_OWNED_BY_ENTERPRISE = FALSE # Who ownes security keys
TOKEN_ISSUER_NAME="PROJECT_NAME" #TOTP Issuer name TOKEN_ISSUER_NAME="PROJECT_NAME" #TOTP Issuer name
@@ -156,5 +156,3 @@ function some_func() {
# Contributors # Contributors
* [mahmoodnasr](https://github.com/mahmoodnasr) * [mahmoodnasr](https://github.com/mahmoodnasr)
* [d3cline](https://github.com/d3cline) * [d3cline](https://github.com/d3cline)
* [swainn](https://github.com/swainn)
* [unramk](https://github.com/unramk)

5
mfa/Common.py
View File

@@ -2,10 +2,7 @@ from django.conf import settings
from django.core.mail import EmailMessage from django.core.mail import EmailMessage
def send(to,subject,body): def send(to,subject,body):
from_email_address = settings.EMAIL_HOST_USER From = "%s <%s>" % (settings.EMAIL_FROM, settings.EMAIL_HOST_USER)
if '@' not in from_email_address:
from_email_address = settings.DEFAULT_FROM_EMAIL
From = "%s <%s>" % (settings.EMAIL_FROM, from_email_address)
email = EmailMessage(subject,body,From,to) email = EmailMessage(subject,body,From,to)
email.content_subtype = "html" email.content_subtype = "html"
return email.send(False) return email.send(False)

5
mfa/Email.py
View File

@@ -1,5 +1,4 @@
from django.shortcuts import render from django.shortcuts import render
from django.views.decorators.cache import never_cache
from django.template.context_processors import csrf from django.template.context_processors import csrf
import datetime,random import datetime,random
from random import randint from random import randint
@@ -14,9 +13,8 @@ def sendEmail(request,username,secret):
kwargs = {key: username} kwargs = {key: username}
user = User.objects.get(**kwargs) user = User.objects.get(**kwargs)
res=render(request,"mfa_email_token_template.html",{"request":request,"user":user,'otp':secret}) res=render(request,"mfa_email_token_template.html",{"request":request,"user":user,'otp':secret})
return send([user.email],"OTP", res.content.decode()) return send([user.email],"OTP", str(res.content))
@never_cache
def start(request): def start(request):
context = csrf(request) context = csrf(request)
if request.method == "POST": if request.method == "POST":
@@ -38,7 +36,6 @@ def start(request):
if sendEmail(request, request.user.username, request.session["email_secret"]): if sendEmail(request, request.user.username, request.session["email_secret"]):
context["sent"] = True context["sent"] = True
return render(request,"Email/Add.html", context) return render(request,"Email/Add.html", context)
@never_cache
def auth(request): def auth(request):
context=csrf(request) context=csrf(request)
if request.method=="POST": if request.method=="POST":

4
mfa/FIDO2.py
View File

@@ -1,5 +1,5 @@
from fido2.client import ClientData from fido2.client import ClientData
from fido2.server import Fido2Server, PublicKeyCredentialRpEntity from fido2.server import Fido2Server, RelyingParty
from fido2.ctap2 import AttestationObject, AuthenticatorData from fido2.ctap2 import AttestationObject, AuthenticatorData
from django.template.context_processors import csrf from django.template.context_processors import csrf
from django.views.decorators.csrf import csrf_exempt from django.views.decorators.csrf import csrf_exempt
@@ -24,7 +24,7 @@ def recheck(request):
def getServer(): def getServer():
rp = PublicKeyCredentialRpEntity(settings.FIDO_SERVER_ID, settings.FIDO_SERVER_NAME) rp = RelyingParty(settings.FIDO_SERVER_ID, settings.FIDO_SERVER_NAME)
return Fido2Server(rp) return Fido2Server(rp)
def begin_registeration(request): def begin_registeration(request):
server = getServer() server = getServer()

