mirror of
https://github.com/dkmstr/openuds.git
synced 2024-12-22 13:34:04 +03:00
Fixed MFAs
This commit is contained in:
parent
f4d15e0fca
commit
8f2b9bf136
@ -80,16 +80,6 @@ class MFA(Module):
|
||||
# : your own :py:meth:uds.core.module.BaseModule.icon method.
|
||||
iconFile: typing.ClassVar[str] = 'mfa.png'
|
||||
|
||||
# : Cache time for the generated MFA code
|
||||
# : this means that the code will be valid for this time, and will not
|
||||
# : be resent to the user until the time expires.
|
||||
# : This value is in second
|
||||
# : Note: This value is used by default "process" methos, but you can
|
||||
# : override it in your own implementation.
|
||||
# : Note: This value is only used in "validity" method, that is also overridable
|
||||
# : by your own implementation, so its up to you to use it or not.
|
||||
cacheTime: typing.ClassVar[int] = 0
|
||||
|
||||
class RESULT(enum.IntEnum):
|
||||
"""
|
||||
This enum is used to know if the MFA code was sent or not.
|
||||
@ -139,14 +129,6 @@ class MFA(Module):
|
||||
"""
|
||||
return ''
|
||||
|
||||
def validity(self) -> int:
|
||||
"""
|
||||
This method will be invoked from the MFA form, to know the validity in secods
|
||||
of the MFA code.
|
||||
If value is 0 or less, means the code is always valid.
|
||||
"""
|
||||
return self.cacheTime
|
||||
|
||||
def emptyIndentifierAllowedToLogin(self, request: 'ExtendedHttpRequest') -> typing.Optional[bool]:
|
||||
"""
|
||||
If this method returns True, an user that has no "identifier" is allowed to login without MFA
|
||||
@ -228,7 +210,7 @@ class MFA(Module):
|
||||
"""
|
||||
# try to get the stored code
|
||||
data = self._getData(request, userId)
|
||||
validity = validity if validity is not None else self.validity()
|
||||
validity = validity if validity is not None else 0
|
||||
try:
|
||||
if data and validity:
|
||||
# if we have a stored code, check if it's still valid
|
||||
@ -278,7 +260,7 @@ class MFA(Module):
|
||||
|
||||
data = self._getData(request, userId)
|
||||
if data and len(data) == 2:
|
||||
validity = validity if validity is not None else self.validity()
|
||||
validity = validity if validity is not None else 0
|
||||
if (
|
||||
validity > 0
|
||||
and data[0] + datetime.timedelta(seconds=validity)
|
||||
|
@ -198,11 +198,12 @@ def mfa(request: ExtendedHttpRequest) -> HttpResponse:
|
||||
mfaInstance: 'mfas.MFA' = mfaProvider.getInstance()
|
||||
|
||||
# Get validity duration
|
||||
validity = max(mfaInstance.validity(), mfaProvider.validity*60)
|
||||
start_time = request.session.get('mfa_start_time', time.time())
|
||||
validity = mfaProvider.validity*60
|
||||
now = models.getSqlDatetimeAsUnix()
|
||||
start_time = request.session.get('mfa_start_time', now)
|
||||
|
||||
# If mfa process timed out, we need to start login again
|
||||
if validity > 0 and time.time() - start_time > validity:
|
||||
if validity > 0 and now - start_time > validity:
|
||||
logger.debug('MFA: MFA process timed out')
|
||||
request.session.flush() # Clear session, and redirect to login
|
||||
return HttpResponseRedirect(reverse('page.login'))
|
||||
@ -238,7 +239,7 @@ def mfa(request: ExtendedHttpRequest) -> HttpResponse:
|
||||
request.user.name,
|
||||
mfaIdentifier,
|
||||
code,
|
||||
validity=validity*60,
|
||||
validity=validity,
|
||||
)
|
||||
request.authorized = True
|
||||
# Remove mfa_start_time from session
|
||||
@ -288,7 +289,7 @@ def mfa(request: ExtendedHttpRequest) -> HttpResponse:
|
||||
|
||||
# store on session the start time of the MFA process if not already stored
|
||||
if 'mfa_start_time' not in request.session:
|
||||
request.session['mfa_start_time'] = time.time()
|
||||
request.session['mfa_start_time'] = now
|
||||
except Exception as e:
|
||||
logger.error('Error processing MFA: %s', e)
|
||||
return errors.errorView(request, errors.UNKNOWN_ERROR)
|
||||
|
Loading…
Reference in New Issue
Block a user