def check_auth_code(self, auth_code): """ Checks whether `auth_code` is a valid authentication code for this user, at the current time. """ # allow only one-time use for one auth code. cache_key = "onetimeauth_"+str(self.user.id)+"_"+str(auth_code) if cache.get(cache_key): # has been successfully authenticated with this auth key within last 5 minutes return False result = check_raw_seed(decrypt_value(self.encrypted_seed), auth_code) if result: cache.set(cache_key, True, 60*5) return result
def _check_auth_code_totp(self, auth_code): """ Checks whether `auth_code` is a valid authentication code for this user, at the current time. (TOTP) """ # Do not allow the same time-based two-factor code to be used within 40 seconds lock_key = "two-factor-lock-%s-%s" % (self.user.username, auth_code) lock = cache.get(lock_key) if lock: logger.warn("Two-factor duplicate authentication attempt %s", self.user.username) return False cache.set(lock_key, 40) return check_raw_seed(decrypt_value(self.encrypted_seed), auth_code)
def check_auth_code(self, auth_code): """ Checks whether `auth_code` is a valid authentication code for this user, at the current time. """ return check_raw_seed(decrypt_value(self.encrypted_seed), auth_code)
def _check_auth_code_totp(self, auth_code): """ Checks whether `auth_code` is a valid authentication code for this user, at the current time. (TOTP) """ return check_raw_seed(decrypt_value(self.encrypted_seed), auth_code)