2019-12-29 15:10:40 +01:00
|
|
|
import pyotp
|
|
|
|
from flask import render_template, flash, redirect, url_for
|
|
|
|
from flask_login import login_required, current_user
|
|
|
|
from flask_wtf import FlaskForm
|
|
|
|
from wtforms import StringField, validators
|
|
|
|
|
|
|
|
from app.dashboard.base import dashboard_bp
|
|
|
|
from app.extensions import db
|
2020-05-17 10:11:38 +02:00
|
|
|
from app.models import RecoveryCode
|
2019-12-29 15:10:40 +01:00
|
|
|
|
|
|
|
|
|
|
|
class OtpTokenForm(FlaskForm):
|
|
|
|
token = StringField("Token", validators=[validators.DataRequired()])
|
|
|
|
|
|
|
|
|
|
|
|
@dashboard_bp.route("/mfa_cancel", methods=["GET", "POST"])
|
|
|
|
@login_required
|
|
|
|
def mfa_cancel():
|
|
|
|
if not current_user.enable_otp:
|
|
|
|
flash("you don't have MFA enabled", "warning")
|
|
|
|
return redirect(url_for("dashboard.index"))
|
|
|
|
|
|
|
|
otp_token_form = OtpTokenForm()
|
|
|
|
totp = pyotp.TOTP(current_user.otp_secret)
|
|
|
|
|
|
|
|
if otp_token_form.validate_on_submit():
|
|
|
|
token = otp_token_form.token.data
|
|
|
|
|
|
|
|
if totp.verify(token):
|
|
|
|
current_user.enable_otp = False
|
2019-12-29 15:32:27 +01:00
|
|
|
current_user.otp_secret = None
|
2019-12-29 15:10:40 +01:00
|
|
|
db.session.commit()
|
2020-05-17 10:11:38 +02:00
|
|
|
|
|
|
|
# user does not have any 2FA enabled left, delete all recovery codes
|
|
|
|
if not current_user.two_factor_authentication_enabled():
|
|
|
|
RecoveryCode.empty(current_user)
|
|
|
|
|
2019-12-29 15:10:40 +01:00
|
|
|
flash("MFA is now disabled", "warning")
|
|
|
|
return redirect(url_for("dashboard.index"))
|
|
|
|
else:
|
|
|
|
flash("Incorrect token", "warning")
|
|
|
|
|
|
|
|
return render_template("dashboard/mfa_cancel.html", otp_token_form=otp_token_form)
|