def handleSubmit(self, action): data, errors = self.extractData() if errors: return False # Token entered by user from his mobile device using GoogleAuthenticator app token = data.get('token', '') # Signature token generated for resetting the bar code. signature_token = self.request.get('signature', '') username = self.request.get('auth_user', '') user = api.user.get(username=username) #logger.debug('token: {0}'.format(token)) if not user: reason = _("User not found {0}.".format(username)) IStatusMessage(self.request).addStatusMessage( _("Resetting of the bar-code failed! {0}".format(reason)), 'error') return # Validating the GoogleAuthenticator app token valid_token = validate_token(token, user=user) #self.context.plone_log(valid_token) #self.context.plone_log(token) reason = None if valid_token: try: # Checking if token generated for resetting the bar code image is equal # to the one taken from current request. bar_code_reset_token = user.getProperty('bar_code_reset_token') if bar_code_reset_token != signature_token: reason = _("Invalid bar-code reset token.") IStatusMessage(self.request).addStatusMessage( _("Resetting of the bar-code failed! {0}".format( reason)), 'error') return user.setMemberProperties( mapping={ 'enable_two_factor_authentication': True, }) IStatusMessage(self.request).addStatusMessage( _("Two-step verification bar-code is successfully reset for your account." ), 'info') redirect_url = "{0}".format(self.context.absolute_url()) self.request.response.redirect(redirect_url) except Exception as e: reason = _(str(e)) else: reason = _("Invalid token or token expired.") if reason is not None: IStatusMessage(self.request).addStatusMessage( _("Setup failed! {0}".format(reason)), 'error')
def handleSubmit(self, action): data, errors = self.extractData() if errors: return False # Token entered by user from his mobile device using GoogleAuthenticator app token = data.get('token', '') # Signature token generated for resetting the bar code. signature_token = self.request.get('signature', '') username = self.request.get('auth_user', '') user = api.user.get(username=username) #logger.debug('token: {0}'.format(token)) if not user: reason = _("User not found {0}.".format(username)) IStatusMessage(self.request).addStatusMessage( _("Resetting of the bar-code failed! {0}".format(reason)), 'error' ) return # Validating the GoogleAuthenticator app token valid_token = validate_token(token, user=user) #self.context.plone_log(valid_token) #self.context.plone_log(token) reason = None if valid_token: try: # Checking if token generated for resetting the bar code image is equal # to the one taken from current request. bar_code_reset_token = user.getProperty('bar_code_reset_token') if bar_code_reset_token != signature_token: reason = _("Invalid bar-code reset token.") IStatusMessage(self.request).addStatusMessage( _("Resetting of the bar-code failed! {0}".format(reason)), 'error' ) return user.setMemberProperties(mapping={'enable_two_factor_authentication': True,}) IStatusMessage(self.request).addStatusMessage( _("Two-step verification bar-code is successfully reset for your account."), 'info' ) redirect_url = "{0}".format(self.context.absolute_url()) self.request.response.redirect(redirect_url) except Exception as e: reason = _(str(e)) else: reason = _("Invalid token or token expired.") if reason is not None: IStatusMessage(self.request).addStatusMessage(_("Setup failed! {0}".format(reason)), 'error')
def handleSubmit(self, action): """ Here we should check couple of things: - If the token provided is valid. - If the signature contains the user data needed (username and hash made of his data are valid). If all is well and valid, we sudo login the user given. """ data, errors = self.extractData() if errors: return False token = data.get('token', '') user = None username = self.request.get('auth_user', '') if username: user = api.user.get(username=username) # Validating the signed request data. If invalid (likely tampered # with or expired), generate an appropriate error message. user_data_validation_result = validate_user_data( request=self.request, user=user) if not user_data_validation_result.result: IStatusMessage(self.request).addStatusMessage( _("Invalid data. Details: {0}".format(' '.join( user_data_validation_result.reason))), 'error') return valid_token = validate_token(token, user=user) # self.context.plone_log(valid_token) # self.context.plone_log(token) if valid_token: # We should login the user here self.context.acl_users.session._setupSession( str(username), self.context.REQUEST.RESPONSE) # TODO: Is there a nicer way of resolving the # "@@google_authenticator_token_form" URL? msg = PMF("Welcome! You are now logged in.") IStatusMessage(self.request).addStatusMessage(msg, 'info') request_data = extract_request_data(self.request) context_url = self.context.absolute_url() redirect_url = request_data.get('next_url', context_url) self.request.response.redirect(redirect_url) else: msg = _("Invalid token or token expired.") IStatusMessage(self.request).addStatusMessage(msg, 'error')
def handleSubmit(self, action): """ Here we should check couple of things: - If the token provided is valid. - If the signature contains the user data needed (username and hash made of his data are valid). If all is well and valid, we sudo login the user given. """ data, errors = self.extractData() if errors: return False token = data.get('token', '') user = None username = self.request.get('auth_user', '') if username: user = api.user.get(username=username) # Validating the signed request data. If invalid (likely throttled with or expired), generate an # appropriate error message. user_data_validation_result = validate_user_data(request=self.request, user=user) if not user_data_validation_result.result: IStatusMessage(self.request).addStatusMessage( _("Invalid data. Details: {0}".format(' '.join(user_data_validation_result.reason))), 'error' ) return valid_token = validate_token(token, user=user) #self.context.plone_log(valid_token) #self.context.plone_log(token) if valid_token: # We should login the user here self.context.acl_users.session._setupSession(str(username), self.context.REQUEST.RESPONSE) # TODO: Is there a nicer way of resolving the "@@google_authenticator_token_form" URL? IStatusMessage(self.request).addStatusMessage(_("Great! You're logged in."), 'info') request_data = extract_request_data(self.request) redirect_url = request_data.get('next_url', self.context.absolute_url()) self.request.response.redirect(redirect_url) else: IStatusMessage(self.request).addStatusMessage(_("Invalid token or token expired."), 'error')
def handleSubmit(self, action): if bool(api.user.is_anonymous()) is True: self.request.response.setStatus(401, _('Forbidden for anonymous'), True) return False data, errors = self.extractData() if errors: return False token = data.get('token', '') valid_token = validate_token(token) #self.context.plone_log(valid_token) #self.context.plone_log(token) reason = None if valid_token: try: # Set the ``enable_two_factor_authentication`` to True user = api.user.get_current() user.setMemberProperties(mapping={'enable_two_factor_authentication': True,}) IStatusMessage(self.request).addStatusMessage( _("Two-step verification is successfully enabled for your account."), 'info' ) redirect_url = "{0}/@@personal-information".format(self.context.absolute_url()) except Exception as e: reason = _(str(e)) else: reason = _("Invalid token or token expired.") if reason is not None: IStatusMessage(self.request).addStatusMessage(_("Setup failed! {0}".format(reason)), 'error') redirect_url = "{0}/@@setup-two-factor-authentication".format(self.context.absolute_url()) # TODO: Is there a nicer way of resolving the "@@setup-two-factor-authentication" URL? self.request.response.redirect(redirect_url)