def _two_factor_auth(self, request, user): if not has_two_factor_auth() or not two_factor_auth_enabled(user): return if is_device_remembered(request.META.get('HTTP_X_SEAFILE_S2FA', ''), user): return token = request.META.get('HTTP_X_SEAFILE_OTP', '') if not token: self.two_factor_auth_failed = True msg = 'Two factor auth token is missing.' raise serializers.ValidationError(msg) if not verify_two_factor_token(user.username, token): self.two_factor_auth_failed = True msg = 'Two factor auth token is invalid.' raise serializers.ValidationError(msg)
def log_user_in(request, user, redirect_to): # Ensure the user-originating redirection url is safe. if not is_safe_url(url=redirect_to, host=request.get_host()): redirect_to = settings.LOGIN_REDIRECT_URL if request.session.test_cookie_worked(): request.session.delete_test_cookie() clear_login_failed_attempts(request, user.username) if two_factor_auth_enabled(user) and \ not is_device_remembered(request.COOKIES.get('S2FA', ''), user): return handle_two_factor_auth(request, user, redirect_to) # Okay, security checks complete. Log the user in. auth_login(request, user) return HttpResponseRedirect(redirect_to)
def _two_factor_auth(self, request, user): if not has_two_factor_auth() or not two_factor_auth_enabled(user): return if is_device_remembered(request.META.get('HTTP_X_SEAFILE_S2FA', ''), user): return token = request.META.get('HTTP_X_SEAFILE_OTP', '') if not token: # Generate challenge(send sms/call/...) if token is not provided. default_device(user).generate_challenge() self.two_factor_auth_failed = True msg = 'Two factor auth token is missing.' raise serializers.ValidationError(msg) if not verify_two_factor_token(user, token): self.two_factor_auth_failed = True msg = 'Two factor auth token is invalid.' raise serializers.ValidationError(msg)