You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

118 lines
3.7 KiB

  1. # -*- coding: utf-8 -*-
  2. # Copyright 2016-2017 LasLabs Inc.
  3. # License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl.html).
  4. import logging
  5. import urllib
  6. from openerp import _, api, fields, models
  7. from openerp.exceptions import ValidationError
  8. _logger = logging.getLogger(__name__)
  9. try:
  10. import pyotp
  11. except ImportError:
  12. _logger.debug(
  13. 'Could not import PyOTP. Please make sure this library is available in'
  14. ' your environment.'
  15. )
  16. class ResUsersAuthenticatorCreate(models.TransientModel):
  17. _name = 'res.users.authenticator.create'
  18. _description = 'MFA App/Device Creation Wizard'
  19. name = fields.Char(
  20. string='Authentication App/Device Name',
  21. help='A name that will help you remember this authentication'
  22. ' app/device',
  23. required=True,
  24. index=True,
  25. )
  26. secret_key = fields.Char(
  27. default=lambda s: pyotp.random_base32(),
  28. required=True,
  29. )
  30. qr_code_tag = fields.Html(
  31. compute='_compute_qr_code_tag',
  32. string='QR Code',
  33. help='Scan this image with your authentication app to add your'
  34. ' account',
  35. )
  36. user_id = fields.Many2one(
  37. comodel_name='res.users',
  38. default=lambda s: s._default_user_id(),
  39. required=True,
  40. string='Associated User',
  41. help='This is the user whose account the new authentication app/device'
  42. ' will be tied to',
  43. readonly=True,
  44. index=True,
  45. ondelete='cascade',
  46. )
  47. confirmation_code = fields.Char(
  48. string='Confirmation Code',
  49. help='Enter the latest six digit code generated by your authentication'
  50. ' app',
  51. required=True,
  52. )
  53. @api.model
  54. def _default_user_id(self):
  55. user_id = self.env.context.get('uid')
  56. return self.env['res.users'].browse(user_id)
  57. @api.multi
  58. @api.depends(
  59. 'secret_key',
  60. 'user_id.display_name',
  61. 'user_id.company_id.display_name',
  62. )
  63. def _compute_qr_code_tag(self):
  64. for record in self:
  65. if not record.user_id:
  66. continue
  67. totp = pyotp.TOTP(record.secret_key)
  68. provisioning_uri = totp.provisioning_uri(
  69. record.user_id.display_name.encode('utf-8'),
  70. issuer_name=record.user_id.company_id.display_name,
  71. )
  72. provisioning_uri = urllib.quote(provisioning_uri)
  73. qr_width = qr_height = 300
  74. tag_base = '<img src="/report/barcode/?type=QR&amp;'
  75. tag_params = 'value=%s&amp;width=%s&amp;height=%s">' % (
  76. provisioning_uri,
  77. qr_width,
  78. qr_height
  79. )
  80. record.qr_code_tag = tag_base + tag_params
  81. @api.multi
  82. def action_create(self):
  83. self.ensure_one()
  84. self._perform_validations()
  85. self._create_authenticator()
  86. action_data = self.env.ref('base.action_res_users_my').read()[0]
  87. action_data.update({'res_id': self.user_id.id})
  88. return action_data
  89. @api.multi
  90. def _perform_validations(self):
  91. totp = pyotp.TOTP(self.secret_key)
  92. if not totp.verify(self.confirmation_code):
  93. raise ValidationError(_(
  94. 'Your confirmation code is not correct. Please try again,'
  95. ' making sure that your MFA device is set to the correct time'
  96. ' and that you have entered the most recent code generated by'
  97. ' your authentication app.'
  98. ))
  99. @api.multi
  100. def _create_authenticator(self):
  101. self.env['res.users.authenticator'].create({
  102. 'name': self.name,
  103. 'secret_key': self.secret_key,
  104. 'user_id': self.user_id.id,
  105. })