Beispiel #1
0
    def initialize(self):
        self.name = 'user'
        self.ensureIndices(['login', 'email', 'groupInvites.groupId', 'size',
                            'created'])
        self.prefixSearchFields = (
            'login', ('firstName', 'i'), ('lastName', 'i'))

        self.ensureTextIndex({
            'login': 1,
            'firstName': 1,
            'lastName': 1
        }, language='none')

        self.exposeFields(level=AccessType.READ, fields=(
            '_id', 'login', 'public', 'firstName', 'lastName', 'admin',
            'created'))
        self.exposeFields(level=AccessType.ADMIN, fields=(
            'size', 'email', 'groups', 'groupInvites', 'status',
            'emailVerified'))

        # To ensure compatibility with authenticator apps, other defaults shouldn't be changed
        self._TotpFactory = TOTP.using(
            # An application secret could be set here, if it existed
            wallet=None
        )

        events.bind('model.user.save.created',
                    CoreEventHandler.USER_SELF_ACCESS, self._grantSelfAccess)
        events.bind('model.user.save.created',
                    CoreEventHandler.USER_DEFAULT_FOLDERS,
                    self._addDefaultFolders)
Beispiel #2
0
    def initialize(self):
        self.name = 'user'
        self.ensureIndices(
            ['login', 'email', 'groupInvites.groupId', 'size', 'created'])
        self.prefixSearchFields = ('login', ('firstName', 'i'), ('lastName',
                                                                 'i'))

        self.ensureTextIndex({
            'login': 1,
            'firstName': 1,
            'lastName': 1
        },
                             language='none')

        self.exposeFields(level=AccessType.READ,
                          fields=('_id', 'login', 'public', 'firstName',
                                  'lastName', 'admin', 'created'))
        self.exposeFields(level=AccessType.ADMIN,
                          fields=('size', 'email', 'groups', 'groupInvites',
                                  'status', 'emailVerified'))

        # To ensure compatibility with authenticator apps, other defaults shouldn't be changed
        self._TotpFactory = TOTP.using(
            # An application secret could be set here, if it existed
            wallet=None)

        events.bind('model.user.save.created',
                    CoreEventHandler.USER_SELF_ACCESS, self._grantSelfAccess)
        events.bind('model.user.save.created',
                    CoreEventHandler.USER_DEFAULT_FOLDERS,
                    self._addDefaultFolders)
Beispiel #3
0
def create_totp_factory(env_var=None, file_path=None, authc_settings=None):
    if not authc_settings:
        yosai_settings = LazySettings(env_var=env_var, file_path=file_path)
        authc_settings = AuthenticationSettings(yosai_settings)

    totp_context = authc_settings.totp_context
    return TOTP.using(**totp_context)
Beispiel #4
0
def totp_factory(core_settings):
    authc_config = core_settings.AUTHC_CONFIG
    totp_settings = authc_config.get('totp')
    totp_context = totp_settings.get('context')
    totp_secrets = totp_context.get('secrets')

    return TOTP.using(secrets=totp_secrets, issuer="testing")
Beispiel #5
0
 def new_user(self):
     self.username = input('Enter username: '******'Enter password: '******'Two factor auth (y, n)?: ')
     if totp.lower() == 'y':
         self.totp_enabled = True
         
         totp_factory = TOTP.using(secrets_path='totp_sec', issuer='sec.thelonelylands.com')
         totp = totp_factory.new()
         self.totp = json.dumps(totp.to_json())
         uri = totp.to_uri(label=self.username)
         
         input('Please enlarge your screen and press enter')
         print(pyqrcode.create(uri).terminal(quiet_zone=1))
         print("Alternatively: " + totp.pretty_key())
         
         token = input('Enter token to verify: ')
         verification = self.auth_verify(token)
         if verification:
             print('Successfully created user')
             return self
         else:
             print('User creation failed')
             return 
     else:
         print('Successfully created user')
         return self
Beispiel #6
0
def verifyRegistration(request):
    registrationId = request.args.get('registrationId')
    otp1 = request.args.get('otp1')

    otp2 = request.args.get('otp2')

