def handleSubmit(self, action):
        data, errors = self.extractData()
        if errors:
            return False

        # Token entered by user from his mobile device using GoogleAuthenticator app
        token = data.get('token', '')

        # Signature token generated for resetting the bar code.
        signature_token = self.request.get('signature', '')

        username = self.request.get('auth_user', '')
        user = api.user.get(username=username)

        #logger.debug('token: {0}'.format(token))

        if not user:
            reason = _("User not found {0}.".format(username))
            IStatusMessage(self.request).addStatusMessage(
                _("Resetting of the bar-code failed! {0}".format(reason)),
                'error')
            return

        # Validating the GoogleAuthenticator app token
        valid_token = validate_token(token, user=user)

        #self.context.plone_log(valid_token)
        #self.context.plone_log(token)

        reason = None
        if valid_token:
            try:
                # Checking if token generated for resetting the bar code image is equal
                # to the one taken from current request.
                bar_code_reset_token = user.getProperty('bar_code_reset_token')
                if bar_code_reset_token != signature_token:
                    reason = _("Invalid bar-code reset token.")
                    IStatusMessage(self.request).addStatusMessage(
                        _("Resetting of the bar-code failed! {0}".format(
                            reason)), 'error')
                    return

                user.setMemberProperties(
                    mapping={
                        'enable_two_factor_authentication': True,
                    })

                IStatusMessage(self.request).addStatusMessage(
                    _("Two-step verification bar-code is successfully reset for your account."
                      ), 'info')
                redirect_url = "{0}".format(self.context.absolute_url())
                self.request.response.redirect(redirect_url)
            except Exception as e:
                reason = _(str(e))
        else:
            reason = _("Invalid token or token expired.")

        if reason is not None:
            IStatusMessage(self.request).addStatusMessage(
                _("Setup failed! {0}".format(reason)), 'error')
    def handleSubmit(self, action):
        data, errors = self.extractData()
        if errors:
            return False

        # Token entered by user from his mobile device using GoogleAuthenticator app
        token = data.get('token', '')

        # Signature token generated for resetting the bar code.
        signature_token = self.request.get('signature', '')

        username = self.request.get('auth_user', '')
        user = api.user.get(username=username)

        #logger.debug('token: {0}'.format(token))

        if not user:
            reason = _("User not found {0}.".format(username))
            IStatusMessage(self.request).addStatusMessage(
                _("Resetting of the bar-code failed! {0}".format(reason)),
                'error'
                )
            return

        # Validating the GoogleAuthenticator app token
        valid_token = validate_token(token, user=user)

        #self.context.plone_log(valid_token)
        #self.context.plone_log(token)

        reason = None
        if valid_token:
            try:
                # Checking if token generated for resetting the bar code image is equal
                # to the one taken from current request.
                bar_code_reset_token = user.getProperty('bar_code_reset_token')
                if bar_code_reset_token != signature_token:
                    reason = _("Invalid bar-code reset token.")
                    IStatusMessage(self.request).addStatusMessage(
                        _("Resetting of the bar-code failed! {0}".format(reason)),
                        'error'
                        )
                    return

                user.setMemberProperties(mapping={'enable_two_factor_authentication': True,})

                IStatusMessage(self.request).addStatusMessage(
                    _("Two-step verification bar-code is successfully reset for your account."),
                    'info'
                    )
                redirect_url = "{0}".format(self.context.absolute_url())
                self.request.response.redirect(redirect_url)
            except Exception as e:
                reason = _(str(e))
        else:
            reason = _("Invalid token or token expired.")

        if reason is not None:
            IStatusMessage(self.request).addStatusMessage(_("Setup failed! {0}".format(reason)), 'error')
Ejemplo n.º 3
0
    def handleSubmit(self, action):
        """
        Here we should check couple of things:

        - If the token provided is valid.
        - If the signature contains the user data needed (username and hash
          made of his data are valid).

