Exemplo n.º 1
0
 def render_next_step(self, form, **kwargs):
     response = super(Enable, self).render_next_step(form, **kwargs)
     if self.steps.current in ['call-verify', 'sms-verify']:
         method = self.get_form_data('method', 'method')
         #todo use backup phone
         #todo resend message + throttling
         generated_token = totp(self.get_token().seed)
         if method == 'call':
             phone = self.get_form_data('call', 'phone')
             call(to=phone, request=self.request, token=generated_token)
         elif method == 'sms':
             phone = self.get_form_data('sms', 'phone')
             send(to=phone, request=self.request, token=generated_token)
     return response
Exemplo n.º 2
0
def verify_computer(request, template_name='two_factor/verify_computer.html',
                    redirect_field_name=REDIRECT_FIELD_NAME,
                    computer_verification_form=ComputerVerificationForm,
                    current_app=None, extra_context=None):

    redirect_to = request.REQUEST.get(redirect_field_name, '')
    netloc = urlparse.urlparse(redirect_to)[1]

    # Use default setting if redirect_to is empty
    if not redirect_to:
        redirect_to = settings.LOGIN_REDIRECT_URL

    # Heavier security check -- don't allow redirection to a different
    # host.
    elif netloc and netloc != request.get_host():
        redirect_to = settings.LOGIN_REDIRECT_URL

    try:
        user = User.objects.get(pk=signer.unsign(request.GET.get('user')))
    except (User.DoesNotExist, BadSignature):
        return HttpResponseRedirect(settings.LOGIN_URL)

    if request.method == 'POST':
        form = computer_verification_form(user=user, data=request.POST)
        if form.is_valid():
            # Okay, security checks complete. Log the user in.
            auth_login(request, user)

            if request.session.test_cookie_worked():
                request.session.delete_test_cookie()

            response = HttpResponseRedirect(redirect_to)

            # set computer verification
            if form.cleaned_data['remember']:
                vf = user.verifiedcomputer_set.create(
                    verified_until=now() + timedelta(days=30),
                    last_used_at=now(),
                    ip=request.META['REMOTE_ADDR'])
                response.set_signed_cookie('computer', vf.id,
                                           path=reverse('tf:verify'),
                                           max_age=30*86400, httponly=True)

            return response
    else:
        form = computer_verification_form(request, user)

        # has this computer been verified?
        try:
            computer_id = request.get_signed_cookie('computer', None)
            user = authenticate(user=user, computer_id=computer_id)
            if user and user.is_active:
                # Okay, security checks complete. Log the user in.
                auth_login(request, user)

                if request.session.test_cookie_worked():
                    request.session.delete_test_cookie()

                return HttpResponseRedirect(redirect_to)
        except VerifiedComputer.DoesNotExist:
            pass

        token = user.token
        if token.method in ('call', 'sms'):
            #todo use backup phone
            #todo resend message + throttling
            generated_token = totp(token.seed)
            if token.method == 'call':
                call(to=token.phone, request=request, token=generated_token)
            elif token.method == 'sms':
                send(to=token.phone, request=request, token=generated_token)

    current_site = get_current_site(request)

    context = {
        'form': form,
        redirect_field_name: redirect_to,
        'site': current_site,
        'site_name': current_site.name,
    }
    if extra_context is not None:
        context.update(extra_context)
    return TemplateResponse(request, template_name, context,
                            current_app=current_app)