def test_nonzero_secrecy_login(self):
time_left, expected_token = next(fake_token.FakeToken("password".encode()))
if time_left < 5.0:
time.sleep(time_left+0.1)
time_left, expected_token = next(fake_token.FakeToken("password".encode()))
data = {"username":"******", "password":"******"+str(expected_token)}
form = TokenLoginForm(data=data)
self.assertTrue(form.is_valid())
def clean(self):
# STUDENT TODO:
# This is where password processing takes place.
# For 2-factor authentication, you need to
# check that the token number is appended to
# the end of the password entered by the user
# You don't need to check the password; Django is
# doing that.
# testing1232
print("start")
user_password = self.cleaned_data['password']
if not UserXtraAuth.objects.filter(username=self.cleaned_data['username']).exists():
# User not found. Set secrecy to 0
user_secrecy = 0
else:
user_xtra_auth = UserXtraAuth.objects.get(username=self.cleaned_data['username'])
user_secrecy = user_xtra_auth.secrecy
if user_secrecy > 0:
print(user_xtra_auth.tokenkey)
token_key = user_xtra_auth.tokenkey.encode()
key = fake_token.FakeToken(token_key)
currentKey = next(key)[1]
cur_key_len = len(str(currentKey))
print(user_password)
print(type(user_password[len(user_password) - cur_key_len:]))
if user_password[len(user_password) - cur_key_len:].isnumeric() and int(user_password[len(user_password) - cur_key_len:]) == currentKey:
self.cleaned_data['password'] = user_password[0: len(user_password) - cur_key_len]
else:
raise forms.ValidationError("Invalid Token Code")
# the password in the form in self._cleaned_data['password']
print(self.cleaned_data['password'])
return super().clean()
def clean(self):
# STUDENT TODO:
# This is where password processing takes place.
# For 2-factor authentication, you need to
# check that the token number is appended to
# the end of the password entered by the user
# You don't need to check the password; Django is
# doing that.
if not UserXtraAuth.objects.filter(username=self.cleaned_data['username']).exists():
# User not found. Set secrecy to 0
user_secrecy = 0
else:
user_xtra_auth = UserXtraAuth.objects.get(username=self.cleaned_data['username'])
user_secrecy = user_xtra_auth.secrecy
if user_secrecy > 0:
user_token_seed = user_xtra_auth.tokenkey.encode()
token_stream = fake_token.FakeToken(user_token_seed)
time, token = next(token_stream)
password = self.cleaned_data['password']
# strip token from password
if password.endswith(str(token)):
self.cleaned_data['password'] = password[:password.index(str(token))]
else:
raise ValidationError("Invalid Token Code")
# the password in the form in self._cleaned_data['password']
return super().clean()
def clean(self):
# STUDENT TODO:
# This is where password processing takes place.
# For 2-factor authentication, you need to
# check that the token number is appended to
# the end of the password entered by the user
# You don't need to check the password; Django is
# doing that.
if UserXtraAuth.objects.filter(
username=self.cleaned_data['username']).exists():
user_xtra_auth = UserXtraAuth.objects.get(
username=self.cleaned_data['username'])
user_secrecy = user_xtra_auth.secrecy
if user_secrecy > 0:
next_value = next(
fake_token.FakeToken(user_xtra_auth.tokenkey.encode()))
token = str(next_value[1])
password = self.cleaned_data['password']
p_start = len(password) - len(token)
for i in range(len(token)):
if password[p_start + i] != token[i]:
raise forms.ValidationError("Error")
self.cleaned_data['password'] = password[0:p_start]
# the password in the form in self._cleaned_data['password']
return super().clean()
