totp => otp, integrate with factors, new setup form

2019-02-25 12:29:40 +01:00
parent 9c2cfd7db4
commit bb81bb5a8d
30 changed files with 455 additions and 429 deletions
--- a/passbook/otp/factors.py
+++ b/passbook/otp/factors.py
@ -0,0 +1,49 @@
+"""OTP Factor logic"""
+from logging import getLogger
+
+from django.contrib import messages
+from django.utils.translation import gettext as _
+from django.views.generic import FormView
+from django_otp import match_token, user_has_device
+
+from passbook.core.auth.factor import AuthenticationFactor
+from passbook.otp.forms import OTPVerifyForm
+from passbook.otp.views import OTP_SETTING_UP_KEY, EnableView
+
+LOGGER = getLogger(__name__)
+
+class OTPFactor(FormView, AuthenticationFactor):
+    """OTP Factor View"""
+
+    template_name = 'login/form_with_user.html'
+    form_class = OTPVerifyForm
+
+    def get(self, request, *args, **kwargs):
+        """Check if User has OTP enabled and if OTP is enforced"""
+        if not user_has_device(self.pending_user):
+            LOGGER.debug("User doesn't have OTP Setup.")
+            if self.authenticator.current_factor.enforced:
+                # Redirect to setup view
+                LOGGER.debug("OTP is enforced, redirecting to setup")
+                request.user = self.pending_user
+                LOGGER.debug("Passing GET to EnableView")
+                return EnableView().dispatch(request)
+            LOGGER.debug("OTP is not enforced, skipping form")
+            return self.authenticator.user_ok()
+        return super().get(request, *args, **kwargs)
+
+    def post(self, request, *args, **kwargs):
+        """Check if setup is in progress and redirect to EnableView"""
+        if OTP_SETTING_UP_KEY in request.session:
+            LOGGER.debug("Passing POST to EnableView")
+            request.user = self.pending_user
+            return EnableView().dispatch(request)
+        return super().post(self, request, *args, **kwargs)
+
+    def form_valid(self, form: OTPVerifyForm):
+        """Verify OTP Token"""
+        device = match_token(self.pending_user, form.cleaned_data.get('code'))
+        if device:
+            return self.authenticator.user_ok()
+        messages.error(self.request, _('Invalid OTP.'))
+        return self.form_invalid(form)