mirror of
https://github.com/dkmstr/openuds.git
synced 2024-12-22 13:34:04 +03:00
Merge remote-tracking branch 'origin/v3.6'
This commit is contained in:
commit
e4a1d0ab29
@ -88,7 +88,7 @@ class MFA(Module):
|
||||
# : override it in your own implementation.
|
||||
# : Note: This value is only used in "validity" method, that is also overridable
|
||||
# : by your own implementation, so its up to you to use it or not.
|
||||
cacheTime: typing.ClassVar[int] = 5*60
|
||||
cacheTime: typing.ClassVar[int] = 0
|
||||
|
||||
class RESULT(enum.IntEnum):
|
||||
"""
|
||||
|
@ -60,7 +60,6 @@ class RadiusOTP(mfas.MFA):
|
||||
typeType = 'RadiusOTP'
|
||||
typeDescription = _('Radius OTP Challenge')
|
||||
iconFile = 'radius.png'
|
||||
cacheTime = 1*60 # In this MFA type there are not code generation nor sending... so ? 1 minute or too short ?
|
||||
|
||||
server = gui.TextField(
|
||||
length=64,
|
||||
|
@ -26,7 +26,7 @@
|
||||
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
||||
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
"""
|
||||
@author: Daniel Torregrosa
|
||||
@author: Adolfo Gómez, dkmaster at dkmon dot com
|
||||
"""
|
||||
import typing
|
||||
import logging
|
||||
@ -63,7 +63,6 @@ class TOTP_MFA(mfas.MFA):
|
||||
typeType = 'TOTP_MFA'
|
||||
typeDescription = _('TOTP Based MFA (Google Authenticator, etc)')
|
||||
iconFile = 'totp.png'
|
||||
cacheTime = 1 # In this MFA type there are not code generation nor sending... so ? 1 minute or too short ?
|
||||
|
||||
issuer = gui.TextField(
|
||||
length=64,
|
||||
|
@ -175,10 +175,12 @@ def mfa(request: ExtendedHttpRequest) -> HttpResponse:
|
||||
if (
|
||||
not request.user or request.authorized
|
||||
): # If no user, or user is already authorized, redirect to index
|
||||
logger.warning('MFA: No user or user is already authorized')
|
||||
return HttpResponseRedirect(reverse('page.index')) # No user, no MFA
|
||||
|
||||
mfaProvider: typing.Optional['models.MFA'] = request.user.manager.mfa
|
||||
if not mfaProvider:
|
||||
logger.warning('MFA: No MFA provider for user')
|
||||
return HttpResponseRedirect(reverse('page.index'))
|
||||
|
||||
mfaUserId = mfas.MFA.getUserId(request.user)
|
||||
@ -186,6 +188,7 @@ def mfa(request: ExtendedHttpRequest) -> HttpResponse:
|
||||
# Try to get cookie anc check it
|
||||
mfaCookie = request.COOKIES.get(MFA_COOKIE_NAME, None)
|
||||
if mfaCookie == mfaUserId: # Cookie is valid, skip MFA setting authorization
|
||||
logger.debug('MFA: Cookie is valid, skipping MFA')
|
||||
request.authorized = True
|
||||
return HttpResponseRedirect(reverse('page.index'))
|
||||
|
||||
@ -194,11 +197,12 @@ def mfa(request: ExtendedHttpRequest) -> HttpResponse:
|
||||
mfaInstance: 'mfas.MFA' = mfaProvider.getInstance()
|
||||
|
||||
# Get validity duration
|
||||
validity = min(mfaInstance.validity(), mfaProvider.validity*60)
|
||||
validity = max(mfaInstance.validity(), mfaProvider.validity*60)
|
||||
start_time = request.session.get('mfa_start_time', time.time())
|
||||
|
||||
# If mfa process timed out, we need to start login again
|
||||
if validity > 0 and time.time() - start_time > validity:
|
||||
logger.debug('MFA: MFA process timed out')
|
||||
request.session.flush() # Clear session, and redirect to login
|
||||
return HttpResponseRedirect(reverse('page.login'))
|
||||
|
||||
@ -254,6 +258,7 @@ def mfa(request: ExtendedHttpRequest) -> HttpResponse:
|
||||
|
||||
return response
|
||||
except exceptions.MFAError as e:
|
||||
logger.error('MFA error: %s', e)
|
||||
tries += 1
|
||||
request.session['mfa_tries'] = tries
|
||||
if tries >= GlobalConfig.MAX_LOGIN_TRIES.getInt():
|
||||
@ -261,7 +266,6 @@ def mfa(request: ExtendedHttpRequest) -> HttpResponse:
|
||||
request.session.flush()
|
||||
# Too many tries, redirect to login error page
|
||||
return errors.errorView(request, errors.ACCESS_DENIED)
|
||||
logger.error('MFA error: %s', e)
|
||||
return errors.errorView(request, errors.INVALID_MFA_CODE)
|
||||
else:
|
||||
pass # Will render again the page
|
||||
|
Loading…
Reference in New Issue
Block a user