def verify_token(self, token):
OTP_TOTP_SYNC = getattr(settings, 'OTP_TOTP_SYNC', True)
try:
token = int(token)
except Exception:
verified = False
else:
key = self.bin_key
totp = TOTP(key, self.step, self.t0, self.digits)
totp.time = time.time()
for offset in range(-self.tolerance, self.tolerance + 1):
totp.drift = self.drift + offset
if (totp.t() > self.last_t) and (totp.token() == token):
self.last_t = totp.t()
if (offset != 0) and OTP_TOTP_SYNC:
self.drift += offset
self.save()
verified = True
break
else:
verified = False
return verified
def get_token(user, phone_number, email=''):
if email and user.email_id != email:
raise
totp = TOTP(TOTP_SECRET_KEY+str(randint(10000, 99999))+str(phone_number))
totp.time = 30
token = totp.token()
save_otp(user, token, email)
return token
def test_totp_invalid(self):
response = self.client.get('/control/login/2fa')
assert 'token' in response.rendered_content
d = TOTPDevice.objects.create(user=self.user, name='test')
totp = TOTP(d.bin_key, d.step, d.t0, d.digits, d.drift)
totp.time = time.time()
response = self.client.post('/control/login/2fa'.format(d.pk), {
'token': str(totp.token() + 2)
})
self.assertEqual(response.status_code, 302)
self.assertIn('/control/login/2fa', response['Location'])
def test_totp_valid(self):
response = self.client.get('/control/login/2fa')
assert 'token' in response.rendered_content
d = TOTPDevice.objects.create(user=self.user, name='test')
totp = TOTP(d.bin_key, d.step, d.t0, d.digits, d.drift)
totp.time = time.time()
response = self.client.post('/control/login/2fa?next=/control/events/'.format(d.pk), {
'token': str(totp.token())
})
self.assertEqual(response.status_code, 302)
self.assertIn('/control/events/', response['Location'])
assert time.time() - self.client.session['pretix_auth_login_time'] < 60
assert not self.client.session['pretix_auth_long_session']
def test_totp_valid(self):
response = self.client.get('/control/login/2fa')
assert 'token' in response.rendered_content
d = TOTPDevice.objects.create(user=self.user, name='test')
totp = TOTP(d.bin_key, d.step, d.t0, d.digits, d.drift)
totp.time = time.time()
response = self.client.post(
'/control/login/2fa?next=/control/events/'.format(d.pk),
{'token': str(totp.token())})
self.assertEqual(response.status_code, 302)
self.assertIn('/control/events/', response['Location'])
assert time.time() - self.client.session['pretix_auth_login_time'] < 60
assert not self.client.session['pretix_auth_long_session']
def test_confirm_totp_failed(self):
self.client.post('/control/settings/2fa/add', {
'devicetype': 'totp',
'name': 'Foo'
}, follow=True)
d = TOTPDevice.objects.first()
totp = TOTP(d.bin_key, d.step, d.t0, d.digits, d.drift)
totp.time = time.time()
r = self.client.post('/control/settings/2fa/totp/{}/confirm'.format(d.pk), {
'token': str(totp.token() - 2)
}, follow=True)
assert 'alert-danger' in r.content.decode()
d.refresh_from_db()
assert not d.confirmed
def test_confirm_totp_failed(self):
self.client.post('/control/settings/2fa/add', {
'devicetype': 'totp',
'name': 'Foo'
}, follow=True)
d = TOTPDevice.objects.first()
totp = TOTP(d.bin_key, d.step, d.t0, d.digits, d.drift)
totp.time = time.time()
r = self.client.post('/control/settings/2fa/totp/{}/confirm'.format(d.pk), {
'token': str(totp.token() - 2)
}, follow=True)
assert 'alert-danger' in r.rendered_content
d.refresh_from_db()
assert not d.confirmed
def test_confirm_totp(self):
self.client.post('/control/settings/2fa/add', {
'devicetype': 'totp',
'name': 'Foo'
}, follow=True)
d = TOTPDevice.objects.first()
totp = TOTP(d.bin_key, d.step, d.t0, d.digits, d.drift)
totp.time = time.time()
r = self.client.post('/control/settings/2fa/totp/{}/confirm'.format(d.pk), {
'token': str(totp.token()),
'activate': 'on'
}, follow=True)
d.refresh_from_db()
assert d.confirmed
assert 'alert-success' in r.content.decode()
self.user.refresh_from_db()
assert self.user.require_2fa
def test_confirm_totp(self):
self.client.post('/control/settings/2fa/add', {
'devicetype': 'totp',
'name': 'Foo'
}, follow=True)
d = TOTPDevice.objects.first()
totp = TOTP(d.bin_key, d.step, d.t0, d.digits, d.drift)
totp.time = time.time()
r = self.client.post('/control/settings/2fa/totp/{}/confirm'.format(d.pk), {
'token': str(totp.token()),
'activate': 'on'
}, follow=True)
d.refresh_from_db()
assert d.confirmed
assert 'alert-success' in r.rendered_content
self.user.refresh_from_db()
assert self.user.require_2fa
def verify_token(self, token):
OTP_TOTP_SYNC = getattr(settings, 'OTP_TOTP_SYNC', True)
try:
token = int(token)
except Exception:
verified = False
else:
key = self.bin_key
totp = TOTP(key, self.step, self.t0, self.digits, self.drift)
totp.time = time.time()
verified = totp.verify(token, self.tolerance, self.last_t + 1)
if verified:
self.last_t = totp.t()
if OTP_TOTP_SYNC:
self.drift = totp.drift
self.save()
return verified
def test_redirect_to_2fa_to_settings(self):
self.user.require_2fa = True
self.user.needs_password_change = True
self.user.save()
response = self.client.post('/control/login?next=/control/events/', {
'email': '*****@*****.**',
'password': '******',
})
self.assertEqual(response.status_code, 302)
self.assertIn('/control/login/2fa?next=/control/events/', response['Location'])
d = TOTPDevice.objects.create(user=self.user, name='test')
totp = TOTP(d.bin_key, d.step, d.t0, d.digits, d.drift)
totp.time = time.time()
self.client.post('/control/login/2fa?next=/control/events/', {
'token': str(totp.token())
})
response = self.client.get('/control/events/')
self.assertEqual(response.status_code, 302)
self.assertIn('/control/settings?next=/control/events/', response['Location'])
def generate_totp(self, request=None):
key = self.bin_key
totp = TOTP(key, self.step, self.t0, self.digits, self.drift)
totp.time = time.time()
return totp
def totp_obj(self):
totp = TOTP(key=self.bin_key, step=self.step, digits=self.digits)
totp.time = time.time()
return totp
def totp_obj(self):
totp = TOTP(key=random_hex(20), step=300, digits=6)
totp.time = time.time()
return totp
def _totp(device, now):
totp = TOTP(device.bin_key, device.step, device.t0, device.digits)
totp.time = now.timestamp()
return totp.token()
def totp_obj(key):
totp = TOTP(key=key, step=100, digits=6)
totp.time = time.time()
return totp
def _totp(device, now):
totp = TOTP(device.bin_key, device.step, device.t0, device.digits)
totp.time = now.timestamp()
return totp.token()
def generate_otp(phone_number):
totp = TOTP(settings.TOTP_SECRET_KEY+str(randint(10000,99999))+str(phone_number))
totp.time = 30
token = totp.token()
return token
def totp_obj(self):
totp = TOTP(self.bin_key, step=1)
totp.time = time.time()
return totp
def __create_topt_obj(self):
totp = TOTP(str(self.key).encode(), step=self.step, digits=self.digits)
totp.time = time.time()
return totp