mirror of
https://github.com/dkmstr/openuds.git
synced 2025-01-11 05:17:55 +03:00
Several Minor MFA fixes
This commit is contained in:
parent
e47e0ee69f
commit
a7ae7d3771
@ -188,7 +188,7 @@ class RadiusOTP(mfas.MFA):
|
||||
raise Exception('User not allowed to login')
|
||||
|
||||
def emptyIndentifierAllowedToLogin(self, request: 'ExtendedHttpRequest') -> typing.Optional[bool]:
|
||||
return self.checkAction(self.allowLoginWithoutMFA.value, request)
|
||||
return None
|
||||
|
||||
def label(self) -> str:
|
||||
return gettext('OTP Code')
|
||||
|
@ -50,6 +50,8 @@ if typing.TYPE_CHECKING:
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
TOTP_INTERVAL = 30 # Seconds between codes
|
||||
|
||||
|
||||
class TOTP_MFA(mfas.MFA):
|
||||
'''
|
||||
@ -159,9 +161,15 @@ class TOTP_MFA(mfas.MFA):
|
||||
def _saveUserData(self, userId: str, data: typing.Tuple[str, bool]) -> None:
|
||||
self.storage.putPickle(userId, data)
|
||||
|
||||
def _removeUserData(self, userId: str) -> None:
|
||||
self.storage.remove(userId)
|
||||
|
||||
def getTOTP(self, userId: str, username: str) -> pyotp.TOTP:
|
||||
return pyotp.TOTP(
|
||||
self._userData(userId)[0], issuer=self.issuer.value, name=username
|
||||
self._userData(userId)[0],
|
||||
issuer=self.issuer.value,
|
||||
name=username,
|
||||
interval=TOTP_INTERVAL,
|
||||
)
|
||||
|
||||
def html(self, request: 'ExtendedHttpRequest', userId: str, username: str) -> str:
|
||||
@ -217,6 +225,11 @@ class TOTP_MFA(mfas.MFA):
|
||||
if self.askForOTP(request) is False:
|
||||
return
|
||||
|
||||
if self.cache.get(userId + code) is not None:
|
||||
raise exceptions.MFAError(
|
||||
gettext('Code is already used. Wait a minute and try again.')
|
||||
)
|
||||
|
||||
# Get data from storage related to this user
|
||||
secret, qrShown = self._userData(userId)
|
||||
|
||||
@ -226,7 +239,12 @@ class TOTP_MFA(mfas.MFA):
|
||||
):
|
||||
raise exceptions.MFAError(gettext('Invalid code'))
|
||||
|
||||
self.cache.put(userId + code, True, self.validWindow.num() * (TOTP_INTERVAL + 1))
|
||||
|
||||
if qrShown is False:
|
||||
self._saveUserData(
|
||||
userId, (secret, True)
|
||||
) # Update user data to show QR code only once
|
||||
|
||||
def resetData(self, userId: str) -> None:
|
||||
self._removeUserData(userId)
|
Binary file not shown.
Before Width: | Height: | Size: 3.5 KiB After Width: | Height: | Size: 14 KiB |
File diff suppressed because one or more lines are too long
@ -99,7 +99,7 @@
|
||||
</svg>
|
||||
</div>
|
||||
</uds-root>
|
||||
<script src="/uds/res/admin/runtime.js?stamp=1677185473" defer></script><script src="/uds/res/admin/polyfills-es5.js?stamp=1677185473" nomodule defer></script><script src="/uds/res/admin/polyfills.js?stamp=1677185473" defer></script><script src="/uds/res/admin/main.js?stamp=1677185473" defer></script>
|
||||
<script src="/uds/res/admin/runtime.js?stamp=1677244945" defer></script><script src="/uds/res/admin/polyfills-es5.js?stamp=1677244945" nomodule defer></script><script src="/uds/res/admin/polyfills.js?stamp=1677244945" defer></script><script src="/uds/res/admin/main.js?stamp=1677244945" defer></script>
|
||||
|
||||
|
||||
</body></html>
|
Loading…
Reference in New Issue
Block a user