def check_access(cls, request):
if request.GET.get('data'):
data = Sign().unsign(request.GET.get('data'), SMS_AGE * 2)
if data.get('ip') == get_ip(request):
user_agent = md5(request.META['HTTP_USER_AGENT'])
if data.get('user_agent') == user_agent:
return True
def check_access(cls, request):
if request.GET.get('data'):
data = Sign().unsign(request.GET.get('data'), SMS_AGE * 2)
if data.get('ip') == get_ip(request):
user_agent = md5(request.META['HTTP_USER_AGENT'])
if data.get('user_agent') == user_agent:
return True
def get_data(request):
data = Sign().unsign(request.GET.get('data'), age=SMS_AGE * 2)
if data is not None and 'credentials' in data:
if 'captcha' in data['credentials']:
data['credentials'].pop('captcha')
user = authenticate(**data['credentials'])
if user is not None and user.is_active:
if get_ip(request) == data.get('ip'):
return data
raise Http404('Data is not valid!')
def get_data(request):
data = Sign().unsign(request.GET.get('data'), age=SMS_AGE * 2)
if data is not None and 'credentials' in data:
if 'captcha' in data['credentials']:
data['credentials'].pop('captcha')
user = authenticate(**data['credentials'])
if user is not None and user.is_active:
if get_ip(request) == data.get('ip'):
return data
raise Http404('Data is not valid!')
def _get_data(request):
data = Sign().unsign(request.GET.get("data"), age=SMS_AGE * 2)
if data is not None and "credentials" in data:
if "captcha" in data["credentials"]:
data["credentials"].pop("captcha")
user = authenticate(**data["credentials"])
if user is not None and user.is_active:
if get_ip(request) == data.get("ip"):
return data
raise Http404("Data is not valid!")
def generate_codes(self):
data = {}
rand = RandomPassword()
for i in range(1, CODE_RANGES + 1):
data[i] = rand.get(max_value=CODE_LEN)
self.code = Sign().sign(json.dumps(data))
return self.save()
def get_data(self):
codes = json.loads(Sign().unsign(self.code))
data = collections.OrderedDict(
sorted(codes.items(), key=lambda t: int(t[0])))
return dict(
codes=data,
number=self.get_code_number()
)
def activate(self, request, activation_key):
sign_key = Sign().unsign(request.GET.get('key'), SMS_AGE * 2)
if str(activation_key) != str(sign_key):
raise Http404('Not found!')
obj = super(ActivationDoneView, self).activate(request, activation_key)
if obj is not None:
UserAuthPhone.objects.filter(user=obj).update(enabled=1)
return obj
def notify(cls, request, message=None, force=False):
obj = cls.objects.filter(user=request.user)
if (obj.exists() and obj[0].enabled) or force:
obj = UserAuthPhone.objects.filter(user=request.user)
message = message if message else SMS_NOTIFICATION_MESSAGE
if obj.exists():
send_sms(SMS_FROM, Sign().unsign(obj[0].phone), message)
elif request.user.email:
send_mail(
[request.user.email], MAIL_DEFAULT_SUBJECT, message)
def send_link(cls, request, user):
data = {
'ip': get_ip(request),
'user_agent': md5(request.META.get('HTTP_USER_AGENT')),
}
link = 'http://%s%s?data=%s' % (
Site.objects.get_current(),
reverse('auth_login'),
Sign().sign(data)
)
send_mail(
[user.email], _('Link for unlock access'), link
)
def send_codes(cls, request):
settings_list = cls.objects.filter(user=request.user)
if settings_list.exists():
created_seconds = (now() - settings_list[0].created).seconds
if created_seconds > 300:
return
codes = json.loads(Sign().unsign(settings_list[0].code))
codes_list = collections.OrderedDict(
sorted(codes.items(), key=lambda t: int(t[0])))
message = ''
for (k, v) in codes_list.items():
message += '%s. %s\n' % (k, v)
send_mail(
[request.user.email], CODES_SUBJECT, message
)
return True
def get_code_number(self):
number = random.choice(range(1, CODE_RANGES + 1))
self.number = Sign().sign(number)
self.save() # update_fields=['number']
