enable 2fa from system settings

8 anni fa · 33f416801f
--- a/frappe/auth.py
+++ b/frappe/auth.py
@@ -118,48 +118,51 @@ class LoginManager:
 	def login(self):
 		# clear cache
 		frappe.clear_cache(user = frappe.form_dict.get('usr'))
 		otp = frappe.form_dict.get('otp')
 		if not otp:

 		if frappe.db.get_value('System Settings', 'System Settings', 'enable_two_factor_auth') == unicode(0):
 			self.authenticate()
 			# after authenticate, self.user is set (from check_password() call)
 			user_info = frappe.db.get_value('User', self.user, ['two_factor_auth','two_factor_setup'], as_dict=1)
 			if user_info.two_factor_auth:
 			self.post_login(no_two_auth=True)
 		else:
 			otp = frappe.form_dict.get('otp')
 			if not otp:
 				self.authenticate()
 				# after authenticate, self.user is set (from check_password() call)
 				user_info = frappe.db.get_value('User', self.user, ['two_factor_auth','two_factor_setup'], as_dict=1)
 				if user_info.two_factor_auth == 1:

 					if user_info.two_factor_setup:
 						frappe.local.response['verification'] = {'setup_completed':True}
 						otp_secret = frappe.db.get_default(self.user + '_otpsecret')
 					else:
 						import os
 						import base64
 						otp_secret = base64.b32encode(os.urandom(10)).decode('utf-8')
 						frappe.db.set_default(self.user + '_otpsecret', otp_secret)
 						frappe.db.commit()
 						totp_uri = pyotp.totp.TOTP(otp_secret).provisioning_uri(self.user, issuer_name="Estate Manager")
 						frappe.local.response['verification'] = {'setup_completed':False, 'totp_uri':totp_uri}

 					tmp_id = frappe.generate_hash(length=8)
 					usr = frappe.form_dict.get('usr')
 					pwd = frappe.form_dict.get('pwd')
 					frappe.cache().hset('token',tmp_id,{'usr':usr,'pwd':pwd,'otp_secret':otp_secret})
 					frappe.local.response['tmp_id'] = tmp_id

 					raise frappe.RequestToken

 				if user_info.two_factor_setup:
 					frappe.local.response['verification'] = {'setup_completed':True}
 					otp_secret = frappe.db.get_default(self.user + '_otpsecret')
 				else:
 					import os
 					import base64
 					otp_secret = base64.b32encode(os.urandom(10)).decode('utf-8')
 					frappe.db.set_default(self.user + '_otpsecret', otp_secret)
 					# set two_factor_setup as 1 meaning user has copied otpsecret
 					frappe.db.set_value("User", self.user, 'two_factor_setup', 1)
 					frappe.db.commit()
 					totp_uri = pyotp.totp.TOTP(otp_secret).provisioning_uri(self.user, issuer_name="Estate Manager")
 					frappe.local.response['verification'] = {'setup_completed':False, 'totp_uri':totp_uri}

 				tmp_id = frappe.generate_hash(length=8)
 				usr = frappe.form_dict.get('usr')
 				pwd = frappe.form_dict.get('pwd')
 				frappe.cache().hset('token',tmp_id,{'usr':usr,'pwd':pwd,'otp_secret':otp_secret})
 				frappe.local.response['tmp_id'] = tmp_id

 				raise frappe.RequestToken
 					self.post_login(no_two_auth=True)

 			else:
 				self.post_login(no_two_auth=True)

 		else:
 			try:
 				tmp_info = frappe.cache().hget('token', frappe.form_dict.get('tmp_id'))
 				self.authenticate(user=tmp_info['usr'], pwd=tmp_info['pwd'])
 			except:
 				frappe.log_error(frappe.get_traceback(),"AUTHENTICATION PROBLEM")
 			#frappe.respond_as_web_page("Logged Out", """<p>You have been logged out.</p><p><a href='index'>Back to Home</a></p>""")
 			#frappe.throw("+++++ YOUR LOGIN WAS SUCCESSFUL, CONGRATS +++++")
 			#frappe.website.render('/404.html')
 			self.post_login()
 				try:
 					tmp_info = frappe.cache().hget('token', frappe.form_dict.get('tmp_id'))
 					self.authenticate(user=tmp_info['usr'], pwd=tmp_info['pwd'])
 				except:
 					frappe.log_error(frappe.get_traceback(),"AUTHENTICATION PROBLEM")
 				#frappe.respond_as_web_page("Logged Out", """<p>You have been logged out.</p><p><a href='index'>Back to Home</a></p>""")
 				#frappe.throw("+++++ YOUR LOGIN WAS SUCCESSFUL, CONGRATS +++++")
 				#frappe.website.render('/404.html')
 				self.post_login()