    TotpFactory = TOTP.using(secrets_path=PATH_TO_SECRET,issuer=ISSUER)

    querystr = AccountAdministratorRegistration \
                .query \
                .filter_by(registrationId=registrationId) \
                .all()

    if querystr:
        registrationObj = querystr[0]
        secretToken = regObj.secretToken

        totp = TotpFactory.from_json(secretToken)
        try:
            if not registrationObj.expired and totp.verify(otp1,secretToken) and totp.verify(otp2,secretToken, window=60) and __verifyQR__():
                registrationObj.expired = True
                registrationObj.expiryDate = datetime.now()
                db.session.add(registrationObj)
                db.session.flush()


            return {"Success": True,"SuccessResponse": [{"message": "Valid Registration"}]}, 200
        except:

            return {"Success": False,"ErrorResponse": [{"code": "12", "message": "Invalid OTP/Registration"}]}, 404
    else:
        return {"Success": False,"ErrorResponse": [{"code": "12", "message": "No Such Id"}]}, 404
Beispiel #7
0
def generateOTP(request):
    adminId = request.args.get('adminId')
    # Generate OTP
    TotpFactory = TOTP.using(secrets_path=PATH_TO_SECRET,issuer=ISSUER)
    totp = TotpFactory.new(digits=8)
    d = datetime.now()


    # Insert OR Update
    querystr = OneTimePassword \
                .query \
                .filter_by(adminId=adminId) \
                .all()
    token_obj = totp.generate()
    if querystr:
        updateqstr = querystr[0]
        updateqstr.adminOTP = totp.to_json()
        updateqstr.adminOTPCreation = d
        updateqstr.adminOTPValidity = token_obj.expire_time


    else:
        # Create New Record
        totpDBObj = OneTimePassword(adminId=adminId, adminOTP = totp.to_json(), adminOTPCreation = d, adminOTPValidity = token_obj.expire_time)
        print(totpDBObj)
        db.session.add(totpDBObj)

    try:
        safeCommit()

        return {"Success": True,"SuccessResponse": [{"otp": token_obj.token}]}, 200
    except:

        return {"Success": False,"ErrorResponse": [{"code": "12", "message": "Could not Generate OTP"}]}, 404
Beispiel #8
0
 def __init__(self, secrets, issuer):
     """ Initialize a totp factory.
     secrets are used to encrypt the per-user totp_secret on disk.
     """
     # This should be a dict with at least one entry
     if not isinstance(secrets, dict) or len(secrets) < 1:
         raise ValueError("secrets needs to be a dict with at least one entry")
     self._totp = TOTP.using(issuer=issuer, secrets=secrets)
Beispiel #9
0
 def gen_totp_qr(self):
     totp_factory = TOTP.using(secrets_path='totp_sec', issuer='sec.thelonelylands.com')
     totp = totp_factory.from_source(json.loads(self.totp))
     uri = totp.to_uri(label=self.username)
     
     input('Please enlarge your screen and press enter.')
     print(pyqrcode.create(uri).terminal(quiet_zone=1))
     print("Alternatively: " + totp.pretty_key())
Beispiel #10
0
def generateQRImage(request):
    registrationId = request.args.get('registrationId')
    TotpFactory = TOTP.using(secrets_path=PATH_TO_SECRET,issuer=ISSUER)
    totp = TotpFactory.new()
    uri = totp.to_uri(label=registrationId)
    qrurl = pyqrcode.create(uri)
    outputBuffer = BytesIO()
    qrurl.png(outputBuffer)
    outputBuffer.seek(0)
    return send_file(outputBuffer, mimetype="image/png")
Beispiel #11
0
def tf_setup(app):
    """ Initialize a totp factory.

    The TWO_FACTOR_SECRET is used to encrypt the per-user totp_secret on disk.
    """
    secrets = config_value("TWO_FACTOR_SECRET", app=app)
    # This should be a dict with at least one entry
    if not isinstance(secrets, dict) or len(secrets) < 1:
        raise ValueError(
            "TWO_FACTOR_SECRET needs to be a dict with at least one"
            "entry")
    return TOTP.using(issuer=config_value("TWO_FACTOR_URI_SERVICE_NAME",
                                          app=app),
                      secrets=secrets)
    def initialize(self):
        self.name = 'protoUser'
        self.ensureIndices(['email', 'groupInvites.groupId'])
        self.prefixSearchFields = ('email')
        self.ensureTextIndex({
            'email': 1,
        }, language='none')
        self.exposeFields(level=AccessType.READ,
                          fields=('_id', 'public', 'email', 'created'))
        self.exposeFields(level=AccessType.ADMIN,
                          fields=('groupInvites', 'status'))

