mirror of
https://github.com/dkmstr/openuds.git
synced 2024-12-24 21:34:41 +03:00
Merge remote-tracking branch 'origin/v3.5-mfa'
This commit is contained in:
commit
29fd2c068a
@ -778,7 +778,7 @@ class gui:
|
||||
|
||||
def __init__(self, **options):
|
||||
super().__init__(**options)
|
||||
if options.get('values') and isinstance(options.get('values'), dict):
|
||||
if options.get('values') and isinstance(options.get('values'), (dict, list, tuple)):
|
||||
options['values'] = gui.convertToChoices(options['values'])
|
||||
self._data['values'] = options.get('values', [])
|
||||
if 'fills' in options:
|
||||
|
@ -5,7 +5,7 @@ import ssl
|
||||
import typing
|
||||
import logging
|
||||
|
||||
from django.utils.translation import ugettext_noop as _
|
||||
from django.utils.translation import gettext_noop as _
|
||||
|
||||
from uds.core import mfas
|
||||
from uds.core.ui import gui
|
||||
|
1
server/src/uds/mfas/SMS/__init__.py
Normal file
1
server/src/uds/mfas/SMS/__init__.py
Normal file
@ -0,0 +1 @@
|
||||
from . import mfa
|
179
server/src/uds/mfas/SMS/mfa.py
Normal file
179
server/src/uds/mfas/SMS/mfa.py
Normal file
@ -0,0 +1,179 @@
|
||||
import typing
|
||||
import logging
|
||||
|
||||
from django.utils.translation import gettext_noop as _, gettext
|
||||
import requests
|
||||
import requests.auth
|
||||
|
||||
from uds.core import mfas
|
||||
from uds.core.ui import gui
|
||||
|
||||
if typing.TYPE_CHECKING:
|
||||
from uds.core.module import Module
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
|
||||
class SMSMFA(mfas.MFA):
|
||||
typeName = _('SMS Thought HTTP')
|
||||
typeType = 'smsHttpMFA'
|
||||
typeDescription = _('Simple SMS sending MFA using HTTP')
|
||||
iconFile = 'sms.png'
|
||||
|
||||
smsSendingUrl = gui.TextField(
|
||||
length=128,
|
||||
label=_('URL pattern for SMS sending'),
|
||||
order=1,
|
||||
tooltip=_(
|
||||
'URL pattern for SMS sending. It can contain the following '
|
||||
'variables:<br>'
|
||||
'<ul>'
|
||||
'<li>{code} - the code to send</li>'
|
||||
'<li>{phone} - the phone number</li>'
|
||||
'</ul>'
|
||||
),
|
||||
required=True,
|
||||
tab=_('HTTP Server'),
|
||||
)
|
||||
|
||||
ignoreCertificateErrors = gui.CheckBoxField(
|
||||
label=_('Ignore certificate errors'),
|
||||
order=2,
|
||||
tab=_('HTTP Server'),
|
||||
defvalue=False,
|
||||
tooltip=_(
|
||||
'If checked, the server certificate will be ignored. This is '
|
||||
'useful if the server uses a self-signed certificate.'
