def verify_token(self, token): OTP_TOTP_SYNC = getattr(settings, 'OTP_TOTP_SYNC', True) try: token = int(token) except Exception: verified = False else: key = self.bin_key totp = TOTP(key, self.step, self.t0, self.digits) totp.time = time.time() for offset in range(-self.tolerance, self.tolerance + 1): totp.drift = self.drift + offset if (totp.t() > self.last_t) and (totp.token() == token): self.last_t = totp.t() if (offset != 0) and OTP_TOTP_SYNC: self.drift += offset self.save() verified = True break else: verified = False return verified
def clean(self): cleaned_data = super().clean() try: token = int(cleaned_data.get('otp_token')) except (TypeError, ValueError): verified = False else: # django-otp setting. OTP_TOTP_SYNC = getattr(settings, 'OTP_TOTP_SYNC', True) # Device verification using the current instance. totp = TOTP(self.instance.bin_key, self.instance.step, self.instance.t0, self.instance.digits, self.instance.drift) totp.time = time.time() verified = totp.verify(token, self.instance.tolerance, self.instance.last_t) if verified: # Device is verified, update attributes and prepare the # instance to be saved. self.instance.last_t = totp.t() if OTP_TOTP_SYNC: self.instance.drift = totp.drift if not verified: raise forms.ValidationError(self.error_messages['invalid']) try: return cleaned_data finally: if TOTP_SESSION_KEY in self.request.session: # pragma: no cover del self.request.session[TOTP_SESSION_KEY]
def verify_token(self, token): OTP_TOTP_SYNC = getattr(settings, 'OTP_TOTP_SYNC', True) verify_allowed, _ = self.verify_is_allowed() if not verify_allowed: return False try: token = int(token) except Exception: verified = False else: key = self.bin_key totp = TOTP(key, self.step, self.t0, self.digits, self.drift) totp.time = time.time() verified = totp.verify(token, self.tolerance, self.last_t + 1) if verified: self.last_t = totp.t() if OTP_TOTP_SYNC: self.drift = totp.drift self.throttle_reset(commit=False) self.save() if not verified: self.throttle_increment(commit=True) return verified
def verify_token(self, token): verify_allowed, _ = self.verify_is_allowed() if not verify_allowed: return False try: token = int(token) except Exception: verified = False else: key = self.bin_key totp = TOTP(key, step=self.step, t0=self.start_time, digits=self.digits) verified = totp.verify( token, tolerance=settings.MULTIFACTOR_TOLERANCE, min_t=self.start_time + 1, ) if verified: self.last_time = totp.t() self.throttle_reset(commit=False) self.save() if not verified: self.throttle_increment(commit=True) return verified
def verify_token(self, token): OTP_TOTP_SYNC = getattr(settings, 'OTP_TOTP_SYNC', True) try: token = int(token) except Exception: verified = False else: key = self.bin_key totp = TOTP(key, self.step, self.t0, self.digits, self.drift) totp.time = time.time() verified = totp.verify(token, self.tolerance, self.last_t + 1) if verified: self.last_t = totp.t() if OTP_TOTP_SYNC: self.drift = totp.drift self.save() return verified