def test_invalidates_token_for_60_seconds_ago(self):
auth = TotpAuth(self.test_token)
now = datetime.datetime.now()
past_unixtime = int(now.strftime('%s')) - 60
past = datetime.datetime.fromtimestamp(past_unixtime)
token = auth.totp.at(past)
self.assertFalse(auth.valid(token))
def test_invalidates_token_for_60_seconds_ago(self):
auth = TotpAuth(self.test_token)
now = datetime.datetime.now()
past_unixtime = int(now.strftime('%s')) - 60
past = datetime.datetime.fromtimestamp(past_unixtime)
token = auth.totp.at(past)
self.assertFalse(auth.valid(token))
def test_base_case(self):
auth = TotpAuth()
self.assertEquals(16, len(auth.secret))
token = auth.generate_token()
self.assertEquals(6, len(str(token)))
rv = auth.valid(token)
self.assertTrue(rv)
def test_base_case(self):
auth = TotpAuth()
self.assertEquals(16, len(auth.secret))
token = auth.generate_token()
self.assertEquals(6, len(str(token)))
rv = auth.valid(token)
self.assertTrue(rv)
def test_qrcode_generation(self):
auth = TotpAuth(self.test_token)
expected_image = Image.open('tests/assets/test_example_com.png')
expected_stream = StringIO.StringIO()
expected_image.save(expected_stream, format='PNG')
expected = expected_stream.getvalue()
actual_image = auth.qrcode('*****@*****.**')
actual_stream = StringIO.StringIO()
actual_image.save(actual_stream)
actual = actual_stream.getvalue()
self.assertEqual(expected, actual)
def test_qrcode_generation(self):
auth = TotpAuth(self.test_token)
expected_image = Image.open('tests/assets/test_example_com.png')
expected_stream = StringIO.StringIO()
expected_image.save(expected_stream, format='PNG')
expected = expected_stream.getvalue()
actual_image = auth.qrcode('*****@*****.**')
actual_stream = StringIO.StringIO()
actual_image.save(actual_stream)
actual = actual_stream.getvalue()
self.assertEqual(expected, actual)
def Authenticate(self, login, token):
mycookie = cookie(login, token)
if mycookie.verify():
return "true"
try:
logger.info("Login request from: " + login)
pwd = ldap_get_password(login)
if TotpAuth(base64.b32encode(
ldap_get_password(login))).valid(token):
mycookie.touch()
return "true"
else:
self.set_status(401)
except Exception as e:
self.set_status(500)
logger.error("Exception during logon " + login + ", error: " +
str(e))
return "false"
class User:
def __init__(self, user_id):
self.id = user_id.lower()
self.db = connection.tfa.users
self.account = self.db.find_one({'uid': self.id})
if self.account and 'totp_secret' in self.account:
self.totp = TotpAuth(self.account['totp_secret'])
def create(self):
auth = TotpAuth()
self.db.insert({'uid': self.id,
'totp_secret': auth.secret})
self.account = self.db.find_one({'uid': self.id})
def save(self):
self.db.save(self.account)
def password_valid(self, pwd):
pwd_hash = self.account['password_hash']
return bcrypt.hashpw(pwd, pwd_hash) == pwd_hash
def send_sms(self, ok_to_send=False):
if 'totp_enabled_via_sms' in self.account:
ok_to_send = True
if ok_to_send:
token = self.totp.generate_token()
msg = "Use this code to log in: %s" % token
try:
phone_number = self.account['phone_number']
rv = twilio.sms.messages.create(to=phone_number,
from_=konf.twilio_from_number,
body=msg)
except:
return False
if rv:
return rv.status != 'failed'
return False
# The methods below are required by flask-login
def is_authenticated(self):
"""Always return true - we don't do any account verification"""
return True
def is_active(self):
return True
def is_anonymous(self):
return False
def get_id(self):
return self.id
def test_validates_token_for_right_now(self):
auth = TotpAuth(self.test_token)
token = auth.totp.now()
self.assertTrue(auth.valid(token))
def create(self):
auth = TotpAuth()
self.db.insert({'uid': self.id,
'totp_secret': auth.secret})
self.account = self.db.find_one({'uid': self.id})
def __init__(self, user_id):
self.id = user_id.lower()
self.db = connection.tfa.users
self.account = self.db.find_one({'uid': self.id})
if self.account and 'totp_secret' in self.account:
self.totp = TotpAuth(self.account['totp_secret'])
def test_validates_token_for_right_now(self):
auth = TotpAuth(self.test_token)
token = auth.totp.now()
self.assertTrue(auth.valid(token))
def make_token(self, username):
user = self.db.find_one({'uid': username})
auth = TotpAuth(user['totp_secret'])
return auth.generate_token()
def make_token(self, username):
user = self.db.find_one({'uid': username})
auth = TotpAuth(user['totp_secret'])
return auth.generate_token()