8
mfa/migrations/0009_user_keys_owned_by_enterprise.py
View File

@@ -4,12 +4,6 @@ from __future__ import unicode_literals
from django.db import models, migrations from django.db import models, migrations
from django.conf import settings from django.conf import settings
def update_owned_by_enterprise(apps, schema_editor):
user_keys = apps.get_model('mfa', 'user_keys')
user_keys.objects.filter(key_type='FIDO2').update(owned_by_enterprise=getattr(settings,"MFA_OWNED_BY_ENTERPRISE",False))
class Migration(migrations.Migration): class Migration(migrations.Migration):
dependencies = [ dependencies = [
@@ -22,5 +16,5 @@ class Migration(migrations.Migration):
name='owned_by_enterprise', name='owned_by_enterprise',
field=models.NullBooleanField(default=None), field=models.NullBooleanField(default=None),
), ),
migrations.RunPython(update_owned_by_enterprise) migrations.RunSQL("update mfa_user_keys set owned_by_enterprise = %s where key_type='FIDO2'"%(True if getattr(settings,"MFA_OWNED_BY_ENTERPRISE",False) else False ))
] ]

9
mfa/static/mfa/js/ua-parser.min.js vendored Normal file
View File

File diff suppressed because one or more lines are too long

88
mfa/templates/Email/Add.html
View File

@@ -2,50 +2,54 @@
{% block head %} {% block head %}
{% endblock %} {% endblock %}
{% block content %} {% block content %}
<br/> <br/>
<br/> <br/>
<div class="container">
<div class="panel panel-default"> <div class="panel panel-default">
<div class="panel-heading"> <div class="panel-heading">
<strong> Activate Token by email</strong> <strong> Activate Token by email</strong>
</div> </div>
<div class="panel-body"> <div class="panel-body">
<FORM METHOD="POST" ACTION="{% url 'start_email' %}" Id="formLogin" onSubmit="" name="FrontPage_Form1"> <FORM METHOD="POST" ACTION="{% url 'start_email' %}" Id="formLogin" onSubmit="" name="FrontPage_Form1">
{% csrf_token %}
{% if invalid %}
<div class="alert alert-danger"> {% csrf_token %}
Sorry, The provided token is not valid. {% if invalid %}
</div> <div class="alert alert-danger">
{% endif %} Sorry, The provided token is not valid.
{% if quota %}
<div class="alert alert-warning">
{{ quota }}
</div>
{% endif %}
<fieldset>
<div class="row">
<div class="col-sm-12 col-md-12">
<p>Enter the code sent to your email.</p>
</div>
</div> </div>
<div class="row"> {% endif %}
<div class="col-sm-12 col-md-12"> {% if quota %}
<div class="form-group"> <div class="alert alert-warning">
<div class="input-group"> {{ quota }}
<span class="input-group-addon">
<i class="glyphicon glyphicon-lock"></i>
</span>
<input class="form-control" size="6" MaxLength="6" value="" placeholder="e.g 55552" name="otp" type="text" id="otp" autofocus>
</div>
</div>
<div class="form-group">
<input type="submit" class="btn btn-lg btn-success btn-block" value="Verify">
</div>
</div>
</div> </div>
</fieldset> {% endif %}
<fieldset>
<div class="row">
<div class="col-sm-12 col-md-12">
<p>Enter the 6-digits sent to your email.</p>
</div>
</div>
<div class="row">
<div class="col-sm-12 col-md-12">
<div class="form-group">
<div class="input-group">
<span class="input-group-addon">
<i class="glyphicon glyphicon-lock"></i>
</span>
<input class="form-control" size="6" MaxLength="6" value="" placeholder="e.g 55552" name="otp" type="text" id="otp" autofocus>
</div>
</div>
<div class="form-group">
<input type="submit" class="btn btn-lg btn-success btn-block" value="Verify">
</div>
</div>
</fieldset>
</FORM> </FORM>
</div> </div>
</div>
</div>
{% endblock %} {% endblock %}