|
||||
),
|
||||
)
|
||||
|
||||
smsSendingMethod = gui.ChoiceField(
|
||||
label=_('SMS sending method'),
|
||||
order=2,
|
||||
tooltip=_('Method for sending SMS'),
|
||||
required=True,
|
||||
tab=_('HTTP Server'),
|
||||
values=('GET', 'POST', 'PUT'),
|
||||
)
|
||||
|
||||
smsSendingParameters = gui.TextField(
|
||||
length=128,
|
||||
label=_('Parameters for SMS POST/PUT sending'),
|
||||
order=3,
|
||||
tooltip=_(
|
||||
'Parameters for SMS sending via POST/PUT. It can contain the following '
|
||||
'variables:<br>'
|
||||
'<ul>'
|
||||
'<li>{code} - the code to send</li>'
|
||||
'<li>{phone} - the phone number</li>'
|
||||
'</ul>'
|
||||
),
|
||||
required=False,
|
||||
tab=_('HTTP Server'),
|
||||
)
|
||||
|
||||
smsAuthenticationMethod = gui.ChoiceField(
|
||||
label=_('SMS authentication method'),
|
||||
order=3,
|
||||
tooltip=_('Method for sending SMS'),
|
||||
required=True,
|
||||
tab=_('HTTP Server'),
|
||||
values=[
|
||||
{'id': 0, 'text': _('None')},
|
||||
{'id': 1, 'text': _('HTTP Basic Auth')},
|
||||
{'id': 2, 'text': _('HTTP Digest Auth')},
|
||||
{'id': 3, 'text': _('HTTP Token Auth')},
|
||||
],
|
||||
)
|
||||
|
||||
smsAuthenticationUserOrToken = gui.TextField(
|
||||
length=128,
|
||||
label=_('SMS authentication user or token'),
|
||||
order=4,
|
||||
tooltip=_('User or token for SMS authentication'),
|
||||
required=False,
|
||||
tab=_('HTTP Server'),
|
||||
)
|
||||
|
||||
smsAuthenticationPassword = gui.TextField(
|
||||
length=128,
|
||||
label=_('SMS authentication password'),
|
||||
order=5,
|
||||
tooltip=_('Password for SMS authentication'),
|
||||
required=False,
|
||||
tab=_('HTTP Server'),
|
||||
)
|
||||
|
||||
def initialize(self, values: 'Module.ValuesType') -> None:
|
||||
return super().initialize(values)
|
||||
|
||||
def composeSmsUrl(self, code: str, phone: str) -> str:
|
||||
url = self.smsSendingUrl.value
|
||||
url = url.replace('{code}', code)
|
||||
url = url.replace('{phone}', phone)
|
||||
return url
|
||||
|
||||
def getSession(self) -> requests.Session:
|
||||
session = requests.Session()
|
||||
# 0 means no authentication
|
||||
if self.smsAuthenticationMethod.value == 1:
|
||||
session.auth = requests.auth.HTTPBasicAuth(
|
||||
username=self.smsAuthenticationUserOrToken.value,
|
||||
password=self.smsAuthenticationPassword.value,
|
||||
)
|
||||
elif self.smsAuthenticationMethod.value == 2:
|
||||
session.auth = requests.auth.HTTPDigestAuth(
|
||||
self.smsAuthenticationUserOrToken.value,
|
||||
self.smsAuthenticationPassword.value,
|
||||
)
|
||||
elif self.smsAuthenticationMethod.value == 3:
|
||||
session.headers['Authorization'] = (
|
||||
'Token ' + self.smsAuthenticationUserOrToken.value
|
||||
)
|
||||
# Any other value means no authentication
|
||||
return session
|
||||
|
||||
def sendSMS_GET(self, url: str) -> None:
|
||||
response = self.getSession().get(url)
|
||||
if response.status_code != 200:
|
||||
raise Exception('Error sending SMS: ' + response.text)
|
||||
|
||||
def sendSMS_POST(self, url: str, code: str, phone: str) -> None:
|
||||
# Compose POST data
|
||||
data = ''
|
||||
if self.smsSendingParameters.value:
|
||||
data = self.smsSendingParameters.value.replace('{code}', code).replace(
|
||||
'{phone}', phone
|
||||
)
|
||||
response = self.getSession().post(url, data=data.encode())
|
||||
if response.status_code != 200:
|
||||
raise Exception('Error sending SMS: ' + response.text)
|
||||
|
||||
def sendSMS_PUT(self, url: str, code: str, phone: str) -> None:
|
||||
# Compose POST data
|
||||
data = ''
|
||||
if self.smsSendingParameters.value:
|
||||
data = self.smsSendingParameters.value.replace('{code}', code).replace(
|
||||
'{phone}', phone
|
||||
)
|
||||
response = self.getSession().put(url, data=data.encode())
|
||||
if response.status_code != 200:
|
||||
raise Exception('Error sending SMS: ' + response.text)
|
||||
|
||||
def sendSMS(self, code: str, phone: str) -> None:
|
||||
url = self.composeSmsUrl(code, phone)
|
||||
if self.smsSendingMethod.value == 'GET':
|
||||
return self.sendSMS_GET(url)
|
||||
elif self.smsSendingMethod.value == 'POST':
|
||||
return self.sendSMS_POST(url, code, phone)
|
||||
elif self.smsSendingMethod.value == 'PUT':
|
||||
return self.sendSMS_PUT(url, code, phone)
|
||||
else:
|
||||
raise Exception('Unknown SMS sending method')
|
||||
|
||||
def label(self) -> str:
|
||||
return gettext('MFA Code')
|
||||
|
||||
def sendCode(self, userId: str, identifier: str, code: str) -> None:
|
||||
logger.debug('Sending code: %s', code)
|
||||
return
|
BIN
server/src/uds/mfas/SMS/sms.png
Executable file
BIN
server/src/uds/mfas/SMS/sms.png
Executable file
Binary file not shown.
