3 geänderte Dateien mit 19 neuen und 4 gelöschten Zeilen
-
+1 -0src/app/requirements.txt
-
+3 -2src/app/templates/verify.html
-
+15 -2src/app/views/register.py
+ 1
- 0
src/app/requirements.txt
Datei anzeigen
| @@ -2,3 +2,4 @@ web.py==0.40 | |||||
| mysql-connector-python==8.0.5 | mysql-connector-python==8.0.5 | ||||
| python-dotenv | python-dotenv | ||||
| bcrypt | bcrypt | ||||
| qrcode[pil] | |||||
+ 3
- 2
src/app/templates/verify.html
Datei anzeigen
| @@ -1,4 +1,4 @@ | |||||
| $def with (nav, success, secret, message) | |||||
| $def with (nav, success, secret, qr, message) | |||||
| <head> | <head> | ||||
| <title>Beelance2</title> | <title>Beelance2</title> | ||||
| @@ -16,8 +16,9 @@ $def with (nav, success, secret, message) | |||||
| $if success: | $if success: | ||||
| <p>We require two-factor authentication on this site.</p> | <p>We require two-factor authentication on this site.</p> | ||||
| <p>Please enter the following code into your authenticator: $secret</p> | |||||
| <p>Please scan the QR code, or enter the following code into your authenticator: $secret</p> | |||||
| <p>This code will only be displayed once.</p> | <p>This code will only be displayed once.</p> | ||||
| <img src="data:image/png;base64,$qr" /> | |||||
| </body> | </body> | ||||
| <footer></footer> | <footer></footer> | ||||
+ 15
- 2
src/app/views/register.py
Datei anzeigen
| @@ -1,10 +1,13 @@ | |||||
| import web | import web | ||||
| import io | |||||
| import base64 | |||||
| from views.forms import register_form | from views.forms import register_form | ||||
| from views.utils import (get_nav_bar, csrf_protected, password_weakness, get_render, | from views.utils import (get_nav_bar, csrf_protected, password_weakness, get_render, | ||||
| sendmail, hash_password, generate_authenticator_secret) | sendmail, hash_password, generate_authenticator_secret) | ||||
| from uuid import uuid4 | from uuid import uuid4 | ||||
| import models.register | import models.register | ||||
| import models.user | import models.user | ||||
| import qrcode | |||||
| import logging | import logging | ||||
| import re | import re | ||||
| @@ -100,8 +103,18 @@ class Verify: | |||||
| if token and userid is not None: | if token and userid is not None: | ||||
| models.user.verify_user(userid) | models.user.verify_user(userid) | ||||
| models.user.set_token(userid, "") | |||||
| username = models.user.get_user_name_by_id(userid) | |||||
| secret = generate_authenticator_secret() | secret = generate_authenticator_secret() | ||||
| # Generate a base64 QR image | |||||
| qr_url = "otpauth://totp/beelance.com:{}?secret={}&issuer=beelance.com".format(username, secret) | |||||
| qr_img = qrcode.make(qr_url) | |||||
| with io.BytesIO() as stream: | |||||
| qr_img.save(stream) | |||||
| img = base64.b64encode(stream.getvalue()).decode('UTF-8') | |||||
| models.user.set_authenticator_secret(userid, secret) | models.user.set_authenticator_secret(userid, secret) | ||||
| return render.verify(nav, True, secret, "Your email has been verified.") | |||||
| return render.verify(nav, True, secret, img, "Your email has been verified.") | |||||
| else: | else: | ||||
| return render.verify(nav, True, secret, "Invalid token. Please try again.") | |||||
| return render.verify(nav, False, "", "", "Invalid token. Please try again.") | |||||