def handleSubmit(self, action):
data, errors = self.extractData()
if errors:
return False
# Token entered by user from his mobile device using GoogleAuthenticator app
token = data.get('token', '')
# Signature token generated for resetting the bar code.
signature_token = self.request.get('signature', '')
username = self.request.get('auth_user', '')
user = api.user.get(username=username)
#logger.debug('token: {0}'.format(token))
if not user:
reason = _("User not found {0}.".format(username))
IStatusMessage(self.request).addStatusMessage(
_("Resetting of the bar-code failed! {0}".format(reason)),
'error')
return
# Validating the GoogleAuthenticator app token
valid_token = validate_token(token, user=user)
#self.context.plone_log(valid_token)
#self.context.plone_log(token)
reason = None
if valid_token:
try:
# Checking if token generated for resetting the bar code image is equal
# to the one taken from current request.
bar_code_reset_token = user.getProperty('bar_code_reset_token')
if bar_code_reset_token != signature_token:
reason = _("Invalid bar-code reset token.")
IStatusMessage(self.request).addStatusMessage(
_("Resetting of the bar-code failed! {0}".format(
reason)), 'error')
return
user.setMemberProperties(
mapping={
'enable_two_factor_authentication': True,
})
IStatusMessage(self.request).addStatusMessage(
_("Two-step verification bar-code is successfully reset for your account."
), 'info')
redirect_url = "{0}".format(self.context.absolute_url())
self.request.response.redirect(redirect_url)
except Exception as e:
reason = _(str(e))
else:
reason = _("Invalid token or token expired.")
if reason is not None:
IStatusMessage(self.request).addStatusMessage(
_("Setup failed! {0}".format(reason)), 'error')
def handleSubmit(self, action):
data, errors = self.extractData()
if errors:
return False
# Token entered by user from his mobile device using GoogleAuthenticator app
token = data.get('token', '')
# Signature token generated for resetting the bar code.
signature_token = self.request.get('signature', '')
username = self.request.get('auth_user', '')
user = api.user.get(username=username)
#logger.debug('token: {0}'.format(token))
if not user:
reason = _("User not found {0}.".format(username))
IStatusMessage(self.request).addStatusMessage(
_("Resetting of the bar-code failed! {0}".format(reason)),
'error'
)
return
# Validating the GoogleAuthenticator app token
valid_token = validate_token(token, user=user)
#self.context.plone_log(valid_token)
#self.context.plone_log(token)
reason = None
if valid_token:
try:
# Checking if token generated for resetting the bar code image is equal
# to the one taken from current request.
bar_code_reset_token = user.getProperty('bar_code_reset_token')
if bar_code_reset_token != signature_token:
reason = _("Invalid bar-code reset token.")
IStatusMessage(self.request).addStatusMessage(
_("Resetting of the bar-code failed! {0}".format(reason)),
'error'
)
return
user.setMemberProperties(mapping={'enable_two_factor_authentication': True,})
IStatusMessage(self.request).addStatusMessage(
_("Two-step verification bar-code is successfully reset for your account."),
'info'
)
redirect_url = "{0}".format(self.context.absolute_url())
self.request.response.redirect(redirect_url)
except Exception as e:
reason = _(str(e))
else:
reason = _("Invalid token or token expired.")
if reason is not None:
IStatusMessage(self.request).addStatusMessage(_("Setup failed! {0}".format(reason)), 'error')
def handleSubmit(self, action):
"""
Here we should check couple of things:
- If the token provided is valid.
- If the signature contains the user data needed (username and hash
made of his data are valid).
If all is well and valid, we sudo login the user given.
"""
data, errors = self.extractData()
if errors:
return False
token = data.get('token', '')
user = None
username = self.request.get('auth_user', '')
if username:
user = api.user.get(username=username)
# Validating the signed request data. If invalid (likely tampered
# with or expired), generate an appropriate error message.
user_data_validation_result = validate_user_data(
request=self.request, user=user)
if not user_data_validation_result.result:
IStatusMessage(self.request).addStatusMessage(
_("Invalid data. Details: {0}".format(' '.join(
user_data_validation_result.reason))), 'error')
return
valid_token = validate_token(token, user=user)
# self.context.plone_log(valid_token)
# self.context.plone_log(token)
if valid_token:
# We should login the user here
self.context.acl_users.session._setupSession(
str(username), self.context.REQUEST.RESPONSE)
# TODO: Is there a nicer way of resolving the
# "@@google_authenticator_token_form" URL?
msg = PMF("Welcome! You are now logged in.")
IStatusMessage(self.request).addStatusMessage(msg, 'info')
request_data = extract_request_data(self.request)
context_url = self.context.absolute_url()
redirect_url = request_data.get('next_url', context_url)
self.request.response.redirect(redirect_url)
else:
msg = _("Invalid token or token expired.")
IStatusMessage(self.request).addStatusMessage(msg, 'error')
def handleSubmit(self, action):
"""
Here we should check couple of things:
- If the token provided is valid.
- If the signature contains the user data needed (username and hash made of his data are valid).
If all is well and valid, we sudo login the user given.
"""
data, errors = self.extractData()
if errors:
return False
token = data.get('token', '')
user = None
username = self.request.get('auth_user', '')
if username:
user = api.user.get(username=username)
# Validating the signed request data. If invalid (likely throttled with or expired), generate an
# appropriate error message.
user_data_validation_result = validate_user_data(request=self.request, user=user)
if not user_data_validation_result.result:
IStatusMessage(self.request).addStatusMessage(
_("Invalid data. Details: {0}".format(' '.join(user_data_validation_result.reason))), 'error'
)
return
valid_token = validate_token(token, user=user)
#self.context.plone_log(valid_token)
#self.context.plone_log(token)
if valid_token:
# We should login the user here
self.context.acl_users.session._setupSession(str(username), self.context.REQUEST.RESPONSE)
# TODO: Is there a nicer way of resolving the "@@google_authenticator_token_form" URL?
IStatusMessage(self.request).addStatusMessage(_("Great! You're logged in."), 'info')
request_data = extract_request_data(self.request)
redirect_url = request_data.get('next_url', self.context.absolute_url())
self.request.response.redirect(redirect_url)
else:
IStatusMessage(self.request).addStatusMessage(_("Invalid token or token expired."), 'error')
def handleSubmit(self, action):
if bool(api.user.is_anonymous()) is True:
self.request.response.setStatus(401, _('Forbidden for anonymous'), True)
return False
data, errors = self.extractData()
if errors:
return False
token = data.get('token', '')
valid_token = validate_token(token)
#self.context.plone_log(valid_token)
#self.context.plone_log(token)
reason = None
if valid_token:
try:
# Set the ``enable_two_factor_authentication`` to True
user = api.user.get_current()
user.setMemberProperties(mapping={'enable_two_factor_authentication': True,})
IStatusMessage(self.request).addStatusMessage(
_("Two-step verification is successfully enabled for your account."),
'info'
)
redirect_url = "{0}/@@personal-information".format(self.context.absolute_url())
except Exception as e:
reason = _(str(e))
else:
reason = _("Invalid token or token expired.")
if reason is not None:
IStatusMessage(self.request).addStatusMessage(_("Setup failed! {0}".format(reason)), 'error')
redirect_url = "{0}/@@setup-two-factor-authentication".format(self.context.absolute_url())
# TODO: Is there a nicer way of resolving the "@@setup-two-factor-authentication" URL?
self.request.response.redirect(redirect_url)
