Ejemplo n.º 1
0
 def _totp_check(self, code):
     sudo = self.sudo()
     key = base64.b32decode(sudo.totp_secret)
     match = TOTP(key).match(code)
     if match is None:
         _logger.info("2FA check: FAIL for %s %r", self, self.login)
         raise AccessDenied()
     _logger.info("2FA check: SUCCESS for %s %r", self, self.login)
Ejemplo n.º 2
0
 def _totp_check(self, code):
     sudo = self.sudo()
     key = base64.b32decode(sudo.totp_secret)
     match = TOTP(key).match(code)
     if match is None:
         _logger.info("2FA check: FAIL for %s %r", self, self.login)
         raise AccessDenied(
             _("Verification failed, please double-check the 6-digit code"))
     _logger.info("2FA check: SUCCESS for %s %r", self, self.login)
Ejemplo n.º 3
0
    def _totp_check(self, code):
        self._totp_rate_limit('code_check')
        user = self.sudo()
        if user._mfa_type() != 'totp_mail':
            return super()._totp_check(code)

        key = self._get_totp_mail_key()
        match = TOTP(key).match(code, window=3600, timestep=3600)
        if match is None:
            _logger.info("2FA check (mail): FAIL for %s %r", self, self.login)
            raise AccessDenied(_("Verification failed, please double-check the 6-digit code"))
        _logger.info("2FA check(mail): SUCCESS for %s %r", self, self.login)
        self._totp_rate_limit_purge('code_check')
        self._totp_rate_limit_purge('send_email')
        return True
Ejemplo n.º 4
0
    def _totp_try_setting(self, secret, code):
        if self.totp_enabled or self != self.env.user:
            _logger.info("2FA enable: REJECT for %s %r", self, self.login)
            return False

        secret = compress(secret).upper()
        match = TOTP(base64.b32decode(secret)).match(code)
        if match is None:
            _logger.info("2FA enable: REJECT CODE for %s %r", self, self.login)
            return False

        self.sudo().totp_secret = secret
        if request:
            self.flush()
            # update session token so the user does not get logged out (cache cleared by change)
            new_token = self.env.user._compute_session_token(
                request.session.sid)
            request.session.session_token = new_token

        _logger.info("2FA enable: SUCCESS for %s %r", self, self.login)
        return True