From e4c2057accc52ddaaa417671758cc07fe9086fae Mon Sep 17 00:00:00 2001 From: crossxcell99 Date: Fri, 7 Jul 2017 17:26:52 +0100 Subject: [PATCH] general verification method set in system settings --- frappe/auth.py | 34 +++--- .../system_settings/system_settings.json | 13 +- frappe/core/doctype/user/user.js | 36 +++--- frappe/core/doctype/user/user.json | 36 +----- frappe/core/doctype/user/user.py | 58 ++++----- frappe/templates/includes/login/login.js | 113 +++++++++--------- 6 files changed, 130 insertions(+), 160 deletions(-) diff --git a/frappe/auth.py b/frappe/auth.py index a18d36cbf7..39578fead8 100644 --- a/frappe/auth.py +++ b/frappe/auth.py @@ -137,21 +137,22 @@ class LoginManager: otp_secret = frappe.db.get_default(self.user + '_otpsecret') - restrict_method = frappe.db.get_value('System Settings', None, 'fix_2fa_method') - verification_meth = frappe.db.get_value('User', self.user, 'two_factor_method') - fixed_method = [frappe._dict()] - - if int(restrict_method): - try: - fixed_method = frappe.db.sql('''SELECT DEFAULT(two_factor_method) AS 'default_method' FROM - (SELECT 1) AS dummy LEFT JOIN tabUser on True LIMIT 1;''', as_dict=1) - except OperationalError: - pass - - if not verification_meth: - verification_method = fixed_method[0].default_method or 'OTP App' - else: - verification_method = fixed_method[0].default_method or verification_meth + #restrict_method = frappe.db.get_value('System Settings', None, 'fix_2fa_method') + #verification_meth = frappe.db.get_value('User', self.user, 'two_factor_method') + #fixed_method = [frappe._dict()] + + #if int(restrict_method): + # try: + # fixed_method = frappe.db.sql('''SELECT DEFAULT(two_factor_method) AS 'default_method' FROM + # (SELECT 1) AS dummy LEFT JOIN tabUser on True LIMIT 1;''', as_dict=1) + # except OperationalError: + # pass + + #if not verification_meth: + # verification_method = fixed_method[0].default_method or 'OTP App' + #else: + # verification_method = fixed_method[0].default_method or verification_meth + verification_method = frappe.db.get_value('System Settings', None, 'two_factor_method') if otp_secret: @@ -192,10 +193,11 @@ class LoginManager: frappe.local.response['verification'] = { 'method_first_time': True, + 'method': verification_method, 'token_delivery': True, 'prompt': False, 'totp_uri': totp_uri, - 'restrict_method': int(restrict_method) and (fixed_method[0].default_method or 'OTP App') + #'restrict_method': int(restrict_method) and (fixed_method[0].default_method or 'OTP App') } tmp_id = frappe.generate_hash(length=8) diff --git a/frappe/core/doctype/system_settings/system_settings.json b/frappe/core/doctype/system_settings/system_settings.json index 33130389f3..6649aad4f2 100644 --- a/frappe/core/doctype/system_settings/system_settings.json +++ b/frappe/core/doctype/system_settings/system_settings.json @@ -716,11 +716,11 @@ "bold": 0, "collapsible": 0, "columns": 0, - "default": "0", + "default": "OTP App", "depends_on": "eval:doc.enable_two_factor_auth==1", - "description": "If this is checked, the default 2FA method in User > two_factor_method will be used", - "fieldname": "fix_2fa_method", - "fieldtype": "Check", + "description": "Choose authentication method to be used by all users", + "fieldname": "two_factor_method", + "fieldtype": "Select", "hidden": 0, "ignore_user_permissions": 0, "ignore_xss_filter": 0, @@ -728,9 +728,10 @@ "in_global_search": 0, "in_list_view": 0, "in_standard_filter": 0, - "label": "Fix authentication method", + "label": "Authentication method", "length": 0, "no_copy": 0, + "options": "OTP App\nSMS\nEmail", "permlevel": 0, "precision": "", "print_hide": 0, @@ -1029,7 +1030,7 @@ "issingle": 1, "istable": 0, "max_attachments": 0, - "modified": "2017-07-06 14:44:04.601775", + "modified": "2017-07-07 17:21:50.082744", "modified_by": "Administrator", "module": "Core", "name": "System Settings", diff --git a/frappe/core/doctype/user/user.js b/frappe/core/doctype/user/user.js index 14918a8c8a..39423ae600 100644 --- a/frappe/core/doctype/user/user.js +++ b/frappe/core/doctype/user/user.js @@ -108,27 +108,27 @@ frappe.ui.form.on('User', { cur_frm.dirty(); } - frappe.call({ - method: "get_2fa_params", - doc:frm.doc, - callback: function(r) { - if (r.message){ - frm.toggle_display('two_factor_method', r.message.show_method_field == true); - if (r.message.restrict_method){ - $("select[data-fieldname=two_factor_method] > option").each(function() { - if ($(this).val() != r.message.restrict_method){ - $(this).attr('disabled',''); - } else { - $(this).removeAttr('disabled') - } - }); + // frappe.call({ + // method: "get_2fa_params", + // doc:frm.doc, + // callback: function(r) { + // if (r.message){ + // frm.toggle_display('two_factor_method', r.message.show_method_field == true); + // if (r.message.restrict_method){ + // $("select[data-fieldname=two_factor_method] > option").each(function() { + // if ($(this).val() != r.message.restrict_method){ + // $(this).attr('disabled',''); + // } else { + // $(this).removeAttr('disabled') + // } + // }); //frm.set_df_property('two_factor_method', 'options', [r.message.restrict_method]); //frm.set_value('two_factor_method',r.message.restrict_method) //frm.refresh_field('two_factor_method'); - } - } - } - }); + // } + // } + // } + // }); }, validate: function(frm) { if(frm.roles_editor) { diff --git a/frappe/core/doctype/user/user.json b/frappe/core/doctype/user/user.json index f5ce17080c..aca7bcab3d 100644 --- a/frappe/core/doctype/user/user.json +++ b/frappe/core/doctype/user/user.json @@ -1723,38 +1723,6 @@ "set_only_once": 0, "unique": 0 }, - { - "allow_bulk_edit": 0, - "allow_on_submit": 0, - "bold": 0, - "collapsible": 0, - "columns": 0, - "default": "SMS", - "fieldname": "two_factor_method", - "fieldtype": "Select", - "hidden": 0, - "ignore_user_permissions": 0, - "ignore_xss_filter": 0, - "in_filter": 0, - "in_global_search": 0, - "in_list_view": 0, - "in_standard_filter": 0, - "label": "Two Factor Authentication Method", - "length": 0, - "no_copy": 0, - "options": "OTP App\nSMS\nEmail", - "permlevel": 0, - "precision": "", - "print_hide": 0, - "print_hide_if_no_value": 0, - "read_only": 0, - "remember_last_selected_value": 0, - "report_hide": 0, - "reqd": 0, - "search_index": 0, - "set_only_once": 0, - "unique": 0 - }, { "allow_bulk_edit": 0, "allow_on_submit": 0, @@ -2003,8 +1971,8 @@ "istable": 0, "max_attachments": 5, "menu_index": 0, - "modified": "2017-07-07 11:31:54.900879", - "modified_by": "crossxcell99@gmail.com", + "modified": "2017-07-07 17:18:14.047969", + "modified_by": "Administrator", "module": "Core", "name": "User", "owner": "Administrator", diff --git a/frappe/core/doctype/user/user.py b/frappe/core/doctype/user/user.py index 0a04432824..4ad45849fd 100644 --- a/frappe/core/doctype/user/user.py +++ b/frappe/core/doctype/user/user.py @@ -478,28 +478,28 @@ class User(Document): if len(email_accounts) != len(set(email_accounts)): frappe.throw(_("Email Account added multiple times")) - def get_2fa_params(self, twoFA_method=None,user=None): - show_method_field = frappe.db.get_value('System Settings', 'System Settings', 'enable_two_factor_auth') == unicode(1) - try: - two_factor_auth_user = len(frappe.db.sql("""select name from `tabRole` where two_factor_auth=1 - and name in ({0}) limit 1""".format(', '.join(['%s'] * len(self.roles))), - [d.role for d in self.roles])) - except Exception as e: - return {'show_method_field' : False} - - restrict_method = frappe.db.get_value('System Settings', None, 'fix_2fa_method') - if int(restrict_method): - try: - a = frappe.db.sql('''SELECT DEFAULT(two_factor_method) AS 'default_method' FROM - (SELECT 1) AS dummy LEFT JOIN tabUser on True LIMIT 1;''', as_dict=1) - restrict_method = a[0].default_method - except OperationalError: - a = [frappe._dict()] - restrict_method = False - else: - restrict_method = False - - return {'show_method_field' : (two_factor_auth_user == 1) and show_method_field, 'restrict_method': restrict_method} +# def get_2fa_params(self, twoFA_method=None,user=None): +# show_method_field = frappe.db.get_value('System Settings', 'System Settings', 'enable_two_factor_auth') == unicode(1) +# try: +# two_factor_auth_user = len(frappe.db.sql("""select name from `tabRole` where two_factor_auth=1 +# and name in ({0}) limit 1""".format(', '.join(['%s'] * len(self.roles))), +# [d.role for d in self.roles])) +# except Exception as e: +# return {'show_method_field' : False} +# +# restrict_method = frappe.db.get_value('System Settings', None, 'fix_2fa_method') +# if int(restrict_method): +# try: +# a = frappe.db.sql('''SELECT DEFAULT(two_factor_method) AS 'default_method' FROM +# (SELECT 1) AS dummy LEFT JOIN tabUser on True LIMIT 1;''', as_dict=1) +# restrict_method = a[0].default_method +# except OperationalError: +# a = [frappe._dict()] +# restrict_method = False +# else: +# restrict_method = False +# +# return {'show_method_field' : (two_factor_auth_user == 1) and show_method_field, 'restrict_method': restrict_method} #if not twoFA_method: #else: # if twoFA_method == 'Email': @@ -983,10 +983,10 @@ def send_token_via_email(tmp_id,token=None): message='

