Supporting Email Token

mkalioby · Jan 21, 2019 · 97e4a3a · 97e4a3a
1 parent 8e7aea2
commit 97e4a3a
Show file tree

Hide file tree

Showing 3 changed files with 16 additions and 3 deletions.
diff --git a/README.md b/README.md
@@ -1,12 +1,12 @@
 # django-mfa2
-A Django app that handles MFA, it supports TOTP, U2F, FIDO2 U2F (Web Authn), and Trusted Devices
+A Django app that handles MFA, it supports TOTP, U2F, FIDO2 U2F (Web Authn), Email Tokens , and Trusted Devices
 
 
 For FIDO2, both security keys and android-safetynet are supported.
 
 Trusted device is a mode for the user to add a device that doesn't support security keys like iOS and andriod without fingerprints or NFC.
 
-`*Note*: U2F and FIDO2 can only be served under secure context (https)`
+`**Note**: U2F and FIDO2 can only be served under secure context (https)`
 
 Depends on
 
@@ -44,6 +44,13 @@ Depends on
    FIDO_SERVER_NAME=u"MDL"
    FIDO_LOGIN_URL=BASE_URL
    ```
+   **Method Names**
+   * U2F
+   * FIDO2
+   * TOTP
+   * Trusted_Devices
+   * Email
+
 1. Break your login function
 
    Usually your login function will check for username and password, log the user in if the username and password are correct and create the user session, to support mfa, this has to change
@@ -77,6 +84,7 @@ Depends on
     ```
 1. Provide `mfa_auth_base.html` in your templaes with block called 'head' and 'content'
     The template will be included during the user login.
+    If you will use Email Token method, then you have to provide template named `mfa_email_token_template.html` that will content the format of the email with parameter named `user` and `otp`.
 1. To match the look and feel of your project, MFA includes `base.html` but it needs blocks named `head` & `content` to added its content to it.
 1. Somewhere in your app, add a link to 'mfa_home'
 ```<l><a href="{% url 'mfa_home' %}">Security</a> </l>```

diff --git a/mfa/Email.py b/mfa/Email.py
@@ -46,6 +46,10 @@ def auth(request):
                 mfa["next_check"] = int((datetime.datetime.now() + datetime.timedelta(
                     seconds = random.randint(settings.MFA_RECHECK_MIN, settings.MFA_RECHECK_MAX))).strftime("%s"))
             request.session["mfa"] = mfa
+            uk=User_Keys.objects.get(username=request.session["base_username"],key_type="Email")
+            from django.utils import timezone
+            uk.last_used=timezone.now()
+            uk.save()
             return login(request)
         context["invalid"]=True
     else:

diff --git a/setup.py b/setup.py
@@ -4,7 +4,7 @@
 
 setup(
     name='django-mfa2',
-    version='0.8.8',
+    version='0.9.0',
     description='Allows user to add 2FA to their accounts',
     author='Mohamed El-Kalioby',
     author_email = '[email protected]',
@@ -23,6 +23,7 @@
         'user-agents',
         'python-jose',
         'fido2==0.5'
+        'jsonLookup'
       ],
     include_package_data=True,
       zip_safe=False, # because we're including static files