def page(self) -> None: assert user.id is not None html.set_render_headfoot(False) html.add_body_css_class("login") html.add_body_css_class("two_factor") html.header(_("Two-factor authentication"), Breadcrumb(), javascripts=[]) html.open_div(id_="login") html.open_div(id_="login_window") html.open_a(href="https://checkmk.com") html.img( src=theme.detect_icon_path(icon_name="logo", prefix="mk-"), id_="logo", class_="custom" if theme.has_custom_logo() else None, ) html.close_a() if not is_two_factor_login_enabled(user.id): raise MKGeneralException(_("Two-factor authentication not enabled")) html.begin_form( "two_factor_login", method="POST", add_transid=False, action="user_login_two_factor.py" ) html.prevent_password_auto_completion() html.hidden_field( "_origtarget", origtarget := request.get_url_input("_origtarget", "index.py") ) if backup_code := request.get_ascii_input("_backup_code"): if is_two_factor_backup_code_valid(user.id, backup_code): set_two_factor_completed() raise HTTPRedirect(origtarget)
def test_is_two_factor_backup_code_valid_matches(user_id) -> None: display_codes, store_codes = userdb.make_two_factor_backup_codes() credentials = userdb.load_two_factor_credentials(user_id) credentials["backup_codes"] = store_codes assert len(credentials["backup_codes"]) == 10 userdb.save_two_factor_credentials(user_id, credentials) assert userdb.is_two_factor_backup_code_valid(user_id, display_codes[3]) is True credentials = userdb.load_two_factor_credentials(user_id) assert len(credentials["backup_codes"]) == 9
def test_is_two_factor_backup_code_valid_matches(user_id: UserId) -> None: codes = userdb.make_two_factor_backup_codes(rounds=5) credentials = userdb.load_two_factor_credentials(user_id) credentials["backup_codes"] = [pwhashed for _password, pwhashed in codes] userdb.save_two_factor_credentials(user_id, credentials) assert len(credentials["backup_codes"]) == 10 valid = userdb.is_two_factor_backup_code_valid(user_id, codes[3][0]) assert valid credentials = userdb.load_two_factor_credentials(user_id) assert len(credentials["backup_codes"]) == 9
def test_is_two_factor_backup_code_valid_no_codes(user_id) -> None: assert userdb.is_two_factor_backup_code_valid(user_id, "yxz") is False
def test_is_two_factor_backup_code_valid_no_codes(user_id: UserId) -> None: assert not userdb.is_two_factor_backup_code_valid(user_id, "yxz")