def test_otp_attempt_tracker(self): """Check that OTP login attempts are tracked. """ authenticate_for_2factor(self.user) tmp_id = frappe.local.response['tmp_id'] otp = 'wrongotp' with self.assertRaises(frappe.AuthenticationError): confirm_otp_token(self.login_manager, otp=otp, tmp_id=tmp_id) with self.assertRaises(frappe.AuthenticationError): confirm_otp_token(self.login_manager, otp=otp, tmp_id=tmp_id) # REMOVE ME: current logic allows allow_consecutive_login_attempts+1 attempts # before raising security exception, remove below line when that is fixed. with self.assertRaises(frappe.AuthenticationError): confirm_otp_token(self.login_manager, otp=otp, tmp_id=tmp_id) with self.assertRaises(frappe.SecurityException): confirm_otp_token(self.login_manager, otp=otp, tmp_id=tmp_id) # Remove tracking cache so that user can try loging in again tracker = get_login_attempt_tracker(self.user, raise_locked_exception=False) tracker.add_success_attempt() otp = get_otp(self.user) self.assertTrue( confirm_otp_token(self.login_manager, otp=otp, tmp_id=tmp_id))
def test_confirm_otp_token(self): '''Ensure otp is confirmed''' authenticate_for_2factor(self.user) tmp_id = frappe.local.response['tmp_id'] otp = 'wrongotp' with self.assertRaises(frappe.AuthenticationError): confirm_otp_token(self.login_manager,otp=otp,tmp_id=tmp_id) otp = get_otp(self.user) self.assertTrue(confirm_otp_token(self.login_manager,otp=otp,tmp_id=tmp_id)) if frappe.flags.tests_verbose: print('Sleeping for 30secs to confirm token expires..') time.sleep(30) with self.assertRaises(frappe.AuthenticationError): confirm_otp_token(self.login_manager,otp=otp,tmp_id=tmp_id)
def test_confirm_otp_token(self): """Ensure otp is confirmed""" frappe.flags.otp_expiry = 2 authenticate_for_2factor(self.user) tmp_id = frappe.local.response["tmp_id"] otp = "wrongotp" with self.assertRaises(frappe.AuthenticationError): confirm_otp_token(self.login_manager, otp=otp, tmp_id=tmp_id) otp = get_otp(self.user) self.assertTrue(confirm_otp_token(self.login_manager, otp=otp, tmp_id=tmp_id)) frappe.flags.otp_expiry = None if frappe.flags.tests_verbose: print("Sleeping for 2 secs to confirm token expires..") time.sleep(2) with self.assertRaises(ExpiredLoginException): confirm_otp_token(self.login_manager, otp=otp, tmp_id=tmp_id)
def confirm_2fa(*args, **kwargs): otp = kwargs.get("data").get("otp") email = kwargs.get("data").get("email") tmp_id = kwargs.get("data").get("tmp_id") result = confirm_otp_token(frappe.local.login_manager, otp=otp, tmp_id=tmp_id) if result: return handle_session(email)
def login(self): # clear cache frappe.clear_cache(user = frappe.form_dict.get('usr')) user, pwd = get_cached_user_pass() self.authenticate(user=user, pwd=pwd) if should_run_2fa(self.user): authenticate_for_2factor(self.user) if not confirm_otp_token(self): return False self.post_login()
def login(self): # clear cache frappe.clear_cache(user = frappe.form_dict.get('usr')) user, pwd = get_cached_user_pass() self.authenticate(user=user, pwd=pwd) if self.force_user_to_reset_password(): doc = frappe.get_doc("User", self.user) frappe.local.response["redirect_to"] = doc.reset_password(send_email=False, password_expired=True) frappe.local.response["message"] = "Password Reset" return False if should_run_2fa(self.user): authenticate_for_2factor(self.user) if not confirm_otp_token(self): return False self.post_login()
def login(): # LDAP LOGIN LOGIC args = frappe.form_dict ldap = frappe.get_doc("LDAP Settings") user = ldap.authenticate(frappe.as_unicode(args.usr), frappe.as_unicode(args.pwd)) frappe.local.login_manager.user = user.name if should_run_2fa(user.name): authenticate_for_2factor(user.name) if not confirm_otp_token(frappe.local.login_manager): return False frappe.local.login_manager.post_login() # because of a GET request! frappe.db.commit()
def login(self): # clear cache frappe.clear_cache(user = frappe.form_dict.get('usr')) user, pwd = get_cached_user_pass() self.authenticate(user=user, pwd=pwd) if should_run_2fa(self.user): authenticate_for_2factor(self.user) if not confirm_otp_token(self): return False self.post_login() def generate_key(length=40, get_bytes=os.urandom): raw_bytes = get_bytes((length + 1) // 2) hex_bytes = binascii.b2a_hex(raw_bytes)[:length] if not isinstance(hex_bytes, str): hex_bytes = hex_bytes.decode('ascii') print(hex_bytes) return hex_bytes