After Width: | Height: | Size: 1.1 KiB |
@ -1,7 +1,7 @@
|
||||
import typing
|
||||
import logging
|
||||
|
||||
from django.utils.translation import ugettext_noop as _
|
||||
from django.utils.translation import gettext_noop as _
|
||||
|
||||
from uds.core import mfas
|
||||
from uds.core.ui import gui
|
||||
|
@ -1,3 +1,28 @@
|
||||
@angular-devkit/build-angular
|
||||
MIT
|
||||
The MIT License
|
||||
|
||||
Copyright (c) 2017 Google, Inc.
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
of this software and associated documentation files (the "Software"), to deal
|
||||
in the Software without restriction, including without limitation the rights
|
||||
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
copies of the Software, and to permit persons to whom the Software is
|
||||
furnished to do so, subject to the following conditions:
|
||||
|
||||
The above copyright notice and this permission notice shall be included in all
|
||||
copies or substantial portions of the Software.
|
||||
|
||||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
||||
SOFTWARE.
|
||||
|
||||
|
||||
@angular/animations
|
||||
MIT
|
||||
|
||||
@ -5,7 +30,7 @@ MIT
|
||||
MIT
|
||||
The MIT License
|
||||
|
||||
Copyright (c) 2022 Google LLC.
|
||||
Copyright (c) 2021 Google LLC.
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
of this software and associated documentation files (the "Software"), to deal
|
||||
@ -39,7 +64,7 @@ MIT
|
||||
MIT
|
||||
The MIT License
|
||||
|
||||
Copyright (c) 2022 Google LLC.
|
||||
Copyright (c) 2021 Google LLC.
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
of this software and associated documentation files (the "Software"), to deal
|
||||
@ -94,7 +119,7 @@ WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
||||
|
||||
core-js
|
||||
MIT
|
||||
Copyright (c) 2014-2022 Denis Pushkarev
|
||||
Copyright (c) 2014-2021 Denis Pushkarev
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
of this software and associated documentation files (the "Software"), to deal
|
||||
@ -406,6 +431,31 @@ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
||||
SOFTWARE.
|
||||
|
||||
|
||||
resize-observer-polyfill
|
||||
MIT
|
||||
The MIT License (MIT)
|
||||
|
||||
Copyright (c) 2016 Denis Rul
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
of this software and associated documentation files (the "Software"), to deal
|
||||
in the Software without restriction, including without limitation the rights
|
||||
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
copies of the Software, and to permit persons to whom the Software is
|
||||
furnished to do so, subject to the following conditions:
|
||||
|
||||
The above copyright notice and this permission notice shall be included in all
|
||||
copies or substantial portions of the Software.
|
||||
|
||||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
||||
SOFTWARE.
|
||||
|
||||
|
||||
rxjs
|
||||
Apache-2.0
|
||||
Apache License
|
||||
@ -627,6 +677,9 @@ LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
|
||||
OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
|
||||
PERFORMANCE OF THIS SOFTWARE.
