User who has enabled MFA can cancel MFA
This commit is contained in:
parent
89664580b3
commit
76eec998ea
|
@ -10,5 +10,6 @@ from .views import (
|
|||
custom_domain,
|
||||
alias_contact_manager,
|
||||
mfa_setup,
|
||||
mfa_cancel,
|
||||
domain_detail,
|
||||
)
|
||||
|
|
|
@ -0,0 +1,28 @@
|
|||
{% extends 'default.html' %}
|
||||
{% set active_page = "setting" %}
|
||||
{% block title %}
|
||||
Cancel MFA
|
||||
{% endblock %}
|
||||
|
||||
|
||||
{% block default_content %}
|
||||
<div class="bg-white p-6" style="max-width: 60em; margin: auto">
|
||||
<h1 class="h2">Multi Factor Authentication</h1>
|
||||
<p>
|
||||
To cancel MFA, please enter the 6-digit number in your TOTP application (Google Authenticator, Authy, etc) here.
|
||||
</p>
|
||||
|
||||
<form method="post">
|
||||
{{ otp_token_form.csrf_token }}
|
||||
|
||||
<div class="font-weight-bold mt-5">Token</div>
|
||||
<div class="small-text">The 6-digit number displayed on your phone.</div>
|
||||
|
||||
{{ otp_token_form.token(class="form-control", placeholder="") }}
|
||||
{{ render_field_errors(otp_token_form.token) }}
|
||||
<button class="btn btn-lg btn-danger mt-2">Cancel MFA</button>
|
||||
</form>
|
||||
|
||||
|
||||
</div>
|
||||
{% endblock %}
|
|
@ -1,5 +1,5 @@
|
|||
{% extends 'default.html' %}
|
||||
|
||||
{% set active_page = "setting" %}
|
||||
{% block title %}
|
||||
MFA Setup
|
||||
{% endblock %}
|
||||
|
@ -10,7 +10,7 @@
|
|||
|
||||
{% block default_content %}
|
||||
<div class="bg-white p-6" style="max-width: 60em; margin: auto">
|
||||
<h1 class="h2">Two Factor Authentication</h1>
|
||||
<h1 class="h2">Multi Factor Authentication</h1>
|
||||
<p>Please open a TOTP application (Google Authenticator, Authy, etc)
|
||||
on your smartphone and scan the following QR Code:
|
||||
</p>
|
||||
|
|
|
@ -50,14 +50,17 @@
|
|||
<button class="btn btn-primary">Update</button>
|
||||
</form>
|
||||
|
||||
|
||||
<hr>
|
||||
<h3 class="mb-0">Multi-Factor Authentication (MFA)</h3>
|
||||
<div class="small-text mb-3">
|
||||
Secure your account with Multi-Factor Authentication.
|
||||
This requires having applications like Google Authenticator, Authy, FreeOTP, etc.
|
||||
</div>
|
||||
{% if not current_user.enable_otp %}
|
||||
<hr>
|
||||
<h3 class="mb-0">Multi-Factor Authentication</h3>
|
||||
<div class="small-text mb-3">
|
||||
Secure your account with Multi-Factor Authentication.
|
||||
This requires having applications like Google Authenticator, Authy, FreeOTP, etc.
|
||||
</div>
|
||||
<a href="{{ url_for('dashboard.mfa_setup') }}" class="btn btn-outline-primary">Enable</a>
|
||||
{% else %}
|
||||
<a href="{{ url_for('dashboard.mfa_cancel') }}" class="btn btn-outline-danger">Cancel MFA</a>
|
||||
{% endif %}
|
||||
|
||||
<hr>
|
||||
|
@ -75,8 +78,12 @@
|
|||
<form method="post" class="form-inline">
|
||||
<input type="hidden" name="form-name" value="change-alias-generator">
|
||||
<select class="custom-select mr-sm-2" name="alias-generator-scheme">
|
||||
<option value="{{ AliasGeneratorEnum.word.value }}" {% if current_user.alias_generator == AliasGeneratorEnum.word.value %} selected {% endif %} >Based on Random {{ AliasGeneratorEnum.word.name.capitalize() }}</option>
|
||||
<option value="{{ AliasGeneratorEnum.uuid.value }}" {% if current_user.alias_generator == AliasGeneratorEnum.uuid.value %} selected {% endif %} >Based on {{ AliasGeneratorEnum.uuid.name.upper() }}</option>
|
||||
<option value="{{ AliasGeneratorEnum.word.value }}"
|
||||
{% if current_user.alias_generator == AliasGeneratorEnum.word.value %} selected {% endif %} >Based on
|
||||
Random {{ AliasGeneratorEnum.word.name.capitalize() }}</option>
|
||||
<option value="{{ AliasGeneratorEnum.uuid.value }}"
|
||||
{% if current_user.alias_generator == AliasGeneratorEnum.uuid.value %} selected {% endif %} >Based
|
||||
on {{ AliasGeneratorEnum.uuid.name.upper() }}</option>
|
||||
</select>
|
||||
<button class="btn btn-outline-primary">Update Preference</button>
|
||||
</form>
|
||||
|
|
|
@ -0,0 +1,36 @@
|
|||
import pyotp
|
||||
from flask import render_template, flash, redirect, url_for
|
||||
from flask_login import login_required, current_user
|
||||
from flask_wtf import FlaskForm
|
||||
from wtforms import StringField, validators
|
||||
|
||||
from app.dashboard.base import dashboard_bp
|
||||
from app.extensions import db
|
||||
|
||||
|
||||
class OtpTokenForm(FlaskForm):
|
||||
token = StringField("Token", validators=[validators.DataRequired()])
|
||||
|
||||
|
||||
@dashboard_bp.route("/mfa_cancel", methods=["GET", "POST"])
|
||||
@login_required
|
||||
def mfa_cancel():
|
||||
if not current_user.enable_otp:
|
||||
flash("you don't have MFA enabled", "warning")
|
||||
return redirect(url_for("dashboard.index"))
|
||||
|
||||
otp_token_form = OtpTokenForm()
|
||||
totp = pyotp.TOTP(current_user.otp_secret)
|
||||
|
||||
if otp_token_form.validate_on_submit():
|
||||
token = otp_token_form.token.data
|
||||
|
||||
if totp.verify(token):
|
||||
current_user.enable_otp = False
|
||||
db.session.commit()
|
||||
flash("MFA is now disabled", "warning")
|
||||
return redirect(url_for("dashboard.index"))
|
||||
else:
|
||||
flash("Incorrect token", "warning")
|
||||
|
||||
return render_template("dashboard/mfa_cancel.html", otp_token_form=otp_token_form)
|
|
@ -35,7 +35,7 @@ def mfa_setup():
|
|||
if totp.verify(token):
|
||||
current_user.enable_otp = True
|
||||
db.session.commit()
|
||||
flash("2FA has been activated", "success")
|
||||
flash("MFA has been activated", "success")
|
||||
return redirect(url_for("dashboard.index"))
|
||||
else:
|
||||
flash("Incorrect token", "warning")
|
||||
|
|
Loading…
Reference in New Issue