def check_auth_code(self, auth_code):
"""
Checks whether `auth_code` is a valid authentication code for this
user, at the current time.
"""
# allow only one-time use for one auth code.
cache_key = "onetimeauth_"+str(self.user.id)+"_"+str(auth_code)
if cache.get(cache_key): # has been successfully authenticated with this auth key within last 5 minutes
return False
result = check_raw_seed(decrypt_value(self.encrypted_seed), auth_code)
if result:
cache.set(cache_key, True, 60*5)
return result
def _check_auth_code_totp(self, auth_code):
"""
Checks whether `auth_code` is a valid authentication code for this
user, at the current time. (TOTP)
"""
# Do not allow the same time-based two-factor code to be used within 40 seconds
lock_key = "two-factor-lock-%s-%s" % (self.user.username, auth_code)
lock = cache.get(lock_key)
if lock:
logger.warn("Two-factor duplicate authentication attempt %s", self.user.username)
return False
cache.set(lock_key, 40)
return check_raw_seed(decrypt_value(self.encrypted_seed), auth_code)
def _check_auth_code_totp(self, auth_code):
"""
Checks whether `auth_code` is a valid authentication code for this
user, at the current time. (TOTP)
"""
# Do not allow the same time-based two-factor code to be used within 40 seconds
lock_key = "two-factor-lock-%s-%s" % (self.user.username, auth_code)
lock = cache.get(lock_key)
if lock:
logger.warn("Two-factor duplicate authentication attempt %s",
self.user.username)
return False
cache.set(lock_key, 40)
return check_raw_seed(decrypt_value(self.encrypted_seed), auth_code)
def check_auth_code(self, auth_code):
"""
Checks whether `auth_code` is a valid authentication code for this
user, at the current time.
"""
return check_raw_seed(decrypt_value(self.encrypted_seed), auth_code)
def _check_auth_code_totp(self, auth_code):
"""
Checks whether `auth_code` is a valid authentication code for this
user, at the current time. (TOTP)
"""
return check_raw_seed(decrypt_value(self.encrypted_seed), auth_code)