|
||||
|
||||
web-animations-js
|
||||
Apache-2.0
|
||||
|
||||
zone.js
|
||||
MIT
|
||||
The MIT License
|
||||
|
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
@ -1 +1 @@
|
||||
!function(){"use strict";var e,s={},d={};function r(e){var t=d[e];if(void 0!==t)return t.exports;var n=d[e]={exports:{}};return s[e].call(n.exports,n,n.exports,r),n.exports}r.m=s,e=[],r.O=function(t,n,c,f){if(!n){var i=1/0;for(u=0;u<e.length;u++){n=e[u][0],c=e[u][1],f=e[u][2];for(var l=!0,o=0;o<n.length;o++)(!1&f||i>=f)&&Object.keys(r.O).every(function(p){return r.O[p](n[o])})?n.splice(o--,1):(l=!1,f<i&&(i=f));if(l){e.splice(u--,1);var a=c();void 0!==a&&(t=a)}}return t}f=f||0;for(var u=e.length;u>0&&e[u-1][2]>f;u--)e[u]=e[u-1];e[u]=[n,c,f]},r.n=function(e){var t=e&&e.__esModule?function(){return e.default}:function(){return e};return r.d(t,{a:t}),t},r.d=function(e,t){for(var n in t)r.o(t,n)&&!r.o(e,n)&&Object.defineProperty(e,n,{enumerable:!0,get:t[n]})},r.o=function(e,t){return Object.prototype.hasOwnProperty.call(e,t)},r.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},function(){var e={666:0};r.O.j=function(c){return 0===e[c]};var t=function(c,f){var o,a,u=f[0],i=f[1],l=f[2],v=0;if(u.some(function(_){return 0!==e[_]})){for(o in i)r.o(i,o)&&(r.m[o]=i[o]);if(l)var b=l(r)}for(c&&c(f);v<u.length;v++)r.o(e,a=u[v])&&e[a]&&e[a][0](),e[a]=0;return r.O(b)},n=self.webpackChunkuds=self.webpackChunkuds||[];n.forEach(t.bind(null,0)),n.push=t.bind(null,n.push.bind(n))}()}();
|
||||
!function(){"use strict";var e,s={},d={};function r(e){var t=d[e];if(void 0!==t)return t.exports;var n=d[e]={exports:{}};return s[e].call(n.exports,n,n.exports,r),n.exports}r.m=s,e=[],r.O=function(t,n,a,f){if(!n){var c=1/0;for(u=0;u<e.length;u++){n=e[u][0],a=e[u][1],f=e[u][2];for(var l=!0,o=0;o<n.length;o++)(!1&f||c>=f)&&Object.keys(r.O).every(function(b){return r.O[b](n[o])})?n.splice(o--,1):(l=!1,f<c&&(c=f));if(l){e.splice(u--,1);var i=a();void 0!==i&&(t=i)}}return t}f=f||0;for(var u=e.length;u>0&&e[u-1][2]>f;u--)e[u]=e[u-1];e[u]=[n,a,f]},r.n=function(e){var t=e&&e.__esModule?function(){return e.default}:function(){return e};return r.d(t,{a:t}),t},r.d=function(e,t){for(var n in t)r.o(t,n)&&!r.o(e,n)&&Object.defineProperty(e,n,{enumerable:!0,get:t[n]})},r.o=function(e,t){return Object.prototype.hasOwnProperty.call(e,t)},r.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},function(){var e={666:0};r.O.j=function(a){return 0===e[a]};var t=function(a,f){var o,i,u=f[0],c=f[1],l=f[2],v=0;for(o in c)r.o(c,o)&&(r.m[o]=c[o]);if(l)var _=l(r);for(a&&a(f);v<u.length;v++)r.o(e,i=u[v])&&e[i]&&e[i][0](),e[u[v]]=0;return r.O(_)},n=self.webpackChunkuds_admin=self.webpackChunkuds_admin||[];n.forEach(t.bind(null,0)),n.push=t.bind(null,n.push.bind(n))}()}();
|
File diff suppressed because one or more lines are too long
@ -73,46 +73,6 @@ gettext("October");
|
||||
gettext("November");
|
||||
gettext("December");
|
||||
gettext("Never");
|
||||
<<<<<<< HEAD
|
||||
gettext("Pool");
|
||||
gettext("State");
|
||||
gettext("User Services");
|
||||
gettext("Name");
|
||||
gettext("Real Name");
|
||||
gettext("state");
|
||||
gettext("Last access");
|
||||
gettext("Group");
|
||||
gettext("Comments");
