def _totp_check(self, code):
sudo = self.sudo()
key = base64.b32decode(sudo.totp_secret)
match = TOTP(key).match(code)
if match is None:
_logger.info("2FA check: FAIL for %s %r", self, self.login)
raise AccessDenied()
_logger.info("2FA check: SUCCESS for %s %r", self, self.login)
def _totp_check(self, code):
sudo = self.sudo()
key = base64.b32decode(sudo.totp_secret)
match = TOTP(key).match(code)
if match is None:
_logger.info("2FA check: FAIL for %s %r", self, self.login)
raise AccessDenied(
_("Verification failed, please double-check the 6-digit code"))
_logger.info("2FA check: SUCCESS for %s %r", self, self.login)
def _totp_check(self, code):
self._totp_rate_limit('code_check')
user = self.sudo()
if user._mfa_type() != 'totp_mail':
return super()._totp_check(code)
key = self._get_totp_mail_key()
match = TOTP(key).match(code, window=3600, timestep=3600)
if match is None:
_logger.info("2FA check (mail): FAIL for %s %r", self, self.login)
raise AccessDenied(_("Verification failed, please double-check the 6-digit code"))
_logger.info("2FA check(mail): SUCCESS for %s %r", self, self.login)
self._totp_rate_limit_purge('code_check')
self._totp_rate_limit_purge('send_email')
return True
def _totp_try_setting(self, secret, code):
if self.totp_enabled or self != self.env.user:
_logger.info("2FA enable: REJECT for %s %r", self, self.login)
return False
secret = compress(secret).upper()
match = TOTP(base64.b32decode(secret)).match(code)
if match is None:
_logger.info("2FA enable: REJECT CODE for %s %r", self, self.login)
return False
self.sudo().totp_secret = secret
if request:
self.flush()
# update session token so the user does not get logged out (cache cleared by change)
new_token = self.env.user._compute_session_token(
request.session.sid)
request.session.session_token = new_token
_logger.info("2FA enable: SUCCESS for %s %r", self, self.login)
return True