diff options
author | Michał Górny <mgorny@gentoo.org> | 2013-08-08 22:10:46 +0200 |
---|---|---|
committer | Michał Górny <mgorny@gentoo.org> | 2013-08-09 22:40:22 +0200 |
commit | 2cc6eadc70bd097103cfe1f03eb1dcd62043a7a9 (patch) | |
tree | 4bd757af01fdfc35dc29f7b3f1179379a71c7ad4 /okupy/accounts | |
parent | Support TOTP with database storage (temporarily). (diff) | |
download | identity.gentoo.org-2cc6eadc70bd097103cfe1f03eb1dcd62043a7a9.tar.gz identity.gentoo.org-2cc6eadc70bd097103cfe1f03eb1dcd62043a7a9.tar.bz2 identity.gentoo.org-2cc6eadc70bd097103cfe1f03eb1dcd62043a7a9.zip |
Introduce 'otp-setup', to set TOTP up.
Diffstat (limited to 'okupy/accounts')
-rw-r--r-- | okupy/accounts/urls.py | 1 | ||||
-rw-r--r-- | okupy/accounts/views.py | 43 |
2 files changed, 44 insertions, 0 deletions
diff --git a/okupy/accounts/urls.py b/okupy/accounts/urls.py index 764be4a..1823c41 100644 --- a/okupy/accounts/urls.py +++ b/okupy/accounts/urls.py @@ -13,6 +13,7 @@ accounts_urlpatterns = patterns('', url(r'^foundation-members/$', v.DevListsView.as_view(template_name='foundation-members.html')), url(r'^signup/$', v.signup), url(r'^activate/(?P<token>[a-zA-Z0-9]+)/$', v.activate), + url(r'^otp-setup/$', v.otp_setup), url(r'^endpoint/$', v.openid_endpoint), url(r'^id/(.*)/$', v.user_page), url(r'^auth-site/$', v.openid_auth_site), diff --git a/okupy/accounts/views.py b/okupy/accounts/views.py index de1c0d3..9b21a2d 100644 --- a/okupy/accounts/views.py +++ b/okupy/accounts/views.py @@ -32,6 +32,7 @@ from ..common.ldap_helpers import get_ldap_connection from ..common.exceptions import OkupyError from ..common.log import log_extra_data from ..otp import init_otp +from ..otp.totp.models import TOTPDevice # the following two are for exceptions import openid.yadis.discover @@ -367,6 +368,48 @@ def activate(request, token): return redirect(login) +@otp_required +def otp_setup(request): + dev = TOTPDevice.objects.get(user=request.user) + secret = None + conf_form = None + + if request.method == 'POST': + if 'disable' in request.POST: + dev.disable() + elif 'confirm' in request.POST and 'otp_secret' in request.session: + secret = request.session['otp_secret'] + conf_form = OTPForm(request.POST) + try: + if not conf_form.is_valid(): + raise OkupyError() + token = conf_form.cleaned_data['otp_token'] + if not dev.verify_token(token, secret): + raise OkupyError() + except OkupyError: + messages.error(request, 'Token verification failed.') + conf_form = OTPForm() + else: + dev.enable(secret) + secret = None + conf_form = None + elif 'enable' in request.POST: + secret = dev.gen_secret() + request.session['otp_secret'] = secret + conf_form = OTPForm() + + if secret: + # into groups of four characters + secret = ' '.join([secret[i:i+4] + for i in range(0, len(secret), 4)]) + + return render(request, 'otp-setup.html', { + 'otp_enabled': dev.is_enabled(), + 'secret': secret, + 'conf_form': conf_form, + }) + + # OpenID-specific |