2
mfa/templates/Email/recheck.html
View File

@@ -39,7 +39,7 @@
<fieldset> <fieldset>
<div class="row"> <div class="row">
<div class="col-sm-12 col-md-12"> <div class="col-sm-12 col-md-12">
<p>Enter the code sent to your email.</p> <p>Enter the 6-digits sent to your email.</p>
</div> </div>
</div> </div>

15
mfa/templates/FIDO2/Add.html
View File

@@ -2,6 +2,7 @@
{% load static %} {% load static %}
{% block head %} {% block head %}
<script type="application/javascript" src="{% static 'mfa/js/cbor.js'%}"></script> <script type="application/javascript" src="{% static 'mfa/js/cbor.js'%}"></script>
<script type="application/javascript" src="{% static 'mfa/js/ua-parser.min.js'%}"></script>
<script type="application/javascript"> <script type="application/javascript">
function begin_reg(){ function begin_reg(){
fetch('{% url 'fido2_begin_reg' %}',{}).then(function(response) { fetch('{% url 'fido2_begin_reg' %}',{}).then(function(response) {
@@ -40,7 +41,17 @@
$("#res").html("<div class='alert alert-danger'>Registeration Failed as " +reason +", <a href='javascript:void(0)' onclick='begin_reg()'> try again </a> or <a href='{% url 'mfa_home' %}'> Go to Security Home</a></div>") $("#res").html("<div class='alert alert-danger'>Registeration Failed as " +reason +", <a href='javascript:void(0)' onclick='begin_reg()'> try again </a> or <a href='{% url 'mfa_home' %}'> Go to Security Home</a></div>")
}) })
} }
$(document).ready(setTimeout(begin_reg,500)) $(document).ready(function (){
ua=new UAParser()
if (ua.getBrowser().name == "Safari")
{
$("#res").html("<button class='btn btn-primary' onclick='begin_reg()'>Start...</button>")
}
else
{
setTimeout(begin_reg, 500)
}
})
</script> </script>
{% endblock %} {% endblock %}
@@ -56,7 +67,7 @@
<div class="row alert alert-pr" id="res"> <div class="row alert alert-pr" id="res">
<p style="color: green">Your broswer should ask you to confirm you indentity.</p> <p style="color: green">Your browser should ask you to confirm you identity.</p>
</div> </div>
</div> </div>

11
mfa/templates/FIDO2/recheck.html
View File

@@ -1,5 +1,6 @@
{% load static %} {% load static %}
<script type="application/javascript" src="{% static 'mfa/js/cbor.js' %}"></script> <script type="application/javascript" src="{% static 'mfa/js/cbor.js' %}"></script>
<script type="application/javascript" src="{% static 'mfa/js/us-parser.min.js' %}"></script>
<div class="row"> <div class="row">
<div class="col-sm-10 col-sm-offset-1 col-xs-12 col-md-10 col-md-offset-1 col-lg-8 col-lg-offset-2"> <div class="col-sm-10 col-sm-offset-1 col-xs-12 col-md-10 col-md-offset-1 col-lg-8 col-lg-offset-2">
@@ -17,7 +18,9 @@
<br/> <br/>
{% endif %} {% endif %}
<p style="color: green">please press the button on your security key to prove it is you.</p> <div id="res">
<p style="color: green">please press the button on your security key to prove it is you.</p>
</div>
<div id="msgdiv"></div> <div id="msgdiv"></div>
{% if mode == "auth" %} {% if mode == "auth" %}
<form id="u2f_login" action="{% url 'fido2_complete_auth' %}" method="post" enctype="multipart/form-data"> <form id="u2f_login" action="{% url 'fido2_complete_auth' %}" method="post" enctype="multipart/form-data">
@@ -101,7 +104,11 @@
$("#main_paragraph").addClass("alert alert-danger") $("#main_paragraph").addClass("alert alert-danger")
$("#main_paragraph").html("FIDO2 must work under secure context") $("#main_paragraph").html("FIDO2 must work under secure context")
} else { } else {
authen() ua=UAParser()
if (ua.getBrowser().name == "Safari")
$("#res").html("<button class='btn btn-success' onclick='authen()'>Authenticate...</button>")
else
authen()
} }
}); });