|
||||
gettext("Enabled");
|
||||
gettext("Disabled");
|
||||
gettext("Blocked");
|
||||
gettext("Service pools");
|
||||
gettext("Users");
|
||||
gettext("Groups");
|
||||
gettext("Any");
|
||||
gettext("All");
|
||||
gettext("Group");
|
||||
gettext("Comments");
|
||||
gettext("Pool");
|
||||
gettext("State");
|
||||
gettext("User Services");
|
||||
gettext("Unique ID");
|
||||
gettext("Friendly Name");
|
||||
gettext("In Use");
|
||||
gettext("IP");
|
||||
gettext("Services Pool");
|
||||
gettext("Groups");
|
||||
gettext("Services Pools");
|
||||
gettext("Assigned services");
|
||||
gettext("Information");
|
||||
gettext("In Maintenance");
|
||||
gettext("Active");
|
||||
gettext("Delete user");
|
||||
gettext("Delete group");
|
||||
gettext("New Authenticator");
|
||||
gettext("Edit Authenticator");
|
||||
gettext("Delete Authenticator");
|
||||
=======
|
||||
gettext("New Network");
|
||||
gettext("Edit Network");
|
||||
gettext("Delete Network");
|
||||
@ -122,7 +82,6 @@ gettext("Delete Proxy");
|
||||
gettext("New Transport");
|
||||
gettext("Edit Transport");
|
||||
gettext("Delete Transport");
|
||||
>>>>>>> origin/v3.5-mfa
|
||||
gettext("New OS Manager");
|
||||
gettext("Edit OS Manager");
|
||||
gettext("Delete OS Manager");
|
||||
@ -269,17 +228,6 @@ gettext("Report finished");
|
||||
gettext("dismiss");
|
||||
gettext("Generate report");
|
||||
gettext("Delete tunnel token - USE WITH EXTREME CAUTION!!!");
|
||||
<<<<<<< HEAD
|
||||
gettext("New Notifier");
|
||||
gettext("Edit Notifier");
|
||||
gettext("Delete actor token - USE WITH EXTREME CAUTION!!!");
|
||||
gettext("New Network");
|
||||
gettext("Edit Network");
|
||||
gettext("Delete Network");
|
||||
gettext("New Transport");
|
||||
gettext("Edit Transport");
|
||||
gettext("Delete Transport");
|
||||
=======
|
||||
gettext("Information");
|
||||
gettext("In Maintenance");
|
||||
gettext("Active");
|
||||
@ -321,7 +269,6 @@ gettext("Delete Authenticator");
|
||||
gettext("New Authenticator");
|
||||
gettext("Edit Authenticator");
|
||||
gettext("Delete Authenticator");
|
||||
>>>>>>> origin/v3.5-mfa
|
||||
gettext("Error saving: ");
|
||||
gettext("Error saving element");
|
||||
gettext("Error handling your request");
|
||||
@ -367,15 +314,14 @@ gettext("User mode");
|
||||
gettext("Logout");
|
||||
gettext("Summary");
|
||||
gettext("Services");
|
||||
<<<<<<< HEAD
|
||||
gettext("Networks");
|
||||
=======
|
||||
gettext("Authentication");
|
||||
>>>>>>> origin/v3.5-mfa
|
||||
gettext("Authenticators");
|
||||
gettext("Multi Factor");
|
||||
gettext("Os Managers");
|
||||
gettext("Connectivity");
|
||||
gettext("Transports");
|
||||
gettext("Networks");
|
||||
gettext("Proxies");
|
||||
gettext("Pools");
|
||||
gettext("Service pools");
|
||||
gettext("Meta pools");
|
||||
@ -385,7 +331,6 @@ gettext("Accounts");
|
||||
gettext("Tools");
|
||||
gettext("Gallery");
|
||||
gettext("Reports");
|
||||
gettext("Notifiers");
|
||||
gettext("Tokens");
|
||||
gettext("Actor");
|
||||
gettext("Tunnel");
|
||||
|
File diff suppressed because one or more lines are too long
@ -70,8 +70,4 @@ class LoginForm(forms.Form):
|
||||
continue
|
||||
choices.append((a.uuid, a.name))
