anoopmb
/
frappe
1
0
Fork 0
Código Incidencias 0 Pull Requests 0 Lanzamientos 0 Wiki Actividad
Explorar el Código

general verification method set in system settings

version-14
crossxcell99 hace 8 años
padre
fbd8218dff
commit
e4c2057acc
Se han modificado 6 ficheros con 130 adiciones y 160 borrados
Unificar vista
Opciones de diferencias
Mostrar estadísticas Descargar archivo de parche Descargar archivo de diferencias
  1. +18
    -16
      frappe/auth.py
  2. +7
    -6
      frappe/core/doctype/system_settings/system_settings.json
  3. +18
    -18
      frappe/core/doctype/user/user.js
  4. +2
    -34
      frappe/core/doctype/user/user.json
  5. +29
    -29
      frappe/core/doctype/user/user.py
  6. +56
    -57
      frappe/templates/includes/login/login.js

+ 18
- 16
frappe/auth.py Ver fichero

@@ -137,21 +137,22 @@ class LoginManager:


otp_secret = frappe.db.get_default(self.user + '_otpsecret') otp_secret = frappe.db.get_default(self.user + '_otpsecret')


restrict_method = frappe.db.get_value('System Settings', None, 'fix_2fa_method')
verification_meth = frappe.db.get_value('User', self.user, 'two_factor_method')
fixed_method = [frappe._dict()]

if int(restrict_method):
try:
fixed_method = frappe.db.sql('''SELECT DEFAULT(two_factor_method) AS 'default_method' FROM
(SELECT 1) AS dummy LEFT JOIN tabUser on True LIMIT 1;''', as_dict=1)
except OperationalError:
pass

if not verification_meth:
verification_method = fixed_method[0].default_method or 'OTP App'
else:
verification_method = fixed_method[0].default_method or verification_meth
#restrict_method = frappe.db.get_value('System Settings', None, 'fix_2fa_method')
#verification_meth = frappe.db.get_value('User', self.user, 'two_factor_method')
#fixed_method = [frappe._dict()]

#if int(restrict_method):
# try:
# fixed_method = frappe.db.sql('''SELECT DEFAULT(two_factor_method) AS 'default_method' FROM
# (SELECT 1) AS dummy LEFT JOIN tabUser on True LIMIT 1;''', as_dict=1)
# except OperationalError:
# pass

#if not verification_meth:
# verification_method = fixed_method[0].default_method or 'OTP App'
#else:
# verification_method = fixed_method[0].default_method or verification_meth
verification_method = frappe.db.get_value('System Settings', None, 'two_factor_method')


if otp_secret: if otp_secret:
@@ -192,10 +193,11 @@ class LoginManager:


frappe.local.response['verification'] = { frappe.local.response['verification'] = {
'method_first_time': True, 'method_first_time': True,
'method': verification_method,
'token_delivery': True, 'token_delivery': True,
'prompt': False, 'prompt': False,
'totp_uri': totp_uri, 'totp_uri': totp_uri,
'restrict_method': int(restrict_method) and (fixed_method[0].default_method or 'OTP App')
#'restrict_method': int(restrict_method) and (fixed_method[0].default_method or 'OTP App')
} }


tmp_id = frappe.generate_hash(length=8) tmp_id = frappe.generate_hash(length=8)


+ 7
- 6
frappe/core/doctype/system_settings/system_settings.json Ver fichero

@@ -716,11 +716,11 @@
"bold": 0, "bold": 0,
"collapsible": 0, "collapsible": 0,
"columns": 0, "columns": 0,
"default": "0",
"default": "OTP App",
"depends_on": "eval:doc.enable_two_factor_auth==1", "depends_on": "eval:doc.enable_two_factor_auth==1",
"description": "If this is checked, the default 2FA method in User > two_factor_method will be used",
"fieldname": "fix_2fa_method",
"fieldtype": "Check",
"description": "Choose authentication method to be used by all users",
"fieldname": "two_factor_method",
"fieldtype": "Select",
"hidden": 0, "hidden": 0,
"ignore_user_permissions": 0, "ignore_user_permissions": 0,
"ignore_xss_filter": 0, "ignore_xss_filter": 0,
@@ -728,9 +728,10 @@
"in_global_search": 0, "in_global_search": 0,
"in_list_view": 0, "in_list_view": 0,
"in_standard_filter": 0, "in_standard_filter": 0,
"label": "Fix authentication method",
"label": "Authentication method",
"length": 0, "length": 0,
"no_copy": 0, "no_copy": 0,
"options": "OTP App\nSMS\nEmail",
"permlevel": 0, "permlevel": 0,
"precision": "", "precision": "",
"print_hide": 0, "print_hide": 0,
@@ -1029,7 +1030,7 @@
"issingle": 1, "issingle": 1,
"istable": 0, "istable": 0,
"max_attachments": 0, "max_attachments": 0,
"modified": "2017-07-06 14:44:04.601775",
"modified": "2017-07-07 17:21:50.082744",
"modified_by": "Administrator", "modified_by": "Administrator",
"module": "Core", "module": "Core",
"name": "System Settings", "name": "System Settings",


+ 18
- 18
frappe/core/doctype/user/user.js Ver fichero

@@ -108,27 +108,27 @@ frappe.ui.form.on('User', {
cur_frm.dirty(); cur_frm.dirty();
} }


frappe.call({
method: "get_2fa_params",
doc:frm.doc,
callback: function(r) {
if (r.message){
frm.toggle_display('two_factor_method', r.message.show_method_field == true);
if (r.message.restrict_method){
$("select[data-fieldname=two_factor_method] > option").each(function() {
if ($(this).val() != r.message.restrict_method){
$(this).attr('disabled','');
} else {
$(this).removeAttr('disabled')
}
});
// frappe.call({
// method: "get_2fa_params",
// doc:frm.doc,
// callback: function(r) {
// if (r.message){
// frm.toggle_display('two_factor_method', r.message.show_method_field == true);
// if (r.message.restrict_method){
// $("select[data-fieldname=two_factor_method] > option").each(function() {
// if ($(this).val() != r.message.restrict_method){
// $(this).attr('disabled','');
// } else {
// $(this).removeAttr('disabled')
// }
// });
//frm.set_df_property('two_factor_method', 'options', [r.message.restrict_method]); //frm.set_df_property('two_factor_method', 'options', [r.message.restrict_method]);
//frm.set_value('two_factor_method',r.message.restrict_method) //frm.set_value('two_factor_method',r.message.restrict_method)
//frm.refresh_field('two_factor_method'); //frm.refresh_field('two_factor_method');
}
}
}
});
// }
// }
// }
// });
}, },
validate: function(frm) { validate: function(frm) {
if(frm.roles_editor) { if(frm.roles_editor) {


+ 2
- 34
frappe/core/doctype/user/user.json Ver fichero

@@ -1723,38 +1723,6 @@
"set_only_once": 0, "set_only_once": 0,
"unique": 0 "unique": 0
}, },
{
"allow_bulk_edit": 0,
"allow_on_submit": 0,
"bold": 0,
"collapsible": 0,
"columns": 0,
"default": "SMS",
"fieldname": "two_factor_method",
"fieldtype": "Select",
"hidden": 0,
"ignore_user_permissions": 0,
"ignore_xss_filter": 0,
"in_filter": 0,
"in_global_search": 0,
"in_list_view": 0,
"in_standard_filter": 0,
"label": "Two Factor Authentication Method",
"length": 0,
"no_copy": 0,
"options": "OTP App\nSMS\nEmail",
"permlevel": 0,
"precision": "",
"print_hide": 0,
"print_hide_if_no_value": 0,
"read_only": 0,
"remember_last_selected_value": 0,
"report_hide": 0,
"reqd": 0,
"search_index": 0,
"set_only_once": 0,
"unique": 0
},
{ {
"allow_bulk_edit": 0, "allow_bulk_edit": 0,
"allow_on_submit": 0, "allow_on_submit": 0,
@@ -2003,8 +1971,8 @@
"istable": 0, "istable": 0,
"max_attachments": 5, "max_attachments": 5,
"menu_index": 0, "menu_index": 0,
"modified": "2017-07-07 11:31:54.900879",
"modified_by": "crossxcell99@gmail.com",
"modified": "2017-07-07 17:18:14.047969",
"modified_by": "Administrator",
"module": "Core", "module": "Core",
"name": "User", "name": "User",
"owner": "Administrator", "owner": "Administrator",