2
mfa/templates/MFA.html
View File

@@ -66,7 +66,7 @@
{% endif %} {% endif %}
</ul> </ul>
</div> </div>
</div>
<br/> <br/>
<br/> <br/>
<table class="table table-striped"> <table class="table table-striped">

54
mfa/templates/TOTP/Add.html
View File

@@ -2,7 +2,7 @@
{% extends "base.html" %} {% extends "base.html" %}
{% load static %} {% load static %}
{% block head %} {% block head %}
<style> <style>
#two-factor-steps { #two-factor-steps {
border: 1px solid #ccc; border: 1px solid #ccc;
border-radius: 3px; border-radius: 3px;
@@ -12,8 +12,8 @@
margin: 0px; margin: 0px;
} }
</style> </style>
<script src="{% static 'mfa/js/qrious.min.js' %}" type="text/javascript"></script> <script src="{% static 'mfa/js/qrious.min.js' %}" type="text/javascript"></script>
<script type="text/javascript"> <script type="text/javascript">
var key=""; var key="";
$(document).ready(function addToken() { $(document).ready(function addToken() {
$.ajax({ $.ajax({
@@ -61,49 +61,49 @@
</script> </script>
{% endblock %} {% endblock %}
{% block content %} {% block content %}
<br/> <br/>
<br/> <br/>
<div class="container"> <div class="container">
<div class="col-md-6 col-md-offset-3" id="two-factor-steps"> <div class="col-md-6 col-md-offset-3" id="two-factor-steps">
<div class="row" align="center"> <div class="row" align="center">
<h4>Adding Authenticator</h4> <h4>Adding Authenticator</h4>
</div> </div>
<div class="row"> <div class="row">
<p>Scan the image below with the two-factor authentication app on your <a href="javascript:void(0)" onclick="showTOTP()">phone/PC</a>. If you cant use a barcode, <p>Scan the image below with the two-factor authentication app on your <a href="javascript:void(0)" onclick="showTOTP()">phone/PC</a> phone/PC. If you cant use a barcode,
<a href="javascript:void(0)" onclick="showKey()">enter this text</a> instead. </p> <a href="javascript:void(0)" onclick="showKey()">enter this text</a> instead. </p>
</div> </div>
<div class="row"> <div class="row">
<div align="center" style="display: none" id="second_step"> <div align="center" style="display: none" id="second_step">
<img id="qr"/> <img id="qr"/>
</div> </div>
<div class="row"> <div class="row">
<p><b>Enter the six-digit code from the application</b></p> <p><b>Enter the six-digit code from the application</b></p>
<p style="color: #333333;font-size: 10px">After scanning the barcode image, the app will display a six-digit code that you can enter below. </p> <p style="color: #333333;font-size: 10px">After scanning the barcode image, the app will display a six-digit code that you can enter below. </p>
</div> </div>
<div class="row"> <div class="row">
<input style="display: inline;width: 95%" maxlength="6" size="6" class="form-control" id="answer" placeholder="e.g 785481"/> <input style="display: inline;width: 95%" maxlength="6" size="6" class="form-control" id="answer" placeholder="e.g 785481"/>
</div>
<div class="row">
<div class="col-md-6" style="padding-left: 0px">
<button class="btn btn-success" onclick="verify()">Enable</button>
</div> </div>
<div class="row" style="padding-top: 10px;"> <div class="col-md-6" align="right" style="padding-right: 30px">
<div class="col-md-6" style="padding-left: 0px"> <a href="{% url 'mfa_home' %}"><button class="btn btn-default">Cancel</button></a>
<button class="btn btn-success" onclick="verify()">Enable</button>
</div>
<div class="col-md-6" align="right" style="padding-right: 30px">
<a href="{% url 'mfa_home' %}"><button class="btn btn-default">Cancel</button></a>
</div>
</div> </div>
</div> </div>
</div>
</div> </div>
</div> </div>
{% include "modal.html" %} {% include "modal.html" %}
{% endblock %} {% endblock %}

