def post(self, request, format=None): if has_two_factor_auth() and two_factor_auth_enabled(request.user.username): return {} randstr = gen_token(max_length=32) token = ClientLoginToken(randstr, request.user.username) token.save() return {"token": randstr}
def post(self, request, format=None): if has_two_factor_auth() and two_factor_auth_enabled(request.user): return {} randstr = gen_token(max_length=32) token = ClientLoginToken(randstr, request.user.username) token.save() return {'token': randstr}
def _two_factor_auth(self, request, user): if not has_two_factor_auth() or not two_factor_auth_enabled(user): return token = request.META.get('HTTP_X_SEAFILE_OTP', '') if not token: self.two_factor_auth_failed = True msg = 'Two factor auth token is missing.' raise serializers.ValidationError(msg) if not verify_two_factor_token(user.username, token): self.two_factor_auth_failed = True msg = 'Two factor auth token is invalid.' raise serializers.ValidationError(msg)
def _two_factor_auth(self, request, username): if not has_two_factor_auth() or not two_factor_auth_enabled(username): return token = request.META.get('HTTP_X_SEAFILE_OTP', '') if not token: self.two_factor_auth_failed = True msg = 'Two factor auth token is missing.' raise serializers.ValidationError(msg) if not verify_two_factor_token(username, token): self.two_factor_auth_failed = True msg = 'Two factor auth token is invalid.' raise serializers.ValidationError(msg)
def log_user_in(request, user, redirect_to): # Ensure the user-originating redirection url is safe. if not is_safe_url(url=redirect_to, host=request.get_host()): redirect_to = settings.LOGIN_REDIRECT_URL if request.session.test_cookie_worked(): request.session.delete_test_cookie() _clear_login_failed_attempts(request, user) if two_factor_auth_enabled(user): return handle_two_factor_auth(request, user, redirect_to) # Okay, security checks complete. Log the user in. auth_login(request, user) return HttpResponseRedirect(redirect_to)
def log_user_in(request, user, redirect_to): # Ensure the user-originating redirection url is safe. if not is_safe_url(url=redirect_to, host=request.get_host()): redirect_to = settings.LOGIN_REDIRECT_URL if request.session.test_cookie_worked(): request.session.delete_test_cookie() _clear_login_failed_attempts(request, user) if two_factor_auth_enabled(user): return handle_two_factor_auth(request, user, redirect_to) # Okay, security checks complete. Log the user in. auth_login(request, user) return HttpResponseRedirect(redirect_to)
def _two_factor_auth(self, request, user): if not has_two_factor_auth() or not two_factor_auth_enabled(user): return if is_device_remembered(request.META.get('HTTP_X_SEAFILE_S2FA', ''), user): return token = request.META.get('HTTP_X_SEAFILE_OTP', '') if not token: # Generate challenge(send sms/call/...) if token is not provided. default_device(user).generate_challenge() self.two_factor_auth_failed = True msg = 'Two factor auth token is missing.' raise serializers.ValidationError(msg) if not verify_two_factor_token(user, token): self.two_factor_auth_failed = True msg = 'Two factor auth token is invalid.' raise serializers.ValidationError(msg)
def log_user_in(request, user, redirect_to): # Ensure the user-originating redirection url is safe. if not is_safe_url(url=redirect_to, host=request.get_host()): redirect_to = settings.LOGIN_REDIRECT_URL if request.session.test_cookie_worked(): request.session.delete_test_cookie() clear_login_failed_attempts(request, user.username) if two_factor_auth_enabled(user): if is_device_remembered(request.COOKIES.get('S2FA', ''), user): from seahub.two_factor.models import default_device user.otp_device = default_device(user) else: return handle_two_factor_auth(request, user, redirect_to) # Okay, security checks complete. Log the user in. auth_login(request, user) return HttpResponseRedirect(redirect_to)