def create_user_twofactor(self, message):
"""twofactor me: generate a new QR code that can be used to configure the external device to generate valid verification tokens"""
user = User.get(self, message.sender)
if not user:
user = User.create(self, message.sender)
self.direct_reply(message, user.generate_and_upload_qr_code_image(), html=True)
user.save()
self.direct_reply(message, "Say 'twofactor verify [token]' to start an authenticated session")
else:
self.direct_reply(message, "twofactor is already configured")
def remove_user_twofactor(self, message, nick):
"""twofactor remove [nick]: remove [nick]'s twofactor authentication (requires the 'administer_twofactor' permission)"""
self.reply(message, "working on that...")
user_to_remove = User.get_from_nick(self, nick)
if user_to_remove:
user_to_remove.delete()
self.direct_reply(message, "Successfully removed twofactor authentication for user '{}'".format(nick))
else:
self.direct_reply(message, "I could not find user '{}', no action was taken".format(nick))
def twofactor_logout(self, message):
"""twofactor logout: terminate an authenticated session"""
user = User.get_from_message(self, message)
if not user:
return
user.logout()
user.save()
self.direct_reply(message, "Your authenticated session has been terminated")
def show_user_permission(self, message, nick):
"""what can [nick] do: get permissions for a user"""
self.reply(message, "working on that...")
if 'i' == nick.lower():
nick = message.sender.nick
user = User.get_from_nick(self, nick)
if not user:
self.reply(message, "I could not find user '{}'".format(nick))
else:
self.reply(message, "User '{}' has permissions {}".format(user.nick, ', '.join(user.permissions)))
def twofactor_status(self, message):
"""twofactor status: tells you if you are currently authenticated and when your session ends"""
user = User.get_from_message(self, message)
if not user:
return
if user.is_authenticated:
self.direct_reply(message, "You are authenticated, your session expires {}".format(self.to_natural_day_and_time(user.session_expiration_time)))
else:
self.direct_reply(message, "You are not authenticated")
def verify_user_twofactor(self, message, token):
"""twofactor verify [token]: start a new authenticated session by providing a verification token generated by the external device"""
user = User.get_from_message(self, message)
if not user:
return
if user.verify_token(token):
self.direct_reply(message, "You are authenticated, your session expires {}".format(self.to_natural_day_and_time(user.session_expiration_time)))
else:
self.direct_reply(message, "Authentication failed, please try again")
user.save()
def get_users_for_permissions(self, message, permission):
"""who can [permission]?: see which users have a particular permission"""
self.reply(message, "working on that...")
nicks_with_perm = []
for user in User.list(self):
if user.has_permission(permission):
nicks_with_perm.append(user.nick)
if len(nicks_with_perm) > 0:
self.reply(message, "The following users have permission to '{}': {}".format(permission, ', '.join(nicks_with_perm)))
else:
self.reply(message, "No users have permission to '{}'".format(permission))
def confirm_user_permission(self, message, permissions):
"""can I [permission]?: check if you have a specific permission"""
self.reply(message, "working on that...")
user = User.get_from_message(self, message)
if not user:
self.reply(message, "You have not set up two-factor authentication. Say 'twofactor me' to set it up.")
return
for permission in permissions.split():
if user.has_permission(permission):
self.reply(message, "Yes, you can {}".format(permission))
else:
self.reply(message, "No, you can't {}".format(permission))
def give_user_permission(self, message, nick, permissions):
"""grant [nick] permission to [permission]: grant [nick] a permission (requires the 'grant_permissions' permission)"""
self.reply(message, "working on that...")
requested_permissions = permissions.split()
try:
requested_permissions.remove("to")
except ValueError:
pass
if len(requested_permissions) == 0:
self.reply(message, 'At least one permission must be specified')
return
user = User.get_from_nick(self, nick)
if not user:
self.reply(message, "The user has not setup two-factor authentication, please have them do so before modifying permissions")
return
user.grant_permissions(requested_permissions)
user.save()
self.direct_reply(message, "New permissions for '{}' are: {} ".format(nick, ', '.join(user.permissions)))
