def post(self, request, format=None):
if has_two_factor_auth() and two_factor_auth_enabled(request.user.username):
return {}
randstr = gen_token(max_length=32)
token = ClientLoginToken(randstr, request.user.username)
token.save()
return {"token": randstr}
def post(self, request, format=None):
if has_two_factor_auth() and two_factor_auth_enabled(request.user):
return {}
randstr = gen_token(max_length=32)
token = ClientLoginToken(randstr, request.user.username)
token.save()
return {'token': randstr}
def _two_factor_auth(self, request, user):
if not has_two_factor_auth() or not two_factor_auth_enabled(user):
return
token = request.META.get('HTTP_X_SEAFILE_OTP', '')
if not token:
self.two_factor_auth_failed = True
msg = 'Two factor auth token is missing.'
raise serializers.ValidationError(msg)
if not verify_two_factor_token(user.username, token):
self.two_factor_auth_failed = True
msg = 'Two factor auth token is invalid.'
raise serializers.ValidationError(msg)
def _two_factor_auth(self, request, username):
if not has_two_factor_auth() or not two_factor_auth_enabled(username):
return
token = request.META.get('HTTP_X_SEAFILE_OTP', '')
if not token:
self.two_factor_auth_failed = True
msg = 'Two factor auth token is missing.'
raise serializers.ValidationError(msg)
if not verify_two_factor_token(username, token):
self.two_factor_auth_failed = True
msg = 'Two factor auth token is invalid.'
raise serializers.ValidationError(msg)
def log_user_in(request, user, redirect_to):
# Ensure the user-originating redirection url is safe.
if not is_safe_url(url=redirect_to, host=request.get_host()):
redirect_to = settings.LOGIN_REDIRECT_URL
if request.session.test_cookie_worked():
request.session.delete_test_cookie()
_clear_login_failed_attempts(request, user)
if two_factor_auth_enabled(user):
return handle_two_factor_auth(request, user, redirect_to)
# Okay, security checks complete. Log the user in.
auth_login(request, user)
return HttpResponseRedirect(redirect_to)
def log_user_in(request, user, redirect_to):
# Ensure the user-originating redirection url is safe.
if not is_safe_url(url=redirect_to, host=request.get_host()):
redirect_to = settings.LOGIN_REDIRECT_URL
if request.session.test_cookie_worked():
request.session.delete_test_cookie()
_clear_login_failed_attempts(request, user)
if two_factor_auth_enabled(user):
return handle_two_factor_auth(request, user, redirect_to)
# Okay, security checks complete. Log the user in.
auth_login(request, user)
return HttpResponseRedirect(redirect_to)
def _two_factor_auth(self, request, user):
if not has_two_factor_auth() or not two_factor_auth_enabled(user):
return
if is_device_remembered(request.META.get('HTTP_X_SEAFILE_S2FA', ''),
user):
return
token = request.META.get('HTTP_X_SEAFILE_OTP', '')
if not token:
# Generate challenge(send sms/call/...) if token is not provided.
default_device(user).generate_challenge()
self.two_factor_auth_failed = True
msg = 'Two factor auth token is missing.'
raise serializers.ValidationError(msg)
if not verify_two_factor_token(user, token):
self.two_factor_auth_failed = True
msg = 'Two factor auth token is invalid.'
raise serializers.ValidationError(msg)
def log_user_in(request, user, redirect_to):
# Ensure the user-originating redirection url is safe.
if not is_safe_url(url=redirect_to, host=request.get_host()):
redirect_to = settings.LOGIN_REDIRECT_URL
if request.session.test_cookie_worked():
request.session.delete_test_cookie()
clear_login_failed_attempts(request, user.username)
if two_factor_auth_enabled(user):
if is_device_remembered(request.COOKIES.get('S2FA', ''), user):
from seahub.two_factor.models import default_device
user.otp_device = default_device(user)
else:
return handle_two_factor_auth(request, user, redirect_to)
# Okay, security checks complete. Log the user in.
auth_login(request, user)
return HttpResponseRedirect(redirect_to)
