1
0
mirror of https://github.com/dkmstr/openuds.git synced 2024-12-22 13:34:04 +03:00

Fixed MFAs

This commit is contained in:
Adolfo Gómez García 2023-02-28 14:00:55 +01:00
parent f4d15e0fca
commit 8f2b9bf136
No known key found for this signature in database
GPG Key ID: DD1ABF20724CDA23
2 changed files with 8 additions and 25 deletions

View File

@ -80,16 +80,6 @@ class MFA(Module):
# : your own :py:meth:uds.core.module.BaseModule.icon method.
iconFile: typing.ClassVar[str] = 'mfa.png'
# : Cache time for the generated MFA code
# : this means that the code will be valid for this time, and will not
# : be resent to the user until the time expires.
# : This value is in second
# : Note: This value is used by default "process" methos, but you can
# : override it in your own implementation.
# : Note: This value is only used in "validity" method, that is also overridable
# : by your own implementation, so its up to you to use it or not.
cacheTime: typing.ClassVar[int] = 0
class RESULT(enum.IntEnum):
"""
This enum is used to know if the MFA code was sent or not.
@ -139,14 +129,6 @@ class MFA(Module):
"""
return ''
def validity(self) -> int:
"""
This method will be invoked from the MFA form, to know the validity in secods
of the MFA code.
If value is 0 or less, means the code is always valid.
"""
return self.cacheTime
def emptyIndentifierAllowedToLogin(self, request: 'ExtendedHttpRequest') -> typing.Optional[bool]:
"""
If this method returns True, an user that has no "identifier" is allowed to login without MFA
@ -228,7 +210,7 @@ class MFA(Module):
"""
# try to get the stored code
data = self._getData(request, userId)
validity = validity if validity is not None else self.validity()
validity = validity if validity is not None else 0
try:
if data and validity:
# if we have a stored code, check if it's still valid
@ -278,7 +260,7 @@ class MFA(Module):
data = self._getData(request, userId)
if data and len(data) == 2:
validity = validity if validity is not None else self.validity()
validity = validity if validity is not None else 0
if (
validity > 0
and data[0] + datetime.timedelta(seconds=validity)

View File

@ -198,11 +198,12 @@ def mfa(request: ExtendedHttpRequest) -> HttpResponse:
mfaInstance: 'mfas.MFA' = mfaProvider.getInstance()
# Get validity duration
validity = max(mfaInstance.validity(), mfaProvider.validity*60)
start_time = request.session.get('mfa_start_time', time.time())
validity = mfaProvider.validity*60
now = models.getSqlDatetimeAsUnix()
start_time = request.session.get('mfa_start_time', now)
# If mfa process timed out, we need to start login again
if validity > 0 and time.time() - start_time > validity:
if validity > 0 and now - start_time > validity:
logger.debug('MFA: MFA process timed out')
request.session.flush() # Clear session, and redirect to login
return HttpResponseRedirect(reverse('page.login'))
@ -238,7 +239,7 @@ def mfa(request: ExtendedHttpRequest) -> HttpResponse:
request.user.name,
mfaIdentifier,
code,
validity=validity*60,
validity=validity,
)
request.authorized = True
# Remove mfa_start_time from session
@ -288,7 +289,7 @@ def mfa(request: ExtendedHttpRequest) -> HttpResponse:
# store on session the start time of the MFA process if not already stored
if 'mfa_start_time' not in request.session:
request.session['mfa_start_time'] = time.time()
request.session['mfa_start_time'] = now
except Exception as e:
logger.error('Error processing MFA: %s', e)
return errors.errorView(request, errors.UNKNOWN_ERROR)