diff options
author | Michał Górny <mgorny@gentoo.org> | 2013-08-08 16:01:11 +0200 |
---|---|---|
committer | Michał Górny <mgorny@gentoo.org> | 2013-08-09 22:39:53 +0200 |
commit | 29b63498ad9db38f268aa29a3fcc0af1b9806e1a (patch) | |
tree | 47302a64b4b5492b9b7534989221cd8469853eab /okupy/accounts | |
parent | Merge pull request #49 from mgorny/merged-settings (diff) | |
download | identity.gentoo.org-29b63498ad9db38f268aa29a3fcc0af1b9806e1a.tar.gz identity.gentoo.org-29b63498ad9db38f268aa29a3fcc0af1b9806e1a.tar.bz2 identity.gentoo.org-29b63498ad9db38f268aa29a3fcc0af1b9806e1a.zip |
Introduce initial code for two-phase auth support.
This commit adds a simple NoOTPDevice model that currently serves
the purpose of responding successfully to any request. The login view
has been extended with proper OTP device setup and initial verification
support.
Diffstat (limited to 'okupy/accounts')
-rw-r--r-- | okupy/accounts/views.py | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/okupy/accounts/views.py b/okupy/accounts/views.py index f57b1fb..66e8c1c 100644 --- a/okupy/accounts/views.py +++ b/okupy/accounts/views.py @@ -4,7 +4,6 @@ from django.conf import settings from django.contrib import messages from django.contrib.auth import (login as _login, logout as _logout, authenticate) -from django.contrib.auth.decorators import login_required from django.core.mail import send_mail from django.core.urlresolvers import reverse from django.db import IntegrityError @@ -15,6 +14,7 @@ from django.shortcuts import redirect, render from django.utils.html import format_html from django.utils.http import urlencode from django.views.decorators.csrf import csrf_exempt +from django_otp.decorators import otp_required from openid.extensions.ax import FetchRequest, FetchResponse from openid.extensions.sreg import SRegRequest, SRegResponse @@ -31,6 +31,7 @@ from .openid_store import DjangoDBOpenIDStore from ..common.ldap_helpers import get_ldap_connection from ..common.exceptions import OkupyError from ..common.log import log_extra_data +from ..otp import init_otp # the following two are for exceptions import openid.yadis.discover @@ -56,7 +57,7 @@ class DevListsView(View): return render(request, self.template_name, {'devlist': devlist}) -@login_required +@otp_required def index(request): anon_ldap_user = get_ldap_connection() results = anon_ldap_user.search_s(settings.AUTH_LDAP_USER_DN_TEMPLATE % { @@ -151,8 +152,12 @@ def login(request): if user and user.is_active: _login(request, user) - if request.user.is_authenticated(): + # prepare devices, and see if OTP is enabled + init_otp(request) + if request.user.is_verified(): return redirect(next) + if request.user.is_authenticated(): + raise NotImplementedError('OTP form not implemented yet') if login_form is None: login_form = LoginForm() @@ -431,7 +436,7 @@ openid_ax_attribute_mapping = { } -@login_required +@otp_required def openid_auth_site(request): try: oreq = request.session['openid_request'] |