def page(self) -> None:
assert user.id is not None
html.set_render_headfoot(False)
html.add_body_css_class("login")
html.add_body_css_class("two_factor")
html.header(_("Two-factor authentication"), Breadcrumb(), javascripts=[])
html.open_div(id_="login")
html.open_div(id_="login_window")
html.open_a(href="https://checkmk.com")
html.img(
src=theme.detect_icon_path(icon_name="logo", prefix="mk-"),
id_="logo",
class_="custom" if theme.has_custom_logo() else None,
)
html.close_a()
if not is_two_factor_login_enabled(user.id):
raise MKGeneralException(_("Two-factor authentication not enabled"))
html.begin_form(
"two_factor_login", method="POST", add_transid=False, action="user_login_two_factor.py"
)
html.prevent_password_auto_completion()
html.hidden_field(
"_origtarget", origtarget := request.get_url_input("_origtarget", "index.py")
)
if backup_code := request.get_ascii_input("_backup_code"):
if is_two_factor_backup_code_valid(user.id, backup_code):
set_two_factor_completed()
raise HTTPRedirect(origtarget)
def test_is_two_factor_backup_code_valid_matches(user_id) -> None:
display_codes, store_codes = userdb.make_two_factor_backup_codes()
credentials = userdb.load_two_factor_credentials(user_id)
credentials["backup_codes"] = store_codes
assert len(credentials["backup_codes"]) == 10
userdb.save_two_factor_credentials(user_id, credentials)
assert userdb.is_two_factor_backup_code_valid(user_id,
display_codes[3]) is True
credentials = userdb.load_two_factor_credentials(user_id)
assert len(credentials["backup_codes"]) == 9
def test_is_two_factor_backup_code_valid_matches(user_id: UserId) -> None:
codes = userdb.make_two_factor_backup_codes(rounds=5)
credentials = userdb.load_two_factor_credentials(user_id)
credentials["backup_codes"] = [pwhashed for _password, pwhashed in codes]
userdb.save_two_factor_credentials(user_id, credentials)
assert len(credentials["backup_codes"]) == 10
valid = userdb.is_two_factor_backup_code_valid(user_id, codes[3][0])
assert valid
credentials = userdb.load_two_factor_credentials(user_id)
assert len(credentials["backup_codes"]) == 9
def test_is_two_factor_backup_code_valid_no_codes(user_id) -> None:
assert userdb.is_two_factor_backup_code_valid(user_id, "yxz") is False
def test_is_two_factor_backup_code_valid_no_codes(user_id: UserId) -> None:
assert not userdb.is_two_factor_backup_code_valid(user_id, "yxz")
