Skip to content
Snippets Groups Projects
Commit 052c43d6 authored by f00wl's avatar f00wl
Browse files

Update login workflow to use 2FA

parent 951630c2
No related branches found
No related tags found
1 merge request!31Resolve "Support du 2FA TOTP"
Pipeline #6481 passed
Stage: build
Hide whitespace changes
Inline Side-by-side
hiboo/account/forms.py
+ 5
0
View file @ 052c43d6
...@@ -11,6 +11,11 @@ class LoginForm(flask_wtf.FlaskForm): ...@@ -11,6 +11,11 @@ class LoginForm(flask_wtf.FlaskForm):
submit = fields.SubmitField(_('Sign in')) submit = fields.SubmitField(_('Sign in'))
class TotpForm(flask_wtf.FlaskForm):
totp = fields.PasswordField(_('Time-based One-Time Password'), [validators.DataRequired()])
submit = fields.SubmitField(_('Validate'))
class SignupForm(flask_wtf.FlaskForm): class SignupForm(flask_wtf.FlaskForm):
username = fields.StringField(_('Username'), [ username = fields.StringField(_('Username'), [
validators.DataRequired(), validators.DataRequired(),
......
hiboo/account/login.py
+ 20
0
View file @ 052c43d6
...@@ -14,6 +14,9 @@ def signin(): ...@@ -14,6 +14,9 @@ def signin():
if form.validate_on_submit(): if form.validate_on_submit():
user = models.User.login(form.username.data, form.password.data) user = models.User.login(form.username.data, form.password.data)
if user: if user:
if "totp" in user.auths:
session["username"] = user.username
return flask.redirect(flask.url_for(".totp_verify"))
flask_login.login_user(user) flask_login.login_user(user)
if form.remember_me.data == True: if form.remember_me.data == True:
session.permanent = True session.permanent = True
...@@ -24,6 +27,23 @@ def signin(): ...@@ -24,6 +27,23 @@ def signin():
action=utils.url_for(".signin")) action=utils.url_for(".signin"))
@blueprint.route("/totp/verify", methods=["GET", "POST"])
def totp_verify():
form = forms.TotpForm()
if "username" not in session:
return flask.redirect(flask.url_for(".signin"))
if form.validate_on_submit():
user = models.User.query.filter_by(username=session["username"]).first()
if user and user.auths["totp"].check_totp(form.totp.data):
flask_login.login_user(user)
session.pop("username")
return flask.redirect(utils.url_or_intent(".home"))
else:
flask.flash(_("Wrong password"), "danger")
return flask.render_template("account_totp_verify.html", form=form,
action=utils.url_for(".totp_verify"))
@blueprint.route("/signout") @blueprint.route("/signout")
@security.authentication_required() @security.authentication_required()
def signout(): def signout():
......
hiboo/account/templates/account_totp_verify.html 0 → 100644
+ 14
0
View file @ 052c43d6
{% extends "base.html" %}
{% block title %}{% trans %}Time-based One-Time Password (TOTP) verify{% endtrans %}{% endblock %}
{% block subtitle %}{% trans %}to access your account{% endtrans %}{% endblock %}
{% block content %}
{{ macros.form(form) }}
{% endblock %}
{% block actions %}
<a href="{{ utils.url_for(".signup") }}" class="btn btn-success">{% trans %}Sign up{% endtrans %}</a>
{% endblock %}
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment