def render_next_step(self, form, **kwargs):
response = super(Enable, self).render_next_step(form, **kwargs)
if self.steps.current in ['call-verify', 'sms-verify']:
method = self.get_form_data('method', 'method')
#todo use backup phone
#todo resend message + throttling
generated_token = totp(self.get_token().seed)
if method == 'call':
phone = self.get_form_data('call', 'phone')
call(to=phone, request=self.request, token=generated_token)
elif method == 'sms':
phone = self.get_form_data('sms', 'phone')
send(to=phone, request=self.request, token=generated_token)
return response
def verify_computer(request, template_name='two_factor/verify_computer.html',
redirect_field_name=REDIRECT_FIELD_NAME,
computer_verification_form=ComputerVerificationForm,
current_app=None, extra_context=None):
redirect_to = request.REQUEST.get(redirect_field_name, '')
netloc = urlparse.urlparse(redirect_to)[1]
# Use default setting if redirect_to is empty
if not redirect_to:
redirect_to = settings.LOGIN_REDIRECT_URL
# Heavier security check -- don't allow redirection to a different
# host.
elif netloc and netloc != request.get_host():
redirect_to = settings.LOGIN_REDIRECT_URL
try:
user = User.objects.get(pk=signer.unsign(request.GET.get('user')))
except (User.DoesNotExist, BadSignature):
return HttpResponseRedirect(settings.LOGIN_URL)
if request.method == 'POST':
form = computer_verification_form(user=user, data=request.POST)
if form.is_valid():
# Okay, security checks complete. Log the user in.
auth_login(request, user)
if request.session.test_cookie_worked():
request.session.delete_test_cookie()
response = HttpResponseRedirect(redirect_to)
# set computer verification
if form.cleaned_data['remember']:
vf = user.verifiedcomputer_set.create(
verified_until=now() + timedelta(days=30),
last_used_at=now(),
ip=request.META['REMOTE_ADDR'])
response.set_signed_cookie('computer', vf.id,
path=reverse('tf:verify'),
max_age=30*86400, httponly=True)
return response
else:
form = computer_verification_form(request, user)
# has this computer been verified?
try:
computer_id = request.get_signed_cookie('computer', None)
user = authenticate(user=user, computer_id=computer_id)
if user and user.is_active:
# Okay, security checks complete. Log the user in.
auth_login(request, user)
if request.session.test_cookie_worked():
request.session.delete_test_cookie()
return HttpResponseRedirect(redirect_to)
except VerifiedComputer.DoesNotExist:
pass
token = user.token
if token.method in ('call', 'sms'):
#todo use backup phone
#todo resend message + throttling
generated_token = totp(token.seed)
if token.method == 'call':
call(to=token.phone, request=request, token=generated_token)
elif token.method == 'sms':
send(to=token.phone, request=request, token=generated_token)
current_site = get_current_site(request)
context = {
'form': form,
redirect_field_name: redirect_to,
'site': current_site,
'site_name': current_site.name,
}
if extra_context is not None:
context.update(extra_context)
return TemplateResponse(request, template_name, context,
current_app=current_app)