+ 29
- 29
frappe/core/doctype/user/user.py Ver fichero

@@ -478,28 +478,28 @@ class User(Document):
if len(email_accounts) != len(set(email_accounts)): if len(email_accounts) != len(set(email_accounts)):
frappe.throw(_("Email Account added multiple times")) frappe.throw(_("Email Account added multiple times"))


def get_2fa_params(self, twoFA_method=None,user=None):
show_method_field = frappe.db.get_value('System Settings', 'System Settings', 'enable_two_factor_auth') == unicode(1)
try:
two_factor_auth_user = len(frappe.db.sql("""select name from `tabRole` where two_factor_auth=1
and name in ({0}) limit 1""".format(', '.join(['%s'] * len(self.roles))),
[d.role for d in self.roles]))
except Exception as e:
return {'show_method_field' : False}
restrict_method = frappe.db.get_value('System Settings', None, 'fix_2fa_method')
if int(restrict_method):
try:
a = frappe.db.sql('''SELECT DEFAULT(two_factor_method) AS 'default_method' FROM
(SELECT 1) AS dummy LEFT JOIN tabUser on True LIMIT 1;''', as_dict=1)
restrict_method = a[0].default_method
except OperationalError:
a = [frappe._dict()]
restrict_method = False
else:
restrict_method = False
return {'show_method_field' : (two_factor_auth_user == 1) and show_method_field, 'restrict_method': restrict_method}
# def get_2fa_params(self, twoFA_method=None,user=None):
# show_method_field = frappe.db.get_value('System Settings', 'System Settings', 'enable_two_factor_auth') == unicode(1)
# try:
# two_factor_auth_user = len(frappe.db.sql("""select name from `tabRole` where two_factor_auth=1
# and name in ({0}) limit 1""".format(', '.join(['%s'] * len(self.roles))),
# [d.role for d in self.roles]))
# except Exception as e:
# return {'show_method_field' : False}
#
# restrict_method = frappe.db.get_value('System Settings', None, 'fix_2fa_method')
# if int(restrict_method):
# try:
# a = frappe.db.sql('''SELECT DEFAULT(two_factor_method) AS 'default_method' FROM
# (SELECT 1) AS dummy LEFT JOIN tabUser on True LIMIT 1;''', as_dict=1)
# restrict_method = a[0].default_method
# except OperationalError:
# a = [frappe._dict()]
# restrict_method = False
# else:
# restrict_method = False
#
# return {'show_method_field' : (two_factor_auth_user == 1) and show_method_field, 'restrict_method': restrict_method}
#if not twoFA_method: #if not twoFA_method:
#else: #else:
# if twoFA_method == 'Email': # if twoFA_method == 'Email':
@@ -983,10 +983,10 @@ def send_token_via_email(tmp_id,token=None):
message='<p>Your verification code is {0}</p>'.format(hotp.at(int(count))),delayed=False, retry=3) message='<p>Your verification code is {0}</p>'.format(hotp.at(int(count))),delayed=False, retry=3)
return True return True


@frappe.whitelist(allow_guest=True)
def set_verification_method(tmp_id,method=None):
user = frappe.cache().get(tmp_id + '_user')
if ((not user) or (user == 'None') or (not method)):
return False
frappe.db.set_value('User', user, 'two_factor_method', method)
frappe.db.commit()
#@frappe.whitelist(allow_guest=True)
#def set_verification_method(tmp_id,method=None):
# user = frappe.cache().get(tmp_id + '_user')
# if ((not user) or (user == 'None') or (not method)):
# return False
# frappe.db.set_value('User', user, 'two_factor_method', method)
# frappe.db.commit()

+ 56
- 57
frappe/templates/includes/login/login.js Ver fichero

@@ -162,10 +162,14 @@ login.login_handlers = (function() {


var continue_otp = function(setup_completed,method_prompt){ var continue_otp = function(setup_completed,method_prompt){


$('.login-content').empty().append($('<div>').attr({'id':'otp_div'}).html('<form class="form-verify"><div class="page-card-head">\
<span class="indicator blue" data-text="Verification">Verification</span></div>\
<input type="text" id="login_token" class="form-control" placeholder="Verification Code" required="" autocomplete="off" autofocus="">\
<button class="btn btn-sm btn-primary btn-block" id="verify_token">Verify</button></form>'));
$('.login-content').empty().append($('<div>').attr({'id':'otp_div'}).html(
'<form class="form-verify">\
<div class="page-card-head">\
<span class="indicator blue" data-text="Verification">Verification</span>\
</div>\
<input type="text" id="login_token" class="form-control" placeholder="Verification Code" required autocomplete="off" autofocus="">\
<button type="submit" class="btn btn-sm btn-primary btn-block" id="verify_token">Verify</button>\
</form>'));


verify_token(); verify_token();


