def get_user_settings(self, auth_token):
user_id = InputValidator.check_session_value('user_id')
if AuthHandler.check_for_auth(
user_id) and AuthHandler.check_auth_token(auth_token):
user_id = str(user_id)
return DBusers.get_user_settings(user_id)
else:
return ResponseHandler.unauthorized_response(
'You are unauthorized')
def request_otp_app(self, device_id):
device = DBdevices.get_by_device_id(device_id)
if len(device) == 0:
return
user_id = str(device[0]['user_id'])
user_settings = DBusers.get_user_settings(user_id)
if user_settings['2FA-App'] == 1:
otp = OtpHandler.create_otp(user_id)
DBotp.insert(user_id, otp)
return otp
def prepare_user_settings(user_id):
user_settings = DBusers.get_user_settings(user_id)
user = DBusers.get_user(user_id)
user_settings['email'] = user[0]['email']
user_settings['status'] = SettingsHandler.prepare_status(
user_settings['2FA-App'], user_settings['2FA-Mail'])
user_settings['2FA-App'] = SettingsHandler.prepare_app(
user_settings['2FA-App'])
user_settings['2FA-Mail'] = SettingsHandler.prepare_email(
user_settings['2FA-Mail'])
return user_settings
def authenticate_app(self, email, password, device_id, device_name):
print(device_id)
user = DBusers.check_user(email, password)
user_count = len(user)
cherrypy.serving.response.headers['Content-Type'] = 'application/json'
if user_count > 0:
cherrypy.session['user_id'] = user['id']
cherrypy.session['2fa_status'] = 0
user_id = str(user['id'])
user_settings = DBusers.get_user_settings(user_id)
if user_settings['2FA-App'] and user_settings['2FA-App'] == 1:
devices = DBdevices.get_by_user_id(user_id)
print(str(devices))
if len(devices) > 0 and any(x['device_id'] == device_id
for x in devices):
device = {}
for x in devices:
if x['device_id'] == device_id:
device = x
if device['device_is_active'] and device[
'device_is_active'] == 1:
cherrypy.session['2fa_status'] = 1
response = {'status': 200, 'message': 'Success'}
print('response', str(response))
return response
else:
response = {
'status': 403,
'message':
'Device must be activated in web-interface'
}
return response
else:
DBdevices.insert(user_id, device_id, device_name)
response = {
'status':
403,
'message':
'Device added, but must be activated in web-interface'
}
return response
else:
response = {'status': 403, 'message': 'App auth inactive'}
return response
else:
response = {
'status': 403,
'message': 'No such user found or password wrong'
}
return response
def prepare_login(user, user_id, email):
user_logs = LLogHandler.check_login_logs(user_id)
login_count = LLogHandler.count_tries(user_id, user_logs, email)
if len(user) > 0 and login_count:
DirHandler.check_user_dirs(user_id)
auth_token = HashHandler.create_auth_token(
user_id, cherrypy.request.headers, cherrypy.session.id)
user_settings = DBusers.get_user_settings(user_id)
cherrypy.session['user_id'] = user_id
cherrypy.session['user_mail'] = email
cherrypy.session['2fa_verified'] = 0
cherrypy.session['auth_token'] = auth_token
return LoginHandler.finalize_login(user_id, user_settings,
auth_token, email)
else:
return LoginHandler.fail_login(login_count)
def check_for_second_factor(user_id):
settings = DBusers.get_user_settings(user_id)
if settings['2FA-Mail'] == 1 or settings['2FA-Mail'] == 1:
return True
else:
return False