3
mfa/totp.py
View File

@@ -1,5 +1,4 @@
from django.shortcuts import render from django.shortcuts import render
from django.views.decorators.cache import never_cache
from django.http import HttpResponse from django.http import HttpResponse
from .models import * from .models import *
from django.template.context_processors import csrf from django.template.context_processors import csrf
@@ -32,7 +31,6 @@ def recheck(request):
return HttpResponse(simplejson.dumps({"recheck": False}), content_type="application/json") return HttpResponse(simplejson.dumps({"recheck": False}), content_type="application/json")
return render(request,"TOTP/recheck.html", context) return render(request,"TOTP/recheck.html", context)
@never_cache
def auth(request): def auth(request):
context=csrf(request) context=csrf(request)
if request.method=="POST": if request.method=="POST":
@@ -70,6 +68,5 @@ def verify(request):
return HttpResponse("Success") return HttpResponse("Success")
else: return HttpResponse("Error") else: return HttpResponse("Error")
@never_cache
def start(request): def start(request):
return render(request,"TOTP/Add.html",{}) return render(request,"TOTP/Add.html",{})

19
requirements.txt
View File

@@ -1,10 +1,11 @@
django >= 1.7 django >= 1.7
jsonfield jsonfield
simplejson simplejson
pyotp pyotp
python-u2flib-server python-u2flib-server
ua-parser ua-parser
user-agents user-agents
python-jose python-jose
fido2 == 0.8.1 fido2 == 0.7
jsonLookup jsonLookup

16
setup.py
View File

@@ -4,7 +4,7 @@ from setuptools import find_packages, setup
setup( setup(
name='django-mfa2', name='django-mfa2',
version='2.0.0', version='1.10.0,
description='Allows user to add 2FA to their accounts', description='Allows user to add 2FA to their accounts',
long_description=open("README.md").read(), long_description=open("README.md").read(),
long_description_content_type="text/markdown", long_description_content_type="text/markdown",
@@ -24,28 +24,32 @@ setup(
'ua-parser', 'ua-parser',
'user-agents', 'user-agents',
'python-jose', 'python-jose',
'fido2 == 0.8.1', 'fido2 == 0.9',
'jsonLookup' 'jsonLookup'
], ],
python_requires=">=3.5", python_requires=">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*",
include_package_data=True, include_package_data=True,
zip_safe=False, # because we're including static files zip_safe=False, # because we're including static files
classifiers=[ classifiers=[
"Development Status :: 5 - Production/Stable", "Development Status :: 5 - Production/Stable",
"Environment :: Web Environment", "Environment :: Web Environment",
"Framework :: Django", "Framework :: Django",
"Framework :: Django :: 1.7",
"Framework :: Django :: 1.8",
"Framework :: Django :: 1.9",
"Framework :: Django :: 1.10",
"Framework :: Django :: 1.11", "Framework :: Django :: 1.11",
"Framework :: Django :: 2.0", "Framework :: Django :: 2.0",
"Framework :: Django :: 2.1", "Framework :: Django :: 2.1",
"Framework :: Django :: 2.2",
"Intended Audience :: Developers", "Intended Audience :: Developers",
"Operating System :: OS Independent", "Operating System :: OS Independent",
"Programming Language :: Python", "Programming Language :: Python",
"Programming Language :: Python :: 2",
"Programming Language :: Python :: 2.7",
"Programming Language :: Python :: 3", "Programming Language :: Python :: 3",
"Programming Language :: Python :: 3.4",
"Programming Language :: Python :: 3.5", "Programming Language :: Python :: 3.5",
"Programming Language :: Python :: 3.6", "Programming Language :: Python :: 3.6",
"Programming Language :: Python :: 3.7",
"Programming Language :: Python :: 3.8",
"Topic :: Software Development :: Libraries :: Python Modules", "Topic :: Software Development :: Libraries :: Python Modules",
] ]
) )