        If all is well and valid, we sudo login the user given.
        """

        data, errors = self.extractData()
        if errors:
            return False

        token = data.get('token', '')

        user = None
        username = self.request.get('auth_user', '')

        if username:
            user = api.user.get(username=username)

            # Validating the signed request data. If invalid (likely tampered
            # with or expired), generate an appropriate error message.
            user_data_validation_result = validate_user_data(
                request=self.request, user=user)

            if not user_data_validation_result.result:
                IStatusMessage(self.request).addStatusMessage(
                    _("Invalid data. Details: {0}".format(' '.join(
                        user_data_validation_result.reason))), 'error')
                return

        valid_token = validate_token(token, user=user)

        # self.context.plone_log(valid_token)
        # self.context.plone_log(token)

        if valid_token:
            # We should login the user here
            self.context.acl_users.session._setupSession(
                str(username), self.context.REQUEST.RESPONSE)

            # TODO: Is there a nicer way of resolving the
            # "@@google_authenticator_token_form" URL?
            msg = PMF("Welcome! You are now logged in.")
            IStatusMessage(self.request).addStatusMessage(msg, 'info')
            request_data = extract_request_data(self.request)
            context_url = self.context.absolute_url()
            redirect_url = request_data.get('next_url', context_url)
            self.request.response.redirect(redirect_url)
        else:
            msg = _("Invalid token or token expired.")
            IStatusMessage(self.request).addStatusMessage(msg, 'error')
Ejemplo n.º 4
0
    def handleSubmit(self, action):
        """
        Here we should check couple of things:

        - If the token provided is valid.
        - If the signature contains the user data needed (username and hash made of his data are valid).

        If all is well and valid, we sudo login the user given.
        """

        data, errors = self.extractData()
        if errors:
            return False

        token = data.get('token', '')

        user = None
        username = self.request.get('auth_user', '')

        if username:
            user = api.user.get(username=username)

            # Validating the signed request data. If invalid (likely throttled with or expired), generate an
            # appropriate error message.
            user_data_validation_result = validate_user_data(request=self.request, user=user)
            if not user_data_validation_result.result:
                IStatusMessage(self.request).addStatusMessage(
                    _("Invalid data. Details: {0}".format(' '.join(user_data_validation_result.reason))), 'error'
                    )
                return

        valid_token = validate_token(token, user=user)

        #self.context.plone_log(valid_token)
        #self.context.plone_log(token)

        if valid_token:
            # We should login the user here
            self.context.acl_users.session._setupSession(str(username), self.context.REQUEST.RESPONSE)

            # TODO: Is there a nicer way of resolving the "@@google_authenticator_token_form" URL?
            IStatusMessage(self.request).addStatusMessage(_("Great! You're logged in."), 'info')
            request_data = extract_request_data(self.request)
            redirect_url = request_data.get('next_url', self.context.absolute_url())
            self.request.response.redirect(redirect_url)
        else:
            IStatusMessage(self.request).addStatusMessage(_("Invalid token or token expired."), 'error')
Ejemplo n.º 5
0
    def handleSubmit(self, action):
        if bool(api.user.is_anonymous()) is True:
            self.request.response.setStatus(401, _('Forbidden for anonymous'), True)
            return False

        data, errors = self.extractData()
        if errors:
            return False

        token = data.get('token', '')

        valid_token = validate_token(token)

        #self.context.plone_log(valid_token)
        #self.context.plone_log(token)

        reason = None
        if valid_token:
            try:
                # Set the ``enable_two_factor_authentication`` to True
                user = api.user.get_current()
                user.setMemberProperties(mapping={'enable_two_factor_authentication': True,})

                IStatusMessage(self.request).addStatusMessage(
                    _("Two-step verification is successfully enabled for your account."),
                    'info'
                    )
                redirect_url = "{0}/@@personal-information".format(self.context.absolute_url())
            except Exception as e:
                reason = _(str(e))
        else:
            reason = _("Invalid token or token expired.")

        if reason is not None:
            IStatusMessage(self.request).addStatusMessage(_("Setup failed! {0}".format(reason)), 'error')
            redirect_url = "{0}/@@setup-two-factor-authentication".format(self.context.absolute_url())

        # TODO: Is there a nicer way of resolving the "@@setup-two-factor-authentication" URL?

        self.request.response.redirect(redirect_url)