show otp secret
This commit is contained in:
parent
876d6c1069
commit
ab632e107d
5 changed files with 15 additions and 8 deletions
|
@ -1,5 +1,6 @@
|
|||
from flask import render_template, redirect, request, url_for, flash, session, abort, current_app
|
||||
from flask_login import login_required, login_user, logout_user, current_user
|
||||
from markupsafe import Markup, escape
|
||||
|
||||
from . import auth
|
||||
from .forms import LoginForm, TwoFAForm, RegistrationForm, ChangePasswordForm, PasswordResetRequestForm, PasswordResetForm
|
||||
|
@ -60,7 +61,6 @@ def login():
|
|||
session['memberberry'] = form.remember_me.data
|
||||
return redirect(url_for('auth.twofactor'))
|
||||
|
||||
#print('remember: ' + str(form.remember_me.data))
|
||||
login_user(user, form.remember_me.data)
|
||||
previp = user.last_ip
|
||||
if request.headers.getlist("X-Forwarded-For"):
|
||||
|
@ -71,7 +71,6 @@ def login():
|
|||
db.session.add(user)
|
||||
db.session.commit()
|
||||
send_email(current_app.config['MAIL_USERNAME'], user.email + ' logged in.', 'auth/email/adm_loginnotify', user=user, ipaddr=lastip )
|
||||
#flash('Last Login: {} from {}'.format(user.last_seen.strftime("%a %d %B %Y %H:%M"), previp))
|
||||
flash('Last Login: {}'.format(user.last_seen.strftime("%a %d %B %Y %H:%M")))
|
||||
return redirect(request.args.get('next') or url_for('panel.dashboard'))
|
||||
else:
|
||||
|
@ -126,8 +125,11 @@ def qrcode():
|
|||
url = pyqrcode.create(current_user.get_totp_uri())
|
||||
stream = BytesIO()
|
||||
url.svg(stream, scale=6)
|
||||
return stream.getvalue(), 200, {
|
||||
'Content-Type': 'image/svg+xml',
|
||||
svg_secret = Markup(stream.getvalue().decode('utf-8'))
|
||||
otp_secret = current_user.get_otp_secret()
|
||||
# since this page contains the sensitive qrcode, make sure the browser
|
||||
# does not cache it
|
||||
return render_template('auth/qrcode.html', svg=svg_secret, otp=otp_secret), 200, {
|
||||
'Cache-Control': 'no-cache, no-store, must-revalidate',
|
||||
'Pragma': 'no-cache',
|
||||
'Expires': '0'}
|
||||
|
|
|
@ -120,6 +120,9 @@ class User(db.Model, UserMixin):
|
|||
def get_totp_uri(self):
|
||||
return 'otpauth://totp/DataPanel:{0}?secret={1}&issuer=datapanel'.format(self.email, self.otp_secret)
|
||||
|
||||
def get_otp_secret(self):
|
||||
return self.otp_secret
|
||||
|
||||
def verify_totp(self, token):
|
||||
return onetimepass.valid_totp(token, self.otp_secret)
|
||||
|
||||
|
|
|
@ -23,4 +23,4 @@ Werkzeug
|
|||
email_validator
|
||||
iso3166
|
||||
psycopg2-binary
|
||||
alembic
|
||||
alembic
|
||||
|
|
|
@ -5,12 +5,11 @@
|
|||
|
||||
{% block page_content %}
|
||||
<div class="page-header">
|
||||
<h3>Вашият акаунт е вече потвърден.</h3>
|
||||
<p>
|
||||
Моля напуснете тази страница :)
|
||||
Mail is already activated.
|
||||
</p>
|
||||
<p>
|
||||
<a href="{{ url_for('vmanager.index') }}">Натиснете тук за изход</a>
|
||||
<a href="{{ url_for('vmanager.index') }}">Click here to exit</a>
|
||||
</p>
|
||||
</div>
|
||||
|
||||
|
|
3
src/forest/templates/auth/qrcode.html
Normal file
3
src/forest/templates/auth/qrcode.html
Normal file
|
@ -0,0 +1,3 @@
|
|||
{{ svg }}
|
||||
|
||||
{{ otp }}
|
Loading…
Add table
Reference in a new issue