def get(self, request: HttpRequest, *args, **kwargs) -> HttpResponse: user = self.executor.plan.context.get(PLAN_CONTEXT_PENDING_USER) if not user: LOGGER.debug("No pending user, continuing") return self.executor.stage_ok() # Currently, this stage only supports one device per user. If the user already # has a device, just skip to the next stage if StaticDevice.objects.filter(user=user).exists(): return self.executor.stage_ok() stage: AuthenticatorStaticStage = self.executor.current_stage if SESSION_STATIC_DEVICE not in self.request.session: device = StaticDevice(user=user, confirmed=True, name="Static Token") tokens = [] for _ in range(0, stage.token_count): tokens.append( StaticToken(device=device, token=StaticToken.random_token())) self.request.session[SESSION_STATIC_DEVICE] = device self.request.session[SESSION_STATIC_TOKENS] = tokens return super().get(request, *args, **kwargs)
def tfa_setup_check(self, request): """Check TFA setup.""" serializer = core_v1_serializers.CheckTFASetupSerializer( data=request.data, context={"user": request.user}) serializer.is_valid(raise_exception=True) # create static device for recovery purposes device = StaticDevice.objects.create( user=request.user, name="{} static device".format(request.user) ) tokens = [] for cpt in range(10): token = StaticToken.random_token() device.token_set.create(token=token) tokens.append(token) # Set enable flag to True so we can't go here anymore request.user.tfa_enabled = True request.user.save() # Generate new tokens device = request.user.totpdevice_set.first() refresh = RefreshToken.for_user(request.user) refresh[constants.TFA_DEVICE_TOKEN_KEY] = device.persistent_id return response.Response({ "tokens": tokens, "refresh": str(refresh), "access": str(refresh.access_token) })
def post(self, request, *args, **kwargs): static_device, _ = request.user.staticdevice_set.get_or_create( name='backup') static_device.token_set.all().delete() for _ in range(3): static_device.token_set.create(token=StaticToken.random_token()) return self.get(request, *args, **kwargs)
def done(self, form_list, **kwargs): user = self.get_user() login(self.request, user) if not self.request.user.info.registration_finished: # If the user has not finished registration yet, redirect them there to finish it now. redirect_to = reverse('register') else: redirect_to = self.request.POST.get( self.redirect_field_name, self.request.GET.get(self.redirect_field_name, '')) if not is_safe_url(url=redirect_to, host=self.request.get_host()): redirect_to = resolve_url(settings.LOGIN_REDIRECT_URL) device = getattr(user, 'otp_device', None) if device: if isinstance(device, StaticDevice): # User logged in using a static backup code, refresh it with a new one. device.token_set.create(token=StaticToken.random_token()) signals.user_verified.send(sender=__name__, request=self.request, user=user, device=device) # Track login type in Segment. analytics.track(user.id, 'user-login', { 'login_type': 'Traditional', }) return redirect(redirect_to)
def done(self, form_list, **kwargs): user = self.get_user() login(self.request, user) if not self.request.user.info.registration_finished: # If the user has not finished registration yet, redirect them there to finish it now. redirect_to = reverse('register') else: redirect_to = self.request.POST.get( self.redirect_field_name, self.request.GET.get(self.redirect_field_name, '') ) if not is_safe_url(url=redirect_to, host=self.request.get_host()): redirect_to = resolve_url(settings.LOGIN_REDIRECT_URL) device = getattr(user, 'otp_device', None) if device: if isinstance(device, StaticDevice): # User logged in using a static backup code, refresh it with a new one. device.token_set.create(token=StaticToken.random_token()) signals.user_verified.send( sender=__name__, request=self.request, user=user, device=device ) # Track login type in Segment. analytics.track(user.id, 'user-login', { 'login_type': 'Traditional', }) return redirect(redirect_to)
def save(self, *args, **kwargs): instance, created = self.request.user.staticdevice_set.get_or_create( defaults={'name': self.plugin.name}) instance.token_set.all().delete() for i in range(self.token_amount): instance.token_set.create(token=StaticToken.random_token()) return instance
def post(self, request, *args, **kwargs): static_device, _ = request.user.staticdevice_set.get_or_create( name='backup' ) static_device.token_set.all().delete() for _ in range(10): static_device.token_set.create(token=StaticToken.random_token()) return self.get(request, *args, **kwargs)
def done(self, form_list, **kwargs): device = getattr(self.get_user(), 'otp_device', None) if isinstance(device, StaticDevice): # User logged in using a static backup code, refresh it with a new one. device.token_set.create(token=StaticToken.random_token()) return super(TwoFactorLoginView, self).done(form_list, **kwargs)
def backup_token(self): if Domain.get_by_name(self.request.domain).two_factor_auth: device = self.editable_user.get_django_user().staticdevice_set.get_or_create(name='backup')[0] token = device.token_set.first() if token: return device.token_set.first().token else: return device.token_set.create(token=StaticToken.random_token()).token return None