@@ -299,55 +303,54 @@ login.login_handlers = (function() {
} }


if (data.verification.method_first_time){ if (data.verification.method_first_time){
$('.login-content').empty().append('<div id="verification_method">\
<div>\
<p class="lead">Select verification Method <br>\
<small><small><small class="text-muted">method may be changed later in settings</small></small></small></p>\
</div>\
<div class="form-check">\
<label class="form-check-label">\
<input class="form-check-input" type="radio" name="method" value="OTP App" checked>\
OTP App\
</label>\
</div>\
<div class="form-check">\
<label class="form-check-label">\
<input class="form-check-input" type="radio" name="method" value="SMS">\
SMS\
</label>\
</div>\
<div class="form-check disabled">\
<label class="form-check-label">\
<input class="form-check-input" type="radio" name="method" value="Email">\
Email\
</label>\
</div>\
<button id="submit_method" class="btn btn-sm btn-primary">Continue</button>\
</div>')

if (data.verification.restrict_method){
$('input[name=method]').each(function(){
if ($(this).val() != data.verification.restrict_method){
$(this).attr('disabled',true)
}
})
// $('.login-content').empty().append('<div id="verification_method">\
// <div>\
// <p class="lead">Select verification Method <br>\
// <small><small><small class="text-muted">method may be changed later in settings</small></small></small></p>\
// </div>\
// <div class="form-check">\
// <label class="form-check-label">\
// <input class="form-check-input" type="radio" name="method" value="OTP App" checked>\
// OTP App\
// </label>\
// </div>\
// <div class="form-check">\
// <label class="form-check-label">\
// <input class="form-check-input" type="radio" name="method" value="SMS">\
// SMS\
// </label>\
// </div>\
// <div class="form-check disabled">\
// <label class="form-check-label">\
// <input class="form-check-input" type="radio" name="method" value="Email">\
// Email\
// </label>\
// </div>\
// <button id="submit_method" class="btn btn-sm btn-primary">Continue</button>\
// </div>')

// if (data.verification.restrict_method){
// $('input[name=method]').each(function(){
// if ($(this).val() != data.verification.restrict_method){
// $(this).attr('disabled',true)
// }
// })
// }
// $('#submit_method').on('click',function(event){
if (data.verification.method == 'OTP App'){
continue_otp(setup_completed=false);
} else if (data.verification.method == 'SMS'){
continue_sms(setup_completed=false);
} else if (data.verification.method == 'Email'){
continue_email(setup_completed=false);
} }
$('#submit_method').on('click',function(event){
if ($('input[name=method]:checked').val() == 'OTP App'){
continue_otp(setup_completed=false);
} else if ($('input[name=method]:checked').val() == 'SMS'){
continue_sms(setup_completed=false);
console.log('SMS');
} else if ($('input[name=method]:checked').val() == 'Email'){
continue_email(setup_completed=false);
}


frappe.call({
method: "frappe.core.doctype.user.user.set_verification_method",
args: {'tmp_id':data.tmp_id, 'method': $('input[name=method]:checked').val()},
callback: function(r) { }
});
});
// frappe.call({
// method: "frappe.core.doctype.user.user.set_verification_method",
// args: {'tmp_id':data.tmp_id, 'method': $('input[name=method]:checked').val()},
// callback: function(r) { }
// });
// });
} else { } else {
if (data.verification.method == 'OTP App'){ if (data.verification.method == 'OTP App'){
console.log(data.verification.totp_uri) console.log(data.verification.totp_uri)
@@ -430,20 +433,16 @@ frappe.ready(function() {
}); });


var verify_token = function(event) { var verify_token = function(event) {
$('#verify_token').bind("click", function() {
console.log("Why XX2");
//eventx.preventDefault();
$(".form-verify").on("submit", function(eventx) {
eventx.preventDefault();
var args = {}; var args = {};
args.cmd = "login"; args.cmd = "login";
args.otp = $("#login_token").val(); args.otp = $("#login_token").val();
console.log("LLLLLLLLLLLLLLLLLLL");
args.tmp_id = frappe.get_cookie('tmp_id'); args.tmp_id = frappe.get_cookie('tmp_id');
if(!args.otp) { if(!args.otp) {
frappe.msgprint('{{ _("Login token required") }}'); frappe.msgprint('{{ _("Login token required") }}');
return false; return false;
} }
console.log("Button Clicked")
console.log(args)
login.call(args); login.call(args);
return false; return false;
}); });


Escribir Vista previa
Cargando…
Cancelar
Guardar