def test_invalidates_token_for_60_seconds_ago(self): auth = TotpAuth(self.test_token) now = datetime.datetime.now() past_unixtime = int(now.strftime('%s')) - 60 past = datetime.datetime.fromtimestamp(past_unixtime) token = auth.totp.at(past) self.assertFalse(auth.valid(token))
def test_base_case(self): auth = TotpAuth() self.assertEquals(16, len(auth.secret)) token = auth.generate_token() self.assertEquals(6, len(str(token))) rv = auth.valid(token) self.assertTrue(rv)
def test_qrcode_generation(self): auth = TotpAuth(self.test_token) expected_image = Image.open('tests/assets/test_example_com.png') expected_stream = StringIO.StringIO() expected_image.save(expected_stream, format='PNG') expected = expected_stream.getvalue() actual_image = auth.qrcode('*****@*****.**') actual_stream = StringIO.StringIO() actual_image.save(actual_stream) actual = actual_stream.getvalue() self.assertEqual(expected, actual)
def Authenticate(self, login, token): mycookie = cookie(login, token) if mycookie.verify(): return "true" try: logger.info("Login request from: " + login) pwd = ldap_get_password(login) if TotpAuth(base64.b32encode( ldap_get_password(login))).valid(token): mycookie.touch() return "true" else: self.set_status(401) except Exception as e: self.set_status(500) logger.error("Exception during logon " + login + ", error: " + str(e)) return "false"
class User: def __init__(self, user_id): self.id = user_id.lower() self.db = connection.tfa.users self.account = self.db.find_one({'uid': self.id}) if self.account and 'totp_secret' in self.account: self.totp = TotpAuth(self.account['totp_secret']) def create(self): auth = TotpAuth() self.db.insert({'uid': self.id, 'totp_secret': auth.secret}) self.account = self.db.find_one({'uid': self.id}) def save(self): self.db.save(self.account) def password_valid(self, pwd): pwd_hash = self.account['password_hash'] return bcrypt.hashpw(pwd, pwd_hash) == pwd_hash def send_sms(self, ok_to_send=False): if 'totp_enabled_via_sms' in self.account: ok_to_send = True if ok_to_send: token = self.totp.generate_token() msg = "Use this code to log in: %s" % token try: phone_number = self.account['phone_number'] rv = twilio.sms.messages.create(to=phone_number, from_=konf.twilio_from_number, body=msg) except: return False if rv: return rv.status != 'failed' return False # The methods below are required by flask-login def is_authenticated(self): """Always return true - we don't do any account verification""" return True def is_active(self): return True def is_anonymous(self): return False def get_id(self): return self.id
def test_validates_token_for_right_now(self): auth = TotpAuth(self.test_token) token = auth.totp.now() self.assertTrue(auth.valid(token))
def create(self): auth = TotpAuth() self.db.insert({'uid': self.id, 'totp_secret': auth.secret}) self.account = self.db.find_one({'uid': self.id})
def __init__(self, user_id): self.id = user_id.lower() self.db = connection.tfa.users self.account = self.db.find_one({'uid': self.id}) if self.account and 'totp_secret' in self.account: self.totp = TotpAuth(self.account['totp_secret'])
def make_token(self, username): user = self.db.find_one({'uid': username}) auth = TotpAuth(user['totp_secret']) return auth.generate_token()