def done(self, form_list, **kwargs): device = self.request.user.staticdevice_set.get_or_create(name='backup')[0] device.token_set.all().delete() for n in range(self.number_of_tokens): device.token_set.create(token=StaticToken.random_token()) messages.success(self.request, 'You have successfully setup two factor authentication!') return super(TwoFactorSetupView, self).done(form_list, **kwargs)
def done(self, form_list, **kwargs): device = self.request.user.staticdevice_set.get_or_create(name='backup')[0] device.token_set.all().delete() for n in range(self.number_of_tokens): device.token_set.create(token=StaticToken.random_token()) messages.success(self.request, 'You have successfully set up two factor authentication!') return super(TwoFactorSetupView, self).done(form_list, **kwargs)
def form_valid(self, form): """ Delete existing backup codes and generate new ones. """ device = self.get_device() device.token_set.all().delete() for n in range(self.number_of_tokens): device.token_set.create(token=StaticToken.random_token()) return redirect(self.redirect_url)
def form_valid(self, form): """ Delete existing backup codes and generate new ones. """ device = self.get_device() device.token_set.all().delete() for n in range(self.number_of_tokens): device.token_set.create(token=StaticToken.random_token()) return redirect(self.success_url)
def save(self, user): static_device = StaticDevice(name=self.cleaned_data["name"], user=user) static_device.save() for i in range(10): code = StaticToken(token=StaticToken.random_token().upper()) code.device = static_device code.save() return static_device
def form_valid(self, form): """ Delete existing backup codes and generate new ones. """ device = self.get_device() device.token_set.all().delete() for n in range(10): device.token_set.create(token=StaticToken.random_token()) return redirect('two_factor:backup_tokens')
def tfa_reset_codes(self, request, *args, **kwargs): """Reset recovery codes.""" device = request.user.staticdevice_set.first() if device is None: return response.Response(status=403) device.token_set.all().delete() for cpt in range(10): token = StaticToken.random_token() device.token_set.create(token=token) return response.Response( {"tokens": device.token_set.all().values_list("token", flat=True)})
def _recreate_backup_codes(user): """Creates 10 new backup codes for a user, deletes all previous backup codes.""" devices = get_user_static_device(user) if devices: devices.token_set.all().delete() else: devices = StaticDevice.objects.create(user=user, name="Static_Security_Codes") for n in range(settings.BACKUP_CODES_COUNT): security_code = StaticToken.random_token() devices.token_set.create(token=security_code)
def regenerate_tokens(self, request): number_of_tokens = 10 token_list = [] device = request.user.staticdevice_set.get_or_create(name='backup')[0] device.token_set.all().delete() for n in range(number_of_tokens): token = device.token_set.create(token=StaticToken.random_token()) token_list.append(token.token) return Response(token_list, status=status.HTTP_201_CREATED)
def form_valid(self, form): """ Delete existing backup codes and generate new ones. """ device = self.get_device() device.token_set.all().delete() for n in range(self.number_of_tokens): device.token_set.create(token=StaticToken.random_token()) return TemplateResponse(self.request, 'security_pages.html', { 'form': form, 'tokens': device.token_set.all() })
def get(self, request, format=None): device = get_user_static_device(self, request.user) if not device: device = StaticDevice.objects.create(user=request.user, name="Static") device.token_set.all().delete() tokens = [] for n in range(self.number_of_static_tokens): token = StaticToken.random_token() device.token_set.create(token=token) tokens.append(token) return Response(tokens, status=status.HTTP_201_CREATED)
def post(self, request, *args, **kwargs): form = self.form_class(data=request.POST, user=request.user) context = {"form": form} if form.is_valid(): # Delete the existing tokens and generate some new ones device = self.get_device() device.token_set.all().delete() for n in range(self.number_of_tokens): device.token_set.create(token=StaticToken.random_token()) context["device"] = device return render(request, self.template_name, context)
def tfa_setup_check(self, request): """Check TFA setup.""" serializer = serializers.CheckTFASetupSerializer( data=request.data, context={"user": request.user}) serializer.is_valid(raise_exception=True) # create static device for recovery purposes device = StaticDevice.objects.create(user=request.user, name="{} static device".format( request.user)) for cpt in range(10): token = StaticToken.random_token() device.token_set.create(token=token) django_otp.login(self.request, request.user.totpdevice_set.first()) return response.Response()
def handle(self, *args, **options): if len(args) != 1: raise CommandError('Please specify exactly one username.') username = args[0] try: user = get_user_model().objects.get_by_natural_key(username) except ObjectDoesNotExist: raise CommandError('User "{0}" does not exist.'.format(username)) device = next(StaticDevice.objects.filter(user=user).iterator(), None) if device is None: device = StaticDevice.objects.create(user=user, name='Backup Code') token = options.get('token') if token is None: token = StaticToken.random_token() device.token_set.add(StaticToken(token=token)) print(token, file=self.stdout)