Your verification code is {0}

'.format(hotp.at(int(count))),delayed=False, retry=3) return True -@frappe.whitelist(allow_guest=True) -def set_verification_method(tmp_id,method=None): - user = frappe.cache().get(tmp_id + '_user') - if ((not user) or (user == 'None') or (not method)): - return False - frappe.db.set_value('User', user, 'two_factor_method', method) - frappe.db.commit() \ No newline at end of file +#@frappe.whitelist(allow_guest=True) +#def set_verification_method(tmp_id,method=None): +# user = frappe.cache().get(tmp_id + '_user') +# if ((not user) or (user == 'None') or (not method)): +# return False +# frappe.db.set_value('User', user, 'two_factor_method', method) +# frappe.db.commit() \ No newline at end of file diff --git a/frappe/templates/includes/login/login.js b/frappe/templates/includes/login/login.js index f5e0f860a0..997e058c6e 100644 --- a/frappe/templates/includes/login/login.js +++ b/frappe/templates/includes/login/login.js @@ -162,10 +162,14 @@ login.login_handlers = (function() { var continue_otp = function(setup_completed,method_prompt){ - $('.login-content').empty().append($('
').attr({'id':'otp_div'}).html('
\ - Verification
\ - \ -
')); + $('.login-content').empty().append($('
').attr({'id':'otp_div'}).html( + '
\ +
\ + Verification\ +
\ + \ + \ +
')); verify_token(); @@ -299,55 +303,54 @@ login.login_handlers = (function() { } if (data.verification.method_first_time){ - $('.login-content').empty().append('
\ -
\ -

Select verification Method
\ - method may be changed later in settings

\ -
\ -
\ - \ -
\ -
\ - \ -
\ -
\ - \ -
\ - \ -
') - - if (data.verification.restrict_method){ - $('input[name=method]').each(function(){ - if ($(this).val() != data.verification.restrict_method){ - $(this).attr('disabled',true) - } - }) + // $('.login-content').empty().append('
\ + //
\ + //

Select verification Method
\ + // method may be changed later in settings

\ + //
\ + //
\ + // \ + //
\ + //
\ + // \ + //
\ + //
\ + // \ + //
\ + // \ + //
') + + // if (data.verification.restrict_method){ + // $('input[name=method]').each(function(){ + // if ($(this).val() != data.verification.restrict_method){ + // $(this).attr('disabled',true) + // } + // }) + // } + // $('#submit_method').on('click',function(event){ + if (data.verification.method == 'OTP App'){ + continue_otp(setup_completed=false); + } else if (data.verification.method == 'SMS'){ + continue_sms(setup_completed=false); + } else if (data.verification.method == 'Email'){ + continue_email(setup_completed=false); } - $('#submit_method').on('click',function(event){ - if ($('input[name=method]:checked').val() == 'OTP App'){ - continue_otp(setup_completed=false); - } else if ($('input[name=method]:checked').val() == 'SMS'){ - continue_sms(setup_completed=false); - console.log('SMS'); - } else if ($('input[name=method]:checked').val() == 'Email'){ - continue_email(setup_completed=false); - } - frappe.call({ - method: "frappe.core.doctype.user.user.set_verification_method", - args: {'tmp_id':data.tmp_id, 'method': $('input[name=method]:checked').val()}, - callback: function(r) { } - }); - }); + // frappe.call({ + // method: "frappe.core.doctype.user.user.set_verification_method", + // args: {'tmp_id':data.tmp_id, 'method': $('input[name=method]:checked').val()}, + // callback: function(r) { } + // }); + // }); } else { if (data.verification.method == 'OTP App'){ console.log(data.verification.totp_uri) @@ -430,20 +433,16 @@ frappe.ready(function() { }); var verify_token = function(event) { - $('#verify_token').bind("click", function() { - console.log("Why XX2"); - //eventx.preventDefault(); + $(".form-verify").on("submit", function(eventx) { + eventx.preventDefault(); var args = {}; args.cmd = "login"; args.otp = $("#login_token").val(); - console.log("LLLLLLLLLLLLLLLLLLL"); args.tmp_id = frappe.get_cookie('tmp_id'); if(!args.otp) { frappe.msgprint('{{ _("Login token required") }}'); return false; } - console.log("Button Clicked") - console.log(args) login.call(args); return false; });