def test_init_verify_tfa():
user_id = db_utils.create_user()
tfa_secret, _ = tfa.init(user_id)
# Invalid initial verification (Tuple: False, None)
test_tfa_secret, test_recovery_codes = tfa.init_verify_tfa(user_id, tfa_secret, "000000")
assert not test_tfa_secret
assert not test_recovery_codes
# Valid initial verification
totp = pyotp.TOTP(tfa_secret)
tfa_response = totp.now()
test_tfa_secret, test_recovery_codes = tfa.init_verify_tfa(user_id, tfa_secret, tfa_response)
assert tfa_secret == test_tfa_secret
assert len(test_recovery_codes) == 10
def tfa_init_qrcode_post_(request):
# Strip any spaces from the TOTP code (some authenticators display the digits like '123 456')
tfaresponse = request.params['tfaresponse'].replace(' ', '')
tfa_secret_sess = _get_totp_code_from_session()
# Check to see if the tfaresponse matches the tfasecret when run through the TOTP algorithm
tfa_secret, recovery_codes = tfa.init_verify_tfa(tfa_secret_sess,
tfaresponse)
# The 2FA TOTP code did not match with the generated 2FA secret
if not tfa_secret:
return Response(
define.webpage(
request.userid,
"control/2fa/init_qrcode.html", [
define.get_display_name(request.userid), tfa_secret_sess,
tfa.generate_tfa_qrcode(request.userid, tfa_secret_sess),
"2fa"
],
title="Enable 2FA: Step 2"))
else:
_set_recovery_codes_on_session(','.join(recovery_codes))
return Response(
define.webpage(request.userid,
"control/2fa/init_verify.html",
[recovery_codes, None],
title="Enable 2FA: Final Step"))
def test_init_verify_tfa():
user_id = db_utils.create_user()
tfa_secret, _ = tfa.init(user_id)
# Invalid initial verification (Tuple: False, None)
test_tfa_secret, test_recovery_codes = tfa.init_verify_tfa(
tfa_secret, "000000")
assert not test_tfa_secret
assert not test_recovery_codes
# Valid initial verification
totp = pyotp.TOTP(tfa_secret)
tfa_response = totp.now()
test_tfa_secret, test_recovery_codes = tfa.init_verify_tfa(
tfa_secret, tfa_response)
assert tfa_secret == test_tfa_secret
assert len(test_recovery_codes) == 10
def tfa_init_qrcode_post_(request):
# Strip any spaces from the TOTP code (some authenticators display the digits like '123 456')
tfaresponse = request.params['tfaresponse'].replace(' ', '')
tfa_secret_sess = _get_totp_code_from_session()
# Check to see if the tfaresponse matches the tfasecret when run through the TOTP algorithm
tfa_secret, recovery_codes = tfa.init_verify_tfa(request.userid, tfa_secret_sess, tfaresponse)
# The 2FA TOTP code did not match with the generated 2FA secret
if not tfa_secret:
return Response(define.webpage(request.userid, "control/2fa/init_qrcode.html", [
define.get_display_name(request.userid),
tfa_secret_sess,
tfa.generate_tfa_qrcode(request.userid, tfa_secret_sess),
"2fa"
], title="Enable 2FA: Step 2"))
else:
_set_recovery_codes_on_session(','.join(recovery_codes))
return Response(define.webpage(request.userid, "control/2fa/init_verify.html", [
recovery_codes,
None
], title="Enable 2FA: Final Step"))