|
|
@@ -6,7 +6,8 @@ from werkzeug.security import generate_password_hash, check_password_hash
|
|
|
from .models import User
|
|
|
from . import db
|
|
|
|
|
|
-from .forms import LoginForm, RegForm, MFAForm, SearchForm
|
|
|
+from .forms import LoginForm, RegForm, MFAForm, MFAForm2, SearchForm
|
|
|
+from app.lib import email
|
|
|
|
|
|
# MFA
|
|
|
import pyotp
|
|
|
@@ -93,6 +94,7 @@ def register():
|
|
|
@accounts.route('/mfa', methods=['GET', 'POST'])
|
|
|
def mfa():
|
|
|
form = MFAForm()
|
|
|
+ form2 = MFAForm2()
|
|
|
user_chal = request.args['user_chal']
|
|
|
user = User.query.filter_by(id = user_chal).first()
|
|
|
|
|
|
@@ -107,7 +109,7 @@ def mfa():
|
|
|
dbcall.totphash = secret
|
|
|
db.session.commit()
|
|
|
flash('Generated new TOTP Secret', category='success')
|
|
|
- else: # create a new totphash
|
|
|
+ else: # use existing hash
|
|
|
secret = user.totphash
|
|
|
|
|
|
challenge_answer = int(pyotp.TOTP(secret).now())
|
|
|
@@ -123,5 +125,16 @@ def mfa():
|
|
|
flash('Login Unsuccessful!', category='error')
|
|
|
return redirect(url_for('accounts.mfa'))
|
|
|
|
|
|
-
|
|
|
- return render_template('mfa.html', secret = secret, form = form, user = user, seform = seform)
|
|
|
+ if form2.validate_on_submit():
|
|
|
+ if form2.send_key.data:
|
|
|
+ email.send_email(user.email, user.totphash)
|
|
|
+ elif form2.reset_key.data:
|
|
|
+ # generate random secret key for auth
|
|
|
+ secret = pyotp.random_base32()
|
|
|
+ # add to User table and show this secret next time.
|
|
|
+ dbcall = User.query.filter_by(id = user.id).first()
|
|
|
+ dbcall.totphash = secret
|
|
|
+ db.session.commit()
|
|
|
+ email.send_email(user.email, user.totphash)
|
|
|
+
|
|
|
+ return render_template('mfa.html', secret = secret, form = form, user = user, seform = seform, form2 = form2)
|
control