        # To ensure compatibility with authenticator apps, other defaults shouldn't be changed
        self._TotpFactory = TOTP.using(
            # An application secret could be set here, if it existed
            wallet=None)

        self._cryptContext = CryptContext(schemes=['bcrypt'])
Beispiel #13
0
    def auth_verify(self, token):
        try:
            int(token)
        except ValueError:
            return False
        else:
            token = int(token)

        totp_factory = TOTP.using(secrets_path='totp_sec', issuer='sec.thelonelylands.com')
        source = totp_factory.from_source(json.loads(self.totp))
        
        try:
            verify = TOTP.verify(token=token, source=source, last_counter=self.totp_counter, window=10)
        except (passlib_errors.UsedTokenError, 
                passlib_errors.InvalidTokenError, 
                passlib_errors.MalformedTokenError):
            return False
        else: 
            self.totp_counter = verify.counter
            return True
Beispiel #14
0
def handleRegistration(request):
    email = request.args.get('email')
    otp = request.args.get('otp')
    if __getAdminIdByEmail__(email):
        adminId = __getAdminIdByEmail__(email)
    else:
        return {"Success": False,"ErrorResponse": [{"code": "12", "message": "Invalid Email"}]}, 404
    TotpFactory = TOTP.using(secrets_path=PATH_TO_SECRET,issuer=ISSUER)

    querystr = OneTimePassword \
                .query \
                .filter_by(adminId=adminId) \
                .all()

    if querystr:
        currentAdminOTPjson = querystr[0]
        adminOTPjson = currentAdminOTPjson.adminOTP
        totp = TotpFactory.from_json(adminOTPjson)

        try:
            totp.verify(otp,adminOTPjson)

        except:

            return {"Success": False,"ErrorResponse": [{"code": "12", "message": "Invalid OTP"}]}, 404

        currentAdminOTPjson.adminOTPValidity = 0
        totp = TotpFactory.new(digits=8)
        registrationObj = AccountAdministratorRegistration(adminId=adminId,secretToken=totp.to_json())
        db.session.add(registrationObj)
        db.session.flush()

        return {"Success": True,"SuccessResponse": [{"registrationId": registrationObj.registrationId}]}, 200

    else:
        return {"Success": False,"ErrorResponse": [{"code": "12", "message": "No Id Found for the email provided"}]}, 404
Beispiel #15
0
##

import pymongo, hashlib, uuid, hashlib, pyotp, base64,qrcode, pyqrcode
from pymongo import MongoClient
from bottle import post, get, route, run, template, request
from passlib.totp import TOTP, generate_secret
from passlib.exc import TokenError, MalformedTokenError

mongoclient = MongoClient()
db = mongoclient.giw
collection = db['usuarios']

pimienta = "c6y]s4*u#L3r?tZ{3LYM95'vLq%DfmrF{'gjv[vs:B%!_FP3L)r$-r^;~swKcUabrcapata89"

secret = generate_secret()
TotpFactory = TOTP.using(secrets={"1":secret})

totpCounter = 0

##############
# APARTADO 1 #
##############

# MECANISMO DE PROTECCIÓN DE CONTRASEÑAS:
#
# Almacenar las contraseñas en la BBDD de Mongo sin cifrado expone a los usuarios.
# Para almacenar la contraseña de manera segura en la BBDD guardo ésta de la siguiente manera:
# El hash de la contraseña (con SHA512) + sal (generación de cadena aleatoria) + pimienta (cadena de texto estática)
# Además, quiero evitar Brute Force, y para ello uso un algoritmo de ralentizado (PBKDF2)
# La función de hashlib se encarga de añadir la sal
#.
Beispiel #16
0
from trytond.i18n import gettext
from trytond.model import ModelSQL, ModelView, fields
from trytond.pool import Pool, PoolMeta
from trytond.pyson import Eval, PYSONEncoder
from trytond.transaction import Transaction

from .exception import (
    TOTPAccessCodeReuseError, TOTPInvalidSecretError, TOTPKeyTooShortError,
    TOTPLoginException)

_totp_issuer = config.get(
    'authentication_totp', 'issuer', default='{company} Tryton')
_totp_key_length = config.get(
    'authentication_totp', 'key_length', default=160)

_TOTPFactory = TOTP.using(secrets_path=config.get(
    'authentication_totp', 'application_secrets_file', default=None))


class User(metaclass=PoolMeta):
    __name__ = 'res.user'

    totp_key = fields.Char("TOTP Key")
    totp_secret = fields.Function(fields.Char(
            "TOTP Secret",
            help="Secret key used for time-based one-time password (TOTP) "
            "user authentication."),
        'get_totp_secret', setter='set_totp_secret')
    totp_qrcode = fields.Function(fields.Binary(
            "TOTP QR Code",
            states={
                'invisible': ~Eval('totp_secret', '') | (not QRCode),