def init_otp(request): """ Initialize OTP after login. This sets up OTP devices for django_otp and calls the middleware to fill request.user.is_verified(). """ tdev = TOTPDevice(user=request.user, name='TOTP device with LDAP secret') try: tdev.save() except IntegrityError: tdev = TOTPDevice.objects.get(user=request.user) sdev = SOTPDevice(user=request.user, name='SOTP device with LDAP secret') try: sdev.save() except IntegrityError: pass # if OTP is disabled, it will match already if tdev.verify_token(): otp_login(request, tdev) # add .is_verified() OTPMiddleware().process_request(request)
def otp_qrcode(request): dev = TOTPDevice() secret = request.session.get('otp_secret') if not secret: return HttpResponseForbidden() qr = qrcode.make(dev.get_uri(secret), box_size=5) f = io.BytesIO() qr.save(f, 'PNG') return HttpResponse(f.getvalue(), content_type='image/png')