def post(self, request, *args, **kwargs):
self.mfa_method_name = kwargs.get('method')
self.obj = get_object_or_404(MFAMethod,
user=request.user,
name=self.mfa_method_name)
if not self.obj.is_active:
return Response(
{'error': _('Method is disabled.')},
status=status.HTTP_400_BAD_REQUEST,
)
serializer = self.get_serializer(data=request.data, )
serializer.is_valid(raise_exception=True)
backup_codes = generate_backup_codes()
if requires_encryption:
self.obj.backup_codes = [
make_password(backup_code) for backup_code in backup_codes
]
else: # pragma: no cover
self.obj.backup_codes = backup_codes
self.obj.save(update_fields=['_backup_codes'])
return Response({'backup_codes': backup_codes})
def post(self, request, *args, **kwargs):
self.mfa_method_name = self.kwargs['method']
self.obj = get_object_or_404(MFAMethod,
user=request.user,
name=self.mfa_method_name)
serializer = self.get_serializer(data=request.data)
serializer.is_valid(raise_exception=True)
backup_codes = generate_backup_codes()
if requires_encryption:
self.obj.backup_codes = [
make_password(backup_code) for backup_code in backup_codes
]
else: # pragma: no cover
self.obj.backup_codes = backup_codes
self.obj.is_active = True
self.obj.is_primary = not MFAMethod.objects.filter(
user=request.user,
is_active=True,
).exists()
self.obj.save(
update_fields=['is_active', '_backup_codes', 'is_primary'])
return Response({'backup_codes': backup_codes})
def active_user_with_many_otp_methods():
user, created = User.objects.get_or_create(
username='******',
email='*****@*****.**',
)
if created:
user.set_password('secretkey'),
user.is_active = True
user.save()
MFAMethod = apps.get_model('trench.MFAMethod')
MFAMethod.objects.create(
user=user,
secret=create_secret(),
is_primary=True,
name='email',
is_active=True,
backup_codes=generate_backup_codes(),
)
MFAMethod.objects.create(
user=user,
secret=create_secret(),
is_primary=False,
name='sms',
is_active=True,
backup_codes=generate_backup_codes(),
)
MFAMethod.objects.create(
user=user,
secret=create_secret(),
is_primary=False,
name='app',
is_active=True,
backup_codes=generate_backup_codes(),
)
return user
def test_confirm_activation_otp_with_backup_code(
active_user_with_backup_codes, ):
client = APIClient()
first_step = login(active_user_with_backup_codes)
backup_code = active_user_with_backup_codes.mfa_methods.first(
).backup_codes.split(',')[0]
response = client.post(
path='/auth/login/code/',
data={
'token': first_step.data.get('ephemeral_token'),
'code': backup_code,
},
format='json',
)
client.credentials(HTTP_AUTHORIZATION=header_template.format(
get_token_from_response(response)))
try:
response = client.post(
path='/auth/sms/activate/',
data={
'phone_number': '555-555-555',
},
format='json',
)
except (TwilioRestException, TwilioException):
# twilio rises this exception in test, but the new mfa_method is
# created anyway.
pass
sms_method = active_user_with_backup_codes.mfa_methods.all()[1]
sms_method.backup_codes = generate_backup_codes()
sms_method.save()
backup_code = sms_method.backup_codes.split(',')[0]
response = client.post(
path='/auth/sms/activate/confirm/',
data={
'token': first_step.data.get('ephemeral_token'),
'code': backup_code,
},
format='json',
)
# Confirm the response is OK and user gets 5 backup codes
assert response.status_code == 200
assert len(response.json().get('backup_codes')) == 5
def post(self, request, *args, **kwargs):
self.mfa_method_name = kwargs.get('method')
self.obj = get_object_or_404(MFAMethod,
user=request.user,
name=self.mfa_method_name)
if not self.obj.is_active:
return Response(
{'error': _('Method is disabled.')},
status=status.HTTP_400_BAD_REQUEST,
)
serializer = self.get_serializer(data=request.data, )
serializer.is_valid(raise_exception=True)
backup_codes = generate_backup_codes()
self.obj.backup_codes = backup_codes
self.obj.save(update_fields=['backup_codes'])
return Response({'backup_codes': backup_codes.split(',')})
def active_user_with_backup_codes():
user, created = User.objects.get_or_create(
username='******',
email='*****@*****.**',
)
if created:
user.set_password('secretkey'),
user.is_active = True
user.save()
MFAMethod = apps.get_model('trench.MFAMethod')
MFAMethod.objects.create(
user=user,
secret=create_secret(),
is_primary=True,
name='email',
is_active=True,
backup_codes=generate_backup_codes(),
)
return user
def post(self, request, *args, **kwargs):
self.mfa_method_name = self.kwargs['method']
self.obj = get_object_or_404(MFAMethod,
user=request.user,
name=self.mfa_method_name)
serializer = self.get_serializer(data=request.data)
serializer.is_valid(raise_exception=True)
backup_codes = generate_backup_codes()
self.obj.is_active = True
self.obj.backup_codes = backup_codes
self.obj.is_primary = not MFAMethod.objects.filter(
user=request.user,
is_active=True,
).exists()
self.obj.save(
update_fields=['is_active', 'backup_codes', 'is_primary'])
return Response({'backup_codes': backup_codes.split(',')})