diff --git a/README.md b/README.md index 509c0685..af6d761e 100644 --- a/README.md +++ b/README.md @@ -1160,18 +1160,7 @@ Whenever the model changes, a new migration has to be created. If you have Docker installed, you can create the migration by the following script: ```bash -# create a postgres database for SimpleLogin -docker rm -f sl-db -docker run -p 5432:5432 --name sl-db -e POSTGRES_PASSWORD=postgres -e POSTGRES_DB=sl -d postgres - -# run run `flask db upgrade` to upgrade the DB to the latest stage and -env DB_URI=postgresql://postgres:postgres@127.0.0.1:5432/sl flask db upgrade - -# finally `flask db migrate` to generate the migration script. -env DB_URI=postgresql://postgres:postgres@127.0.0.1:5432/sl flask db migrate - -# remove the db -docker rm -f sl-db +sh new_migration.sh ``` Make sure to review the migration script before committing it. diff --git a/app/auth/views/fido.py b/app/auth/views/fido.py index cd6c14d3..24c4428d 100644 --- a/app/auth/views/fido.py +++ b/app/auth/views/fido.py @@ -31,7 +31,7 @@ def fido(): user = User.get(user_id) - if not (user and (user.fido_enabled())): + if not (user and user.fido_enabled()): flash("Only user with security key linked should go to this page", "warning") return redirect(url_for("auth.login")) diff --git a/app/dashboard/templates/dashboard/setting.html b/app/dashboard/templates/dashboard/setting.html index a55fa180..2ff1ac29 100644 --- a/app/dashboard/templates/dashboard/setting.html +++ b/app/dashboard/templates/dashboard/setting.html @@ -85,22 +85,25 @@ -
-
-
Security Key (WebAuthn)
-
- You can secure your account by linking either your FIDO-supported physical key such as Yubikey, Google Titan, - or a device with appropriate hardware to your account. + {% if current_user.can_use_fido %} +
+
+
Security Key (WebAuthn)
+
+ You can secure your account by linking either your FIDO-supported physical key such as Yubikey, Google + Titan, + or a device with appropriate hardware to your account. +
+ {% if current_user.fido_uuid is none %} + Setup WebAuthn + {% else %} + Disable WebAuthn + {% endif %}
- {% if current_user.fido_uuid is none %} - Setup WebAuthn - {% else %} - Disable WebAuthn - {% endif %}
-
+ {% endif %} -
+
One-Time Password (TOTP)
diff --git a/app/dashboard/views/fido_setup.py b/app/dashboard/views/fido_setup.py index e9432e6c..eec252e1 100644 --- a/app/dashboard/views/fido_setup.py +++ b/app/dashboard/views/fido_setup.py @@ -25,6 +25,13 @@ def fido_setup(): flash("You have already registered your security key", "warning") return redirect(url_for("dashboard.index")) + if not current_user.can_use_fido: + flash( + "This feature is currently in invitation-only beta. Please send us an email if you want to try", + "warning", + ) + return redirect(url_for("dashboard.index")) + fido_token_form = FidoTokenForm() # Handling POST requests diff --git a/app/models.py b/app/models.py index 0224f4aa..c40b25e6 100644 --- a/app/models.py +++ b/app/models.py @@ -140,8 +140,13 @@ class User(db.Model, ModelMixin, UserMixin): fido_pk = db.Column(db.String(), nullable=True, unique=True) fido_sign_count = db.Column(db.Integer(), nullable=True) + # whether user can use Fido + can_use_fido = db.Column( + db.Boolean, default=False, nullable=False, server_default="0" + ) + def fido_enabled(self) -> bool: - if self.fido_uuid is not None: + if self.can_use_fido and self.fido_uuid is not None: return True return False diff --git a/app/paddle_utils.py b/app/paddle_utils.py index a7a35155..cb782e90 100644 --- a/app/paddle_utils.py +++ b/app/paddle_utils.py @@ -10,11 +10,13 @@ import collections import phpserialize import requests from