|
||||
|
||||
<<<<<<< HEAD
|
||||
typing.cast(forms.ChoiceField, self.fields['authenticator']).choices = choices
|
||||
=======
|
||||
self.fields['authenticator'].choices = choices # type: ignore
|
||||
>>>>>>> origin/v3.5-mfa
|
||||
|
@ -1,6 +1,6 @@
|
||||
# -*- coding: utf-8 -*-
|
||||
#
|
||||
# Copyright (c) 2018-2022 Virtual Cable S.L.U.
|
||||
# Copyright (c) 2018-2019 Virtual Cable S.L.
|
||||
# All rights reserved.
|
||||
#
|
||||
# Redistribution and use in source and binary forms, with or without modification,
|
||||
@ -36,9 +36,11 @@ import typing
|
||||
|
||||
from django.middleware import csrf
|
||||
from django.shortcuts import render
|
||||
from django.views.decorators.csrf import csrf_exempt
|
||||
from django.http import HttpRequest, HttpResponse, JsonResponse, HttpResponseRedirect
|
||||
from django.views.decorators.cache import never_cache
|
||||
from django.urls import reverse
|
||||
from django.utils.translation import gettext as _
|
||||
|
||||
from uds.core.util.request import ExtendedHttpRequest, ExtendedHttpRequestWithUser
|
||||
from django.views.decorators.cache import never_cache
|
||||
@ -46,6 +48,7 @@ from django.views.decorators.cache import never_cache
|
||||
from uds.core.auths import auth, exceptions
|
||||
from uds.web.util import errors
|
||||
from uds.web.forms.LoginForm import LoginForm
|
||||
from uds.web.forms.MFAForm import MFAForm
|
||||
from uds.web.util.authentication import checkLogin
|
||||
from uds.web.util.services import getServicesData
|
||||
from uds.web.util import configjs
|
||||
@ -55,6 +58,9 @@ logger = logging.getLogger(__name__)
|
||||
|
||||
CSRF_FIELD = 'csrfmiddlewaretoken'
|
||||
|
||||
if typing.TYPE_CHECKING:
|
||||
from uds import models
|
||||
|
||||
|
||||
@never_cache
|
||||
def index(request: HttpRequest) -> HttpResponse:
|
||||
@ -158,3 +164,102 @@ def js(request: ExtendedHttpRequest) -> HttpResponse:
|
||||
@auth.denyNonAuthenticated # webLoginRequired not used here because this is not a web page, but js
|
||||
def servicesData(request: ExtendedHttpRequestWithUser) -> HttpResponse:
|
||||
return JsonResponse(getServicesData(request))
|
||||
|
||||
|
||||
# The MFA page does not needs CRF token, so we disable it
|
||||
@csrf_exempt
|
||||
def mfa(request: ExtendedHttpRequest) -> HttpResponse:
|
||||
if (
|
||||
not request.user or request.authorized
|
||||
): # If no user, or user is already authorized, redirect to index
|
||||
return HttpResponseRedirect(reverse('page.index')) # No user, no MFA
|
||||
|
||||
mfaProvider: 'models.MFA' = request.user.manager.mfa
|
||||
if not mfaProvider:
|
||||
return HttpResponseRedirect(reverse('page.index'))
|
||||
|
||||
userHashValue: str = hashlib.sha3_256(
|
||||
(request.user.name + request.user.uuid + mfaProvider.uuid).encode()
|
||||
).hexdigest()
|
||||
|
||||
# Try to get cookie anc check it
|
||||
mfaCookie = request.COOKIES.get(MFA_COOKIE_NAME, None)
|
||||
if mfaCookie == userHashValue: # Cookie is valid, skip MFA setting authorization
|
||||
request.authorized = True
|
||||
return HttpResponseRedirect(reverse('page.index'))
