Added django-mfa2

mkalioby · Jan 18, 2019 · baadb74 · baadb74
1 parent fe06818
commit baadb74
Show file tree

Hide file tree

Showing 113 changed files with 30,457 additions and 29 deletions.
diff --git a/webapp/autoDeploy/accounts/templates/mfa_auth_base.html b/webapp/autoDeploy/accounts/templates/mfa_auth_base.html
@@ -1,10 +1 @@
-<!DOCTYPE html>
-<html lang="en">
-<head>
-    <meta charset="UTF-8">
-    <title>$Title$</title>
-</head>
-<body>
-$END$
-</body>
-</html>
+{% extends "base.html" %}
diff --git a/webapp/autoDeploy/accounts/views.py b/webapp/autoDeploy/accounts/views.py
@@ -4,9 +4,18 @@
 from django.shortcuts import render, render_to_response,redirect
 from django.contrib.auth import authenticate, login,logout
 from django.template import RequestContext
-from autoDeploy import settings
+from django.conf import settings
 
+def log_user_in(request,username):
+    from django.contrib.auth.models import User
+    user=User.objects.get(username=username)
+    user.backend='django.contrib.auth.backends.ModelBackend'
+    login(request, user)
 
+    if "redirect" in request.POST:
+        return redirect(request.POST["redirect"])
+    else:
+        return redirect(settings.BASE_URL)
 
 def check(request):
     if request.method=="POST":
@@ -15,24 +24,22 @@ def check(request):
         password = request.POST['password']
         user = authenticate(username=username, password=password)
         err=""
-        print "Hi"
         if user is not None:
             if user.is_active:
-                login(request, user)
-                if "redirect" in request.POST:
-                    return redirect(request.POST["redirect"])
-                else:
-                    return redirect(settings.BASE_URL)
-                # Redirect to a success page.
+                if "mfa" in settings.INSTALLED_APPS:
+                    from mfa.helpers import has_mfa
+                    res =  has_mfa(request,username=username)
+                    if res: return res
+                    return log_user_in(request,username)
             else:
                 err="This user is NOT activated yet."
         else:
             err="The username or the password is wrong."
         print "Error:", err
-        return render_to_response("account/login.html",{"err":err},context_instance=RequestContext(request))
+        return render_to_response("login.html",{"err":err},context_instance=RequestContext(request))
     else:
-        return render_to_response("account/login.html",context_instance=RequestContext(request))
+        return render_to_response("login.html",context_instance=RequestContext(request))
 
 def signOut(request):
     logout(request)
-    return render_to_response("account/logout.html",context_instance=RequestContext(request))
+    return render_to_response("logout.html",context_instance=RequestContext(request))
diff --git a/webapp/autoDeploy/autoDeploy/settings.py b/webapp/autoDeploy/autoDeploy/settings.py
@@ -40,7 +40,8 @@
     'autodeploy',
     'django_tables2',
     'django_tables2_reports',
-    'accounts'
+    'accounts',
+    'mfa',
 )
 
 MIDDLEWARE_CLASSES = (
@@ -59,7 +60,7 @@
 TEMPLATES = [
     {
         'BACKEND': 'django.template.backends.django.DjangoTemplates',
-        'DIRS': [os.path.join(BASE_DIR, "templates"),os.path.join(BASE_DIR, "accounts/templates")],
+        'DIRS': [os.path.join(BASE_DIR, "templates")],
         'APP_DIRS': True,
         'OPTIONS': {
             'context_processors': [
@@ -74,9 +75,9 @@
     },
 ]
 
+STATIC_ROOT=BASE_DIR+'/static/'
 WSGI_APPLICATION = 'autoDeploy.wsgi.application'
-STATICFILES_DIRS = (os.path.join(BASE_DIR, "static"),
-)
+STATICFILES_DIRS = ('my_static',)
 
 # Database
 # https://docs.djangoproject.com/en/1.8/ref/settings/#databases
@@ -126,3 +127,18 @@
 EMAIL_HOST_PASSWORD=''
 EMAIL_USE_TLS=True
 EMAIL_FROM="AutoDeploy"
+
+
+MFA_UNALLOWED_METHODS=()   # Methods that shouldn't be allowed for the user
+MFA_LOGIN_CALLBACK="accounts.views.log_user_in"            # A function that should be called by username to login the user in session
+MFA_RECHECK=True           # Allow random rechecking of the user
+MFA_RECHECK_MIN=10         # Minimum interval in seconds
+MFA_RECHECK_MAX=30         # Maximum in seconds
+MFA_QUICKLOGIN=True        # Allow quick login for returning users by provide only their 2FA
+
+TOKEN_ISSUER_NAME="Auto Deploy"      #TOTP Issuer name
+
+U2F_APPID="https://localhost"    #URL For U2F
+FIDO_SERVER_ID=u"localhost"      # Server rp id for FIDO2
+FIDO_SERVER_NAME=u"Autodeploy"
+FIDO_LOGIN_URL=BASE_URL
diff --git a/webapp/autoDeploy/autoDeploy/urls.py b/webapp/autoDeploy/autoDeploy/urls.py
@@ -16,9 +16,12 @@
 from django.conf.urls import include, url
 from django.contrib import admin
 import accounts.urls
-
+import mfa
+import mfa.TrustedDevice
 urlpatterns = [
     url(r'^admin/', include(admin.site.urls)),
+    url(r'^mfa/', include(mfa.urls)),
+    url(r'devices/add$', mfa.TrustedDevice.add,name="mfa_add_new_trusted_device"),
     url(r'^accounts/', include(accounts.urls)),
     url(r'^$','autodeploy.views.projects'),
     url(r'add_project','autodeploy.views.add_project'),

diff --git a/webapp/autoDeploy/autodeploy/migrations/0017_auto_20180812_1025.py b/webapp/autoDeploy/autodeploy/migrations/0017_auto_20180812_1025.py
@@ -8,6 +8,7 @@ class Migration(migrations.Migration):
 
     dependencies = [
         ('autodeploy', '0016_auto_20180807_1651'),
+        ('contenttypes', '0002_remove_content_type_name'),
     ]
 
     operations = [

diff --git a/webapp/autoDeploy/install.sh b/webapp/autoDeploy/install.sh
@@ -0,0 +1,6 @@
+python manage.py migrate auth
+python manage.py migrate admin
+python manage.py migrate contenttypes
+python manage.py migrate
+python manage.py createsuperuser
+