1
0
mirror of https://github.com/dkmstr/openuds.git synced 2024-12-22 13:34:04 +03:00

Merge remote-tracking branch 'origin/v3.6'

This commit is contained in:
Adolfo Gómez García 2023-02-28 13:28:18 +01:00
commit e4a1d0ab29
No known key found for this signature in database
GPG Key ID: DD1ABF20724CDA23
4 changed files with 8 additions and 6 deletions

View File

@ -88,7 +88,7 @@ class MFA(Module):
# : override it in your own implementation.
# : Note: This value is only used in "validity" method, that is also overridable
# : by your own implementation, so its up to you to use it or not.
cacheTime: typing.ClassVar[int] = 5*60
cacheTime: typing.ClassVar[int] = 0
class RESULT(enum.IntEnum):
"""

View File

@ -60,7 +60,6 @@ class RadiusOTP(mfas.MFA):
typeType = 'RadiusOTP'
typeDescription = _('Radius OTP Challenge')
iconFile = 'radius.png'
cacheTime = 1*60 # In this MFA type there are not code generation nor sending... so ? 1 minute or too short ?
server = gui.TextField(
length=64,

View File

@ -26,7 +26,7 @@
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
"""
@author: Daniel Torregrosa
@author: Adolfo Gómez, dkmaster at dkmon dot com
"""
import typing
import logging
@ -63,7 +63,6 @@ class TOTP_MFA(mfas.MFA):
typeType = 'TOTP_MFA'
typeDescription = _('TOTP Based MFA (Google Authenticator, etc)')
iconFile = 'totp.png'
cacheTime = 1 # In this MFA type there are not code generation nor sending... so ? 1 minute or too short ?
issuer = gui.TextField(
length=64,

View File

@ -175,10 +175,12 @@ def mfa(request: ExtendedHttpRequest) -> HttpResponse:
if (
not request.user or request.authorized
): # If no user, or user is already authorized, redirect to index
logger.warning('MFA: No user or user is already authorized')
return HttpResponseRedirect(reverse('page.index')) # No user, no MFA
mfaProvider: typing.Optional['models.MFA'] = request.user.manager.mfa
if not mfaProvider:
logger.warning('MFA: No MFA provider for user')
return HttpResponseRedirect(reverse('page.index'))
mfaUserId = mfas.MFA.getUserId(request.user)
@ -186,6 +188,7 @@ def mfa(request: ExtendedHttpRequest) -> HttpResponse:
# Try to get cookie anc check it
mfaCookie = request.COOKIES.get(MFA_COOKIE_NAME, None)
if mfaCookie == mfaUserId: # Cookie is valid, skip MFA setting authorization
logger.debug('MFA: Cookie is valid, skipping MFA')
request.authorized = True
return HttpResponseRedirect(reverse('page.index'))
@ -194,11 +197,12 @@ def mfa(request: ExtendedHttpRequest) -> HttpResponse:
mfaInstance: 'mfas.MFA' = mfaProvider.getInstance()
# Get validity duration
validity = min(mfaInstance.validity(), mfaProvider.validity*60)
validity = max(mfaInstance.validity(), mfaProvider.validity*60)
start_time = request.session.get('mfa_start_time', time.time())
# If mfa process timed out, we need to start login again
if validity > 0 and time.time() - start_time > validity:
logger.debug('MFA: MFA process timed out')
request.session.flush() # Clear session, and redirect to login
return HttpResponseRedirect(reverse('page.login'))
@ -254,6 +258,7 @@ def mfa(request: ExtendedHttpRequest) -> HttpResponse:
return response
except exceptions.MFAError as e:
logger.error('MFA error: %s', e)
tries += 1
request.session['mfa_tries'] = tries
if tries >= GlobalConfig.MAX_LOGIN_TRIES.getInt():
@ -261,7 +266,6 @@ def mfa(request: ExtendedHttpRequest) -> HttpResponse:
request.session.flush()
# Too many tries, redirect to login error page
return errors.errorView(request, errors.ACCESS_DENIED)
logger.error('MFA error: %s', e)
return errors.errorView(request, errors.INVALID_MFA_CODE)
else:
pass # Will render again the page