|
||||
|
||||
# Obtain MFA data
|
||||
authInstance = request.user.manager.getInstance()
|
||||
mfaInstance = mfaProvider.getInstance()
|
||||
|
||||
# Get validity duration
|
||||
validity = min(mfaInstance.validity(), mfaProvider.validity * 60)
|
||||
start_time = request.session.get('mfa_start_time', time.time())
|
||||
|
||||
# If mfa process timed out, we need to start login again
|
||||
if validity > 0 and time.time() - start_time > validity:
|
||||
request.session.flush() # Clear session, and redirect to login
|
||||
return HttpResponseRedirect(reverse('page.login'))
|
||||
|
||||
mfaIdentifier = authInstance.mfaIdentifier(request.user.name)
|
||||
label = mfaInstance.label()
|
||||
|
||||
if request.method == 'POST': # User has provided MFA code
|
||||
form = MFAForm(request.POST)
|
||||
if form.is_valid():
|
||||
code = form.cleaned_data['code']
|
||||
try:
|
||||
mfaInstance.validate(
|
||||
userHashValue, mfaIdentifier, code, validity=validity
|
||||
)
|
||||
request.authorized = True
|
||||
# Remove mfa_start_time from session
|
||||
if 'mfa_start_time' in request.session:
|
||||
del request.session['mfa_start_time']
|
||||
|
||||
response = HttpResponseRedirect(reverse('page.index'))
|
||||
# If mfaProvider requests to keep MFA code on client, create a mfacookie for this user
|
||||
if (
|
||||
mfaProvider.remember_device > 0
|
||||
and form.cleaned_data['remember'] is True
|
||||
):
|
||||
response.set_cookie(
|
||||
MFA_COOKIE_NAME,
|
||||
userHashValue,
|
||||
max_age=mfaProvider.remember_device * 60 * 60,
|
||||
)
|
||||
|
||||
return response
|
||||
except exceptions.MFAError as e:
|
||||
logger.error('MFA error: %s', e)
|
||||
return errors.errorView(request, errors.INVALID_MFA_CODE)
|
||||
else:
|
||||
pass # Will render again the page
|
||||
else:
|
||||
# Make MFA send a code
|
||||
try:
|
||||
mfaInstance.process(userHashValue, mfaIdentifier, validity=validity)
|
||||
# store on session the start time of the MFA process if not already stored
|
||||
if 'mfa_start_time' not in request.session:
|
||||
request.session['mfa_start_time'] = time.time()
|
||||
except Exception:
|
||||
logger.exception('Error processing MFA')
|
||||
return errors.errorView(request, errors.UNKNOWN_ERROR)
|
||||
|
||||
# Compose a nice "XX years, XX months, XX days, XX hours, XX minutes" string from mfaProvider.remember_device
|
||||
remember_device = ''
|
||||
# Remember_device is in hours
|
||||
if mfaProvider.remember_device > 0:
|
||||
# if more than a day, we show days only
|
||||
if mfaProvider.remember_device >= 24:
|
||||
remember_device = _('{} days').format(mfaProvider.remember_device // 24)
|
||||
else:
|
||||
remember_device = _('{} hours').format(mfaProvider.remember_device)
|
||||
|
||||
# Redirect to index, but with MFA data
|
||||
request.session['mfa'] = {
|
||||
'label': label or _('MFA Code'),
|
||||
'validity': validity if validity >= 0 else 0,
|
||||
'remember_device': remember_device,
|
||||
}
|
||||
return index(request) # Render index with MFA data
|
||||
|
Loading…
Reference in New Issue
Block a user