 	def post_login(self,no_two_auth=False):
 		self.run_trigger('on_login')
@@ -181,6 +184,9 @@ class LoginManager:
 		totp = pyotp.TOTP(otp_secret)
 		if totp.verify(otp):
 			frappe.cache().hdel('token', tmp_id)
 			# show qr code only once
 			frappe.db.set_value("User", self.user, 'two_factor_setup', 1)
 			frappe.db.commit()
 			return True
 		else:
 			self.fail('Incorrect Verification code', user=frappe.cache().hget('token',tmp_id).get('usr'))
--- a/frappe/core/doctype/system_settings/system_settings.json
+++ b/frappe/core/doctype/system_settings/system_settings.json
@@ -679,6 +679,37 @@
   "set_only_once": 0, 
   "unique": 0
  }, 
  {
   "allow_bulk_edit": 0, 
   "allow_on_submit": 0, 
   "bold": 0, 
   "collapsible": 0, 
   "columns": 0, 
   "default": "0", 
   "fieldname": "enable_two_factor_auth", 
   "fieldtype": "Check", 
   "hidden": 0, 
   "ignore_user_permissions": 0, 
   "ignore_xss_filter": 0, 
   "in_filter": 0, 
   "in_global_search": 0, 
   "in_list_view": 0, 
   "in_standard_filter": 0, 
   "label": "Enable Two Factor Authentication", 
   "length": 0, 
   "no_copy": 0, 
   "permlevel": 0, 
   "precision": "", 
   "print_hide": 0, 
   "print_hide_if_no_value": 0, 
   "read_only": 0, 
   "remember_last_selected_value": 0, 
   "report_hide": 0, 
   "reqd": 0, 
   "search_index": 0, 
   "set_only_once": 0, 
   "unique": 0
  }, 
  {
   "allow_bulk_edit": 0, 
   "allow_on_submit": 0, 
@@ -965,7 +996,7 @@
 "issingle": 1, 
 "istable": 0, 
 "max_attachments": 0, 
 "modified": "2017-06-12 13:05:28.924098", 
 "modified": "2017-06-29 18:01:46.292635", 
 "modified_by": "Administrator", 
 "module": "Core", 
 "name": "System Settings", 
@@ -1000,4 +1031,4 @@
 "sort_order": "ASC", 
 "track_changes": 1, 
 "track_seen": 0
 }
 }
--- a/frappe/core/doctype/user/user.json
+++ b/frappe/core/doctype/user/user.json
@@ -1723,6 +1723,37 @@
   "set_only_once": 0, 
   "unique": 0
  }, 
  {
   "allow_bulk_edit": 0, 
   "allow_on_submit": 0, 
   "bold": 0, 
   "collapsible": 0, 
   "columns": 0, 
   "fieldname": "two_factor_method", 
   "fieldtype": "Select", 
   "hidden": 1, 
   "ignore_user_permissions": 0, 
   "ignore_xss_filter": 0, 
   "in_filter": 0, 
   "in_global_search": 0, 
   "in_list_view": 0, 
   "in_standard_filter": 0, 
   "label": "Two Factor Authentication Method", 
   "length": 0, 
   "no_copy": 0, 
   "options": "OTP App\nSMS", 
   "permlevel": 0, 
   "precision": "", 
   "print_hide": 0, 
   "print_hide_if_no_value": 0, 
   "read_only": 0, 
   "remember_last_selected_value": 0, 
   "report_hide": 0, 
   "reqd": 0, 
   "search_index": 0, 
   "set_only_once": 0, 
   "unique": 0
  }, 
  {
   "allow_bulk_edit": 0, 
   "allow_on_submit": 0, 
@@ -2033,7 +2064,7 @@
 "istable": 0, 
 "max_attachments": 5, 
 "menu_index": 0, 
 "modified": "2017-06-28 14:40:26.616254", 
 "modified": "2017-06-30 16:26:06.481438", 
 "modified_by": "Administrator", 
 "module": "Core", 
 "name": "User", 
--- a/frappe/core/doctype/user/user.py
+++ b/frappe/core/doctype/user/user.py
@@ -154,6 +154,8 @@ class User(Document):
 				and name in ({0}) limit 1""".format(', '.join(['%s'] * len(self.roles))),
 				[d.role for d in self.roles]))):
 			self.two_factor_auth = 1
 		else:
 			self.two_factor_auth = 0

 	def has_desk_access(self):
 		'''Return true if any of the set roles has desk access'''