app-MAIL-temp/app/auth/views/mfa.py

import pyotp
from flask import request, render_template, redirect, url_for, flash, session
from flask_login import login_user
from flask_wtf import FlaskForm
from wtforms import StringField, validators

from app.auth.base import auth_bp
from app.config import MFA_USER_ID
from app.log import LOG
from app.models import User


class OtpTokenForm(FlaskForm):
    token = StringField("Token", validators=[validators.DataRequired()])


@auth_bp.route("/mfa", methods=["GET", "POST"])
def mfa():
    # passed from login page
    user_id = session.get(MFA_USER_ID)

    # user access this page directly without passing by login page
    if not user_id:
        flash("Unknown error, redirect back to main page", "warning")
        return redirect(url_for("auth.login"))

    user = User.get(user_id)

    if not (user and user.enable_otp):
        flash("Only user with MFA enabled should go to this page", "warning")
        return redirect(url_for("auth.login"))

    otp_token_form = OtpTokenForm()
    next_url = request.args.get("next")

    if otp_token_form.validate_on_submit():
        totp = pyotp.TOTP(user.otp_secret)

        token = otp_token_form.token.data

        if totp.verify(token):
            del session[MFA_USER_ID]

            login_user(user)
            flash(f"Welcome back {user.name}!")

            # User comes to login page from another page
            if next_url:
                LOG.debug("redirect user to %s", next_url)
                return redirect(next_url)
            else:
                LOG.debug("redirect user to dashboard")
                return redirect(url_for("dashboard.index"))

        else:
            flash("Incorrect token", "warning")
            otp_token_form.token.data = None

    return render_template(
        "auth/mfa.html",
        otp_token_form=otp_token_form,
        enable_fido=(user.fido_enabled()),
        next_url=next_url,
    )
Create auth/mfa page used by user who has enabled MFA 2019-12-27 15:34:10 +01:00			`import pyotp`
			`from flask import request, render_template, redirect, url_for, flash, session`
			`from flask_login import login_user`
			`from flask_wtf import FlaskForm`
			`from wtforms import StringField, validators`

			`from app.auth.base import auth_bp`
			`from app.config import MFA_USER_ID`
			`from app.log import LOG`
			`from app.models import User`


			`class OtpTokenForm(FlaskForm):`
			`token = StringField("Token", validators=[validators.DataRequired()])`


			`@auth_bp.route("/mfa", methods=["GET", "POST"])`
			`def mfa():`
			`# passed from login page`
Fix user could go to MFA page directly 2020-01-03 23:42:35 +01:00			`user_id = session.get(MFA_USER_ID)`

			`# user access this page directly without passing by login page`
			`if not user_id:`
			`flash("Unknown error, redirect back to main page", "warning")`
redirect to login page instead 2020-01-03 23:50:34 +01:00			`return redirect(url_for("auth.login"))`
Fix user could go to MFA page directly 2020-01-03 23:42:35 +01:00
Create auth/mfa page used by user who has enabled MFA 2019-12-27 15:34:10 +01:00			`user = User.get(user_id)`

Fix user could go to MFA page directly 2020-01-03 23:42:35 +01:00			`if not (user and user.enable_otp):`
			`flash("Only user with MFA enabled should go to this page", "warning")`
redirect to login page instead 2020-01-03 23:50:34 +01:00			`return redirect(url_for("auth.login"))`
Create auth/mfa page used by user who has enabled MFA 2019-12-27 15:34:10 +01:00
			`otp_token_form = OtpTokenForm()`
			`next_url = request.args.get("next")`

			`if otp_token_form.validate_on_submit():`
			`totp = pyotp.TOTP(user.otp_secret)`

remove redundant code 2019-12-27 17:36:35 +01:00			`token = otp_token_form.token.data`
Create auth/mfa page used by user who has enabled MFA 2019-12-27 15:34:10 +01:00
remove redundant code 2019-12-27 17:36:35 +01:00			`if totp.verify(token):`
			`del session[MFA_USER_ID]`
Create auth/mfa page used by user who has enabled MFA 2019-12-27 15:34:10 +01:00
remove redundant code 2019-12-27 17:36:35 +01:00			`login_user(user)`
			`flash(f"Welcome back {user.name}!")`
Create auth/mfa page used by user who has enabled MFA 2019-12-27 15:34:10 +01:00
remove redundant code 2019-12-27 17:36:35 +01:00			`# User comes to login page from another page`
			`if next_url:`
			`LOG.debug("redirect user to %s", next_url)`
			`return redirect(next_url)`
Create auth/mfa page used by user who has enabled MFA 2019-12-27 15:34:10 +01:00			`else:`
remove redundant code 2019-12-27 17:36:35 +01:00			`LOG.debug("redirect user to dashboard")`
			`return redirect(url_for("dashboard.index"))`

			`else:`
			`flash("Incorrect token", "warning")`
Remove token when submitted value is incorrect 2020-05-22 14:35:37 +02:00			`otp_token_form.token.data = None`
Create auth/mfa page used by user who has enabled MFA 2019-12-27 15:34:10 +01:00
Black formatted 2020-05-07 11:53:28 +02:00			`return render_template(`
			`"auth/mfa.html",`
			`otp_token_form=otp_token_form,`
model - fido_enabled 2020-05-07 14:32:52 +02:00			`enable_fido=(user.fido_enabled()),`
reformat 2020-05-17 10:35:11 +02:00			`next_url=next_url,`
Black formatted 2020-05-07 11:53:28 +02:00			`)`