OCA
/
server-tools
5
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1797 Commits
13 Branches
0 Tags
45 MiB
Tree: 668bb64134
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '668bb64134'
${ noResults }
server-tools/auth_totp/models/res_users_authenticator.py

55 lines
1.4 KiB
Raw Normal View History

[9.0][ADD] auth_totp: MFA Support (#687) * [ADD] auth_totp: MFA Support * Add relevant fields and methods to the res.users model * Overload check_credentials in res.users to allow for logins using an MFA login token rather than a password * Add the res.users.authenticator and res.users.device models, along with appropriate ACLs and record rules * Add the res.users.authenticator.create wizard model and an associated view to facilitate creation of res.users.authenticator records * Extend base.view_users_form_simple_modif with fields needed to manage the new functionality * Add an AuthTotp controller that inherits from Home in the web module and an associated view to introduce MFA logic to the login process * Add several new exception classes that inherit from AccessDenied * PR commit * PR commit
8 years ago
  1. # -*- coding: utf-8 -*-
  2. # Copyright 2016-2017 LasLabs Inc.
  3. # License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl.html).
  5. import logging
  6. from openerp import _, api, fields, models
  8. _logger = logging.getLogger(__name__)
  9. try:
  10. import pyotp
  11. except ImportError:
  12. _logger.debug(
  13. 'Could not import PyOTP. Please make sure this library is available in'
  14. ' your environment.'
  15. )
  18. class ResUsersAuthenticator(models.Model):
  19. _name = 'res.users.authenticator'
  20. _description = 'MFA App/Device'
  21. _sql_constraints = [(
  22. 'user_id_name_uniq',
  23. 'UNIQUE(user_id, name)',
  24. _(
  25. 'There is already an MFA app/device with this name associated with'
  26. ' your account. Please pick a new name and try again.'
  27. ),
  28. )]
  30. name = fields.Char(
  31. required=True,
  32. readonly=True,
  33. )
  34. secret_key = fields.Char(
  35. required=True,
  36. readonly=True,
  37. )
  38. user_id = fields.Many2one(
  39. comodel_name='res.users',
  40. ondelete='cascade',
  41. )
  43. @api.multi
  44. @api.constrains('user_id')
  45. def _check_has_user(self):
  46. self.filtered(lambda r: not r.user_id).unlink()
  48. @api.multi
  49. def validate_conf_code(self, confirmation_code):
  50. for record in self:
  51. totp = pyotp.TOTP(record.secret_key)
  52. if totp.verify(confirmation_code):
  53. return True
  55. return False