return number
def _code_is_valid(self, code):
data = json.loads(Sign().unsign(self.code))
number = str(Sign().unsign(self.number, SMS_AGE))
return str(code) == str(data.get(number))
def _code_is_valid(self, code):
if code.isdigit():
return check_seed(Sign().unsign(self.code), int(code))
def _code_is_valid(self, code):
return str(Sign().unsign(self.code, SMS_AGE)) == str(code)
def send_sms(self):
code = str(RandomPassword().get(SMS_CODE_LEN, SMS_ASCII)).lower()
send_sms(SMS_FROM, Sign().unsign(self.phone), SMS_MESSAGE % code)
self.code = Sign().sign(code)
self.save()
def save(self, *args, **kwargs):
if self.phone.startswith('+'):
self.phone = Sign().sign(get_formatted_phone(self.phone))
super(UserAuthPhone, self).save(*args, **kwargs)
def make(self):
if not self.code:
self.code = Sign().sign(random_seed())
self.save()
def login(request,
template_name='secureauth/login.html',
redirect_field_name=REDIRECT_FIELD_NAME,
authentication_form=BaseAuthForm,
current_app=None,
extra_context=None,
redirect_to=''): # pylint: disable=R0913
args = [redirect_field_name, redirect_to]
redirect_to = request.GET.get(*args) or request.POST.get(*args)
if CHECK_ATTEMPT and UserAuthAttempt.is_banned(request):
return HttpResponseBadRequest()
if request.method == "POST":
form = authentication_form(request,
data=request.POST,
test_cookie_enabled=False)
if form.is_valid():
if not is_safe_url(url=redirect_to, host=request.get_host()):
redirect_to = settings.LOGIN_REDIRECT_URL
if '/' not in redirect_to and '.' not in redirect_to:
redirect_to = reverse(settings.LOGIN_REDIRECT_URL)
user = form.get_user()
if UserAuthIPRange.is_blocked(request, user):
return render(request, 'secureauth/blocked_ip.html')
if SMS_FORCE or len(get_available_auth_methods(user)) > 1:
data = {
'credentials': form.cleaned_data,
'user_pk': user.pk,
'ip': get_ip(request),
'redirect_to': redirect_to,
'extra_context': extra_context,
}
data = Sign().sign(data)
return HttpResponseRedirect(
'%s?data=%s' % (reverse('auth_confirmation'), data))
else:
auth_login(request, user)
if request.session.test_cookie_worked():
request.session.delete_test_cookie()
if UserAuthLogging.is_enabled(request):
UserAuthActivity.check_location(request)
UserAuthActivity.log_auth(request)
UserAuthAttempt.remove(request)
request.session['ip'] = get_ip(request)
return HttpResponseRedirect(redirect_to)
elif CHECK_ATTEMPT is True:
UserAuthAttempt.clean()
UserAuthAttempt.store(request)
else:
form = authentication_form(request)
request.session.set_test_cookie()
current_site = get_current_site(request)
context = {
'form': form,
redirect_field_name: redirect_to,
'site': current_site,
'site_name': current_site.name,
}
if extra_context is not None:
context.update(extra_context)
if django.VERSION < (1, 8):
return TemplateResponse(request,
template_name,
context,
current_app=current_app)
else:
return TemplateResponse(request, template_name, context)
def set_data(self, question, answer):
self.code = Sign().sign(answer)
self.question = Sign().sign(question)
self.save()
return self
def get_google_url(self):
data = model_to_dict(Site.objects.get_current())
data.update(model_to_dict(self.user))
return get_google_url(Sign().unsign(self.code), TOTP_NAME % data)
def get_success_url(self):
key = Sign().sign(self.kwargs.get('activation_key'))
return reverse(
'registration_activation_done', kwargs=self.kwargs
) + '?key=' + key
def get_question(self):
return Sign().unsign(self.question)
def decrypt(key, **kwargs):
if 'initial' in kwargs:
if kwargs['initial'] and key in kwargs['initial'].keys():
unsigned = Sign().unsign(kwargs['initial'][key])
if unsigned is not None:
kwargs['initial'][key] = unsigned
def _code_is_valid(self, code):
return Sign().unsign(self.code) == code
