def verify(self, submit=True): """Show form for TOTP verification token. :param bool submit: Whether form was submitted (False if shown after login form) """ if not TOTP_ENABLED or 'login_uid' not in session: # TOTP not enabled or not in login process return redirect(url_for('login')) user = self.load_user(session.get('login_uid', None)) if user is None: # user not found return redirect(url_for('login')) form = VerifyForm() if submit and form.validate_on_submit(): if self.user_totp_is_valid(user, form.token.data): # TOTP verified target_url = session.pop('target_url', '/') self.clear_verify_session() return self.__login_response(user, target_url) else: flash('Invalid verification code') form.token.errors.append('Invalid verification code') form.token.data = None if user.failed_sign_in_count >= MAX_LOGIN_ATTEMPTS: # redirect to login after too many login attempts return redirect(url_for('login')) return render_template('verify.html', title='Sign In', form=form)
def setup_totp(self, submit=True): """Show form with TOTP QR Code and token confirmation. :param bool submit: Whether form was submitted (False if shown after login form) """ if not TOTP_ENABLED or 'login_uid' not in session: # TOTP not enabled or not in login process return redirect(url_for('login')) user = self.load_user(session.get('login_uid', None)) if user is None: # user not found return redirect(url_for('login')) totp_secret = session.get('totp_secret', None) if totp_secret is None: # generate new secret totp_secret = pyotp.random_base32() # store temp secret in session session['totp_secret'] = totp_secret form = VerifyForm() if submit and form.validate_on_submit(): if pyotp.totp.TOTP(totp_secret).verify(form.token.data, valid_window=1): # TOTP confirmed # save TOTP secret user.totp_secret = totp_secret # update last sign in timestamp and reset failed attempts # counter user.last_sign_in_at = datetime.utcnow() user.failed_sign_in_count = 0 self.user_query().session.commit() target_url = session.pop('target_url', '/') self.clear_verify_session() return self.__login_response(user, target_url) else: flash('Invalid verification code') form.token.errors.append('Invalid verification code') form.token.data = None # enable one-time loading of QR code image session['show_qrcode'] = True # show form resp = make_response( render_template('qrcode.html', title='Two Factor Authentication Setup', form=form, totp_secret=totp_secret)) # do not cache in browser resp.headers.set('Cache-Control', 'no-cache, no-store, must-revalidate') resp.headers.set('Pragma', 'no-cache') resp.headers.set('Expires', '0') return resp
def __verify(self, db_session, submit=True): """Show form for TOTP verification token. :param Session db_session: DB session :param bool submit: Whether form was submitted (False if shown after login form) """ if not TOTP_ENABLED or 'login_uid' not in session: # TOTP not enabled or not in login process return redirect(url_for('login')) user = self.find_user(db_session, id=session.get('login_uid', None)) if user is None: # user not found return redirect(url_for('login')) form = VerifyForm(meta=wft_locales()) if submit and form.validate_on_submit(): if self.user_totp_is_valid(user, form.token.data, db_session): # TOTP verified target_url = session.pop('target_url', self.tenant_prefix()) self.clear_verify_session() return self.__login_response(user, target_url) else: flash(i18n.t('auth.verfication_invalid')) form.token.errors.append(i18n.t('auth.verfication_invalid')) form.token.data = None if user.failed_sign_in_count >= MAX_LOGIN_ATTEMPTS: # redirect to login after too many login attempts return redirect(url_for('login')) return render_template('verify.html', form=form, i18n=i18n, title=i18n.t("auth.verify_page_title"))
def verify_otp(name, user_email, user_password): global otp form = VerifyForm() if request.method == "GET": flash(f"An OTP is send to your email ({user_email}) address.") otp = randint(123456, 987654) send_otp = SendOTP(user_name=name, user_email=user_email, otp=otp) send_otp.register_msgBody() send_otp.send_otp() if request.method == "POST" and form.validate_on_submit(): enter_otp = int(request.form.get("otp")) if enter_otp == otp: new_user = User(name=name, email=user_email, password=user_password) db.session.add(new_user) db.session.commit() # This line will authenticate the user with Flask-Login login_user(new_user) return redirect(url_for('get_all_posts')) else: flash("OTP mismatched, another OTP send to your email address.") return redirect(url_for('verify_otp', name=name, user_email=user_email, user_password=user_password)) return render_template("email-verification.html", form=form)
def verify(user_id=-1): if user_id is not -1: form = VerifyForm(request.form) if form.validate_on_submit(): user = User.query.filter_by(id=user_id).first_or_404() otp = OTP.query.filter_by(user_id=user.id).first_or_404() print('after gettig user'+str(user.id)) print(form.otp_num.data) if form.otp_num.data == 'open': login_user(user) flash('مرحبا بك في جمعة', 'success') return redirect(url_for('index')) #check otp if correct redirect to index and Login #else return to page with error msg return render_template('verify.html', form=form) else: return redirect(url_for('index'))
def verify(): form = VerifyForm() if form.validate_on_submit(): user = Users.query.filter_by(email=form.email.data).first() if user is not None and user.numberverification == form.numbercode.data: if user.verified == 0 or user.verified == False: user.verified = True db.session.commit() db.session.close() flash('Verified!') return redirect(url_for('login')) else: flash('You are already verified!') return redirect(url_for('login')) else: flash('Invalid code or email!') return redirect(url_for('verify')) return render_template('verify.html', form=form)
def verify(): verifyform = VerifyForm() if verifyform.validate_on_submit(): session['loggedin'] = 'True' if session['otp'] == verifyform.otp.data: db.execute( "INSERT INTO users (username, email, password) VALUES (:username, :email, :password)", { "username": session["username"], "email": session['email'], "password": session['password'] }) db.commit() flash(f"Account created for {session['username']}!", 'success') return redirect(url_for('home')) flash("verification code didn't match", 'danger') return render_template("verify.html", email=session['email'], verifyform=verifyform)
def verify(): form = VerifyForm() if form.validate_on_submit(): user = User.query.filter_by(email=form.email.data).first() if user: if form.mantra.data == "secret": user.tdr_mark = int(form.mark.data) user.tdr_school = form.school.data db.session.commit() return redirect(url_for('verify')) else: flash("Aquest mantra no és vàlid") else: flash("No existeix cap usuari amb aquest correu") return render_template('verify.html', form=form)
def verify_user_otp(name, user_email): global otp form = VerifyForm() if request.method == "GET": otp = randint(123456, 987654) otp_send = SendOTP(user_name=name, user_email=user_email, otp=otp) otp_send.forgot_password_msgBody() otp_send.send_otp() if request.method == "POST" and form.validate_on_submit(): user_otp = int(request.form.get("otp")) if user_otp == otp: print(user_otp, otp) flash("Enter your new password, and note it in your dairy.") return redirect(url_for('reset_password', user_email=user_email)) else: flash("Wrong credentials provided, Please try again !") return redirect(url_for('login')) return render_template("forgot-password.html", form=form)