Crypto.Hash import SHA1 + # Crypto can be found at https://pypi.org/project/pycryptodome/ from Crypto.PublicKey import RSA from Crypto.Signature import PKCS1_v1_5 from app.config import PADDLE_PUBLIC_KEY_PATH, PADDLE_VENDOR_ID, PADDLE_AUTH_CODE + # Your Paddle public key. from app.log import LOG diff --git a/migrations/versions/2020_050717_026e7a782ed6_.py b/migrations/versions/2020_050717_026e7a782ed6_.py new file mode 100644 index 00000000..7292a0ce --- /dev/null +++ b/migrations/versions/2020_050717_026e7a782ed6_.py @@ -0,0 +1,43 @@ +"""empty message + +Revision ID: 026e7a782ed6 +Revises: ae94fe5c4e9f +Create Date: 2020-05-07 17:51:48.440962 + +""" +import sqlalchemy_utils +from alembic import op +import sqlalchemy as sa + + +# revision identifiers, used by Alembic. +revision = '026e7a782ed6' +down_revision = 'ae94fe5c4e9f' +branch_labels = None +depends_on = None + + +def upgrade(): + # ### commands auto generated by Alembic - please adjust! ### + op.add_column('users', sa.Column('can_use_fido', sa.Boolean(), server_default='0', nullable=False)) + op.add_column('users', sa.Column('fido_credential_id', sa.String(), nullable=True)) + op.add_column('users', sa.Column('fido_pk', sa.String(), nullable=True)) + op.add_column('users', sa.Column('fido_sign_count', sa.Integer(), nullable=True)) + op.add_column('users', sa.Column('fido_uuid', sa.String(), nullable=True)) + op.create_unique_constraint(None, 'users', ['fido_credential_id']) + op.create_unique_constraint(None, 'users', ['fido_pk']) + op.create_unique_constraint(None, 'users', ['fido_uuid']) + # ### end Alembic commands ### + + +def downgrade(): + # ### commands auto generated by Alembic - please adjust! ### + op.drop_constraint(None, 'users', type_='unique') + op.drop_constraint(None, 'users', type_='unique') + op.drop_constraint(None, 'users', type_='unique') + op.drop_column('users', 'fido_uuid') + op.drop_column('users', 'fido_sign_count') + op.drop_column('users', 'fido_pk') + op.drop_column('users', 'fido_credential_id') + op.drop_column('users', 'can_use_fido') + # ### end Alembic commands ### diff --git a/new_migration.sh b/new_migration.sh new file mode 100644 index 00000000..6c786097 --- /dev/null +++ b/new_migration.sh @@ -0,0 +1,16 @@ +# Generate a new migration script using Docker +# To run it: +# sh new_migration.sh + +# create a postgres database for SimpleLogin +docker rm -f sl-db +docker run -p 5432:5432 --name sl-db -e POSTGRES_PASSWORD=postgres -e POSTGRES_DB=sl -d postgres + +# run run `flask db upgrade` to upgrade the DB to the latest stage and +env DB_URI=postgresql://postgres:postgres@127.0.0.1:5432/sl flask db upgrade + +# finally `flask db migrate` to generate the migration script. +env DB_URI=postgresql://postgres:postgres@127.0.0.1:5432/sl flask db migrate + +# remove the db +docker rm -f sl-db \ No newline at end of file diff --git a/templates/emails/com/welcome.html b/templates/emails/com/welcome.html index 26410f25..f28dd4a8 100644 --- a/templates/emails/com/welcome.html +++ b/templates/emails/com/welcome.html @@ -13,7 +13,7 @@ {% block content %} {{ render_text("My name is Son. I’m the founder of SimpleLogin and I wanted to be the first to welcome you on board.") }} - {{ render_text('To better secure your account, I recommend enabling Multi-Factor Authentication (MFA) on your Setting page.') }} + {{ render_text('To better secure your account, I recommend enabling Multi-Factor Authentication (MFA) on your Setting page.') }} {{ render_text('If you have any feedback or improvement ideas please let me know by simply replying to this email. Yes, this email is not sent from a no-reply address. ') }}