def google_url(self, name=None):
"""
The Google Charts QR code version of the seed, plus an optional
name for this (defaults to "username@hostname").
"""
if not name:
username = self.user.username
hostname = gethostname()
name = "%s@%s" % (username, hostname)
return get_google_url(decrypt_value(self.encrypted_seed), name)
def _check_auth_code_hotp(self, auth_code):
"""
Checks whether `auth_code` is a valid authentication code for this
user, for the current iteration. (HOTP)
"""
correct = check_hotp(decrypt_value(self.encrypted_seed), auth_code,
self.counter)
if correct:
self.counter += 1
self.save()
if self.counter > HOTP_MAX_COUNTER:
self.delete()
return correct
def _check_auth_code_hotp(self, auth_code):
"""
Checks whether `auth_code` is a valid authentication code for this
user, for the current iteration. (HOTP)
"""
correct = check_hotp(
decrypt_value(self.encrypted_seed), auth_code, self.counter)
if correct:
self.counter += 1
self.save()
if self.counter > HOTP_MAX_COUNTER:
self.delete()
return correct
def check_auth_code(self, auth_code):
"""
Checks whether `auth_code` is a valid authentication code for this
user, at the current time.
"""
# allow only one-time use for one auth code.
cache_key = "onetimeauth_"+str(self.user.id)+"_"+str(auth_code)
if cache.get(cache_key): # has been successfully authenticated with this auth key within last 5 minutes
return False
result = check_raw_seed(decrypt_value(self.encrypted_seed), auth_code)
if result:
cache.set(cache_key, True, 60*5)
return result
def google_url(self, name=None):
"""
The Google Charts QR code version of the seed, plus an optional
name for this (defaults to "username@hostname").
"""
if not name:
username = self.user.username
hostname = Site.objects.get_current().domain
name = "%s@%s" % (username, hostname)
return get_google_url(
decrypt_value(self.encrypted_seed),
name
)
def google_url(self, name=None):
"""
The Google Charts QR code version of the seed, plus an optional
name for this (defaults to "username@hostname").
"""
if not name:
username = self.user.username
hostname = gethostname()
name = "%s@%s" % (username, hostname)
return get_google_url(
decrypt_value(self.encrypted_seed),
name,
"hotp" if self.is_hotp() else "totp"
)
def _check_auth_code_totp(self, auth_code):
"""
Checks whether `auth_code` is a valid authentication code for this
user, at the current time. (TOTP)
"""
# Do not allow the same time-based two-factor code to be used within 40 seconds
lock_key = "two-factor-lock-%s-%s" % (self.user.username, auth_code)
lock = cache.get(lock_key)
if lock:
logger.warn("Two-factor duplicate authentication attempt %s", self.user.username)
return False
cache.set(lock_key, 40)
return check_raw_seed(decrypt_value(self.encrypted_seed), auth_code)
def _check_auth_code_totp(self, auth_code):
"""
Checks whether `auth_code` is a valid authentication code for this
user, at the current time. (TOTP)
"""
# Do not allow the same time-based two-factor code to be used within 40 seconds
lock_key = "two-factor-lock-%s-%s" % (self.user.username, auth_code)
lock = cache.get(lock_key)
if lock:
logger.warn("Two-factor duplicate authentication attempt %s",
self.user.username)
return False
cache.set(lock_key, 40)
return check_raw_seed(decrypt_value(self.encrypted_seed), auth_code)
def b32_secret(self):
"""
The base32 version of the seed (for input into Google Authenticator
and similar soft token devices.
"""
return b32encode(decrypt_value(self.encrypted_seed))
def b32_secret(self):
"""
The base32 version of the seed (for input into Google Authenticator
and similar soft token devices.
"""
return b32encode(decrypt_value(self.encrypted_seed))
def check_auth_code(self, auth_code):
"""
Checks whether `auth_code` is a valid authentication code for this
user, at the current time.
"""
return check_raw_seed(decrypt_value(self.encrypted_seed), auth_code)
def _check_auth_code_totp(self, auth_code):
"""
Checks whether `auth_code` is a valid authentication code for this
user, at the current time. (TOTP)
"""
return check_raw_seed(decrypt_value(self.encrypted_seed), auth_code)
