def validate_totp_provision(self):
if not self.request.user.two_factor_provisioning_allowed:
self.request.session.flash(
"Modifying 2FA requires a verified email.", queue="error")
return Response(status=403)
totp_secret = self.user_service.get_totp_secret(self.request.user.id)
if totp_secret:
self.request.session.flash("TOTP already provisioned.",
queue="error")
return HTTPSeeOther(self.request.route_path("manage.account"))
form = ProvisionTOTPForm(
**self.request.POST,
totp_secret=self.request.session.get_totp_secret())
if form.validate():
self.user_service.update_user(
self.request.user.id,
totp_secret=self.request.session.get_totp_secret())
self.request.session.clear_totp_secret()
self.request.session.flash(
"TOTP application successfully provisioned.", queue="success")
return HTTPSeeOther(self.request.route_path("manage.account"))
return {**self.default_response, "provision_totp_form": form}
def validate_totp_provision(self):
if not self.request.user.has_primary_verified_email:
self.request.session.flash(
"Verify your email to modify two factor authentication", queue="error"
)
return Response(status=403)
totp_secret = self.user_service.get_totp_secret(self.request.user.id)
if totp_secret:
self.request.session.flash(
"Account cannot be linked to more than one authentication "
"application at a time",
queue="error",
)
return HTTPSeeOther(self.request.route_path("manage.account"))
form = ProvisionTOTPForm(
**self.request.POST, totp_secret=self.request.session.get_totp_secret()
)
if form.validate():
self.user_service.update_user(
self.request.user.id, totp_secret=self.request.session.get_totp_secret()
)
self.request.session.clear_totp_secret()
self.request.session.flash(
"Authentication application successfully set up", queue="success"
)
return HTTPSeeOther(self.request.route_path("manage.account"))
return {**self.default_response, "provision_totp_form": form}
def default_response(self):
totp_secret = self.request.session.get_totp_secret()
return {
"provision_totp_secret": base64.b32encode(totp_secret).decode(),
"provision_totp_form": ProvisionTOTPForm(totp_secret=totp_secret),
"provision_totp_uri": otp.generate_totp_provisioning_uri(
totp_secret,
self.request.user.username,
issuer_name=self.request.registry.settings["site.name"],
),
}
def validate_totp_provision(self):
totp_secret = self.user_service.get_totp_secret(self.request.user.id)
if totp_secret:
self.request.session.flash("TOTP already provisioned.", queue="error")
return HTTPSeeOther(self.request.route_path("manage.account"))
form = ProvisionTOTPForm(
**self.request.POST, totp_secret=self.request.session.get_totp_secret()
)
if form.validate():
self.user_service.update_user(
self.request.user.id, totp_secret=self.request.session.get_totp_secret()
)
self.request.session.clear_totp_secret()
self.request.session.flash(
"TOTP application successfully provisioned.", queue="success"
)
return HTTPSeeOther(self.request.route_path("manage.account"))
return {**self.default_response, "provision_totp_form": form}
def validate_totp_provision(self):
totp_secret = self.user_service.get_totp_secret(self.request.user.id)
if totp_secret:
self.request.session.flash("TOTP already provisioned.",
queue="error")
return HTTPSeeOther(self.request.route_path("manage.account"))
form = ProvisionTOTPForm(
**self.request.POST,
totp_secret=self.request.session.get_totp_secret())
if form.validate():
self.user_service.update_user(
self.request.user.id,
totp_secret=self.request.session.get_totp_secret())
self.request.session.clear_totp_secret()
self.request.session.flash(
"TOTP application successfully provisioned.", queue="success")
return HTTPSeeOther(self.request.route_path("manage.account"))
return {**self.default_response, "provision_totp_form": form}