def send_email(device, token):
subject = get_setting('OTP_EMAIL_SUBJECT')
send_mail(
subject=subject,
message="Your OTP password is %s" % token,
from_email=settings.EMAIL_HOST_USER,
recipient_list=[device.user.email]
)
def verify_otp_token(self, attrs):
otp_token = attrs.get(get_setting('OTP_TOKEN_KEY'))
if not otp_token:
raise OTPValidationError(self.user, 'Missing token.')
if not self.user.totpdevice.verify_token(otp_token):
raise OTPValidationError(self.user, 'Wrong token: \'%s\'.' % otp_token)
return otp_token
def create(self, validated_data):
""" Create user with credentials and
attempt to send her random otp token using configured method and/or gateway. """
if validated_data.get('password'):
validated_data['password'] = make_password(validated_data['password'])
user = super(OneUserSerializer, self).create(validated_data)
# send otp token thru method if it is recognized
if get_setting('OTP_ENABLED') and user.method and user.method in list(dict(SEND_OTP_METHODS)):
user.totpdevice.send_token()
return user
def validate(self, attrs):
"""
If is first-time login, and user-submitted OTP token is incorrect, raise an exception.
"""
data = super().validate(attrs)
if get_setting('OTP_ENABLED') and not self.user.verified:
otp_token = self.verify_otp_token(attrs)
# one-factor auth here,
# let's also include the user's data in the response
user_data = OneUserSerializer(self.user).data
data.update(user=user_data)
return data
def check_all_group_permissions(sender, **kwargs):
"""
Checks that all the permissions specified in our settings.py are set for our groups.
"""
if not is_perms_app(sender):
return
config = get_setting('GROUP_PERMISSIONS')
# for each of our items
for name, permissions in config.items():
# get or create the group
(group, created) = Group.objects.get_or_create(name=name)
if created:
pass
check_role_perms(group, permissions, group.permissions.all())
def get_perms_app_name():
"""
Gets the app after which oneauth permissions should be installed.
This can be specified by `ONEAUTH_PERMISSIONS_APP` in the Django settings or defaults to the last app with models.
"""
global permissions_app_name
if not permissions_app_name:
permissions_app_name = get_setting('PERMISSIONS_APP')
if not permissions_app_name:
app_names_with_models = [
a.name for a in apps.get_app_configs()
if a.models_module is not None
]
if app_names_with_models:
permissions_app_name = app_names_with_models[-1]
return permissions_app_name
class AbstractOneUser(SmartModel, AbstractBaseUser, PermissionsMixin):
first_name = models.CharField(_('first name'), max_length=30, blank=True)
last_name = models.CharField(_('last name'), max_length=150, blank=True)
email = models.EmailField(_('email address'), unique=True)
is_staff = models.BooleanField(
_('staff status'),
default=False,
help_text=_(
'Designates whether the user can log into this admin site.'),
)
is_active = models.BooleanField(
_('active'),
default=True,
help_text=_(
'Designates whether this user should be treated as active. '
'Unselect this instead of deleting accounts.'),
)
date_joined = models.DateTimeField(_('date joined'), default=timezone.now)
verified = models.BooleanField(default=not get_setting('OTP_ENABLED'),
help_text="Is the user verified?") # OTP
phone = PhoneNumberField(
null=True,
blank=True,
help_text=_('Optional phone number used for eg. in OTP verification'))
USERNAME_FIELD = 'email'
REQUIRED_FIELDS = []
objects = OneUserManager()
class Meta:
db_table = "one_users"
abstract = True
def __str__(self):
return self.email
def delete(self, using=None, keep_parents=False):
self.is_active = False
return super(AbstractOneUser, self).delete(using, keep_parents)
def clean(self):
super(AbstractOneUser, self).clean()
self.email = self.__class__.objects.normalize_email(self.email)
def get_full_name(self):
"""
Returns the first_name plus the last_name, with a space in between.
"""
full_name = '%s %s' % (self.first_name, self.last_name)
return full_name.strip()
def get_short_name(self):
"""
Returns the short name for the user.
"""
return self.first_name
def email_user(self, subject, message, from_email=None, **kwargs):
"""
Sends an email to this User.
"""
send_mail(subject, message, from_email, [self.email], **kwargs)
@property
def is_logged_in(self):
return type(self).objects.is_user_logged_in(self)
"""
Credits: PaesslerAG
https://github.com/PaesslerAG/django-currentuser
"""
from django.conf import settings
from django.contrib.auth.models import AnonymousUser
from threading import local
from oneauth.settings import get_setting
_thread_locals = local()
USER_ATTR_NAME = get_setting('LOCAL_USER_ATTR_NAME')
def _do_set_current_user(user_fun):
setattr(_thread_locals, USER_ATTR_NAME, user_fun.__get__(user_fun, local))
def _set_current_user(user=None):
'''
Sets current user in local thread.
Can be used as a hook e.g. for shell jobs (when request object is not
available).
'''
_do_set_current_user(lambda self: user)
class ThreadLocalUserMiddleware(object):
def __init__(self, get_response):
def send_sms(device, token):
gateway = _get_gateway_class(get_setting('SMS_GATEWAY'))()
gateway.send_sms(device=device, token=token)
def __init__(self, *args, **kwargs):
super().__init__(*args, **kwargs)
otp_field = get_setting('OTP_TOKEN_KEY')
self.fields[otp_field] = serializers.CharField(required=get_setting('OTP_ENABLED'))