mkalioby · AndreasDickow · Aug 25, 2021 · Oct 6, 2021 · Mar 8, 2022 · Mar 8, 2022
diff --git a/.DS_Store b/.DS_Store
diff --git a/mfa/static/mfa/css/mfa.css b/mfa/static/mfa/css/mfa.css
@@ -0,0 +1,132 @@
+.alert-pr {
+  align-items: center;
+}
+
+.alert-pr > p.success, #res > p.success, .row > success {
+  color: green;
+}
+
+.panel-body > .paragraph {
+  padding-left: 15px;
+}
+
+.panel-body {
+  align-items: center;
+}
+
+#popUpModal {
+  top: 40px;
+}
+
+#popUpModal > .modal-dialog {
+  height: 80%;
+  width: 80%;
+}
+
+#two-factor-steps {
+  border: 1px solid #ccc;
+  border-radius: 3px;
+  padding: 15px;
+}
+
+#two-factor-steps > .row {
+  margin: 0;
+  align-items: center;
+}
+
+/* STYLE CHANGES */
+
+.no-display {
+  display: none;
+}
+
+.inline-display {
+  display: inline;
+}
+
+/* WIDTH AND HEIGHT */
+
+.height-50 {
+  height: 50px;
+}
+
+.width-95-pc {
+  width: 95%;
+}
+
+.height-34 {
+  height: 34px;
+}
+
+.width-230 {
+  width: 230px;
+}
+
+/* PADDINGS */
+
+.padding-3 {
+  padding: 3px;
+}
+
+.padding-top-10 {
+  padding-top: 10px;
+}
+
+.padding-right-30 {
+  padding-right: 30px;
+}
+
+.padding-left-0 {
+  padding-left: 0;
+}
+
+.padding-left-15 {
+  padding-left: 15px
+}
+
+.padding-left-25 {
+  padding-left: 25px
+}
+
+
+/* MARGINS */
+
+.margin-left-50 {
+  margin-left: 50px
+}
+
+/* FONT AND TEXT */
+
+.font-10 {
+  font-size: 10px;
+}
+
+.font-10-pt {
+  font-size: 10pt;
+}
+
+.font-16 {
+  font-size: 16px;
+}
+
+.bold {
+  font-weight: bold;
+}
+
+.text-uppercase {
+  text-transform: uppercase;
+}
+
+.font-calibri {
+  font-family: Calibri, serif;
+}
+
+/* COLOR */
+
+.color-gray {
+  color: #333333;
+}
+
+.color-red {
+  color: red;
+}
diff --git a/mfa/static/mfa/js/EMAIL/recheck.js b/mfa/static/mfa/js/EMAIL/recheck.js
@@ -0,0 +1,30 @@
+$(document).ready(function () {
+    // 1. If the Document is loaded, add an eventlistener to the object with the id=send-totp
+    let sendTotp = document.getElementById('send-totp');
+    sendTotp.addEventListener('click', check_mode)
+    // 2. If the Django-variable "mode" == "recheck", then call send_totp()
+
+});
+
+function check_mode() {
+    const mode = JSON.parse(document.getElementById('recheck-js').textContent);
+    if (mode === 'recheck') {
+        send_totp();
+    }
+}
+
+function send_totp() {
+    const form = $('#formLogin');
+    var formData = new FormData(form);
+    $.ajax({
+        "url": "{% url 'totp_recheck' %}", method: "POST", dataType: "JSON",
+        data: {"csrfmiddlewaretoken": formData.get('csrf_token'), "otp": $("#otp").val()},
+        success: function (data) {
+            if (data["recheck"])
+                mfa_success_function();
+            else {
+                mfa_failed_function();
+            }
+        }
+    })
+}
diff --git a/mfa/static/mfa/js/FIDO2/add.js b/mfa/static/mfa/js/FIDO2/add.js
@@ -0,0 +1,52 @@
+function begin_reg(){
+    var formData = new FormData($('#fido2_form')) 
+    fetch(formData.get('begin'),{}).then(function(response) {
+      if(response.ok)
+      {
+          return response.arrayBuffer();
+      }
+      throw new Error('Error getting registration data!');
+    }).then(CBOR.decode).then(function(options) {
+        options.publicKey.attestation="direct"
+        console.log(options)
+
+      return navigator.credentials.create(options);
+    }).then(function(attestation) {
+      return fetch(formData.get('complete'), {
+        method: 'POST',
+        headers: {'Content-Type': 'application/cbor'},
+        body: CBOR.encode({
+          "attestationObject": new Uint8Array(attestation.response.attestationObject),
+          "clientDataJSON": new Uint8Array(attestation.response.clientDataJSON),
+        })
+      });
+    }).then(function(response) {
+
+        var stat = response.ok ? 'successful' : 'unsuccessful';
+        return response.json()
+    }).then(function (res)
+        {
+      if (res["status"] =='OK')
+            $("#res").html("<div class='alert alert-success'>Registered Successfully, <a href='"+formData.get('redirect')+"'> "+formData.get('success')+"</a></div>")
+        else
+            $("#res").html("<div class='alert alert-danger'>Registration Failed as " + res["message"] + ", <a href='javascript:void(0)' onclick='begin_reg()'> try again or <a href='"+formData.get('home')+"'> Go to Security Home</a></div>")
+
+
+    }, function(reason) {
+       $("#res").html("<div class='alert alert-danger'>Registration Failed as " +reason +", <a href='javascript:void(0)' onclick='begin_reg()'> try again </a> or <a href='"+formData.get('home')+"'> Go to Security Home</a></div>")
+    })
+    }
+    $(document).ready(function (){
+        ua=new UAParser().getResult()
+        if (ua.browser.name == "Safari" || ua.browser.name == "Mobile Safari" )
+        {
+                $("#res").html("<button class='btn btn-success' onclick='begin_reg()'>Start...</button>")
+        }
+        else
+        {
+            setTimeout(begin_reg, 500)
+        }
+    })
+
+
+
diff --git a/mfa/static/mfa/js/FIDO2/recheck.js b/mfa/static/mfa/js/FIDO2/recheck.js
@@ -0,0 +1,65 @@
+function authen() {
+    const begin_url = $('#begin').value;
+    const complete_url = $('u2f_login').attr('action');
+    const mode = $('u2f_login').attr('name') === 'complete' ? 'auth' : 'recheck';
+    fetch(begin_url, {
+        method: 'GET',
+    }).then(function (response) {
+        if (response.ok) return response.arrayBuffer();
+        throw new Error('No credential available to authenticate!');
+    }).then(CBOR.decode).then(function (options) {
+        console.log(options)
+        return navigator.credentials.get(options);
+    }).then(function (assertion) {
+        res = CBOR.encode({
+            "credentialId": new Uint8Array(assertion.rawId),
+            "authenticatorData": new Uint8Array(assertion.response.authenticatorData),
+            "clientDataJSON": new Uint8Array(assertion.response.clientDataJSON),
+            "signature": new Uint8Array(assertion.response.signature)
+        });
+
+        return fetch(complete_url, {
+
+            method: 'POST',
+            headers: {'Content-Type': 'application/cbor'},
+            body: res,
+
+        }).then(function (response) {
+            if (response.ok) return res = response.json()
+        }).then(function (res) {
+            if (res.status == "OK") {
+                $("#msgdiv").addClass("alert alert-success").removeClass("alert-danger")
+                $("#msgdiv").html("Verified....please wait")
+                if (mode == "auth") {
+                    window.location.href = res.redirect;
+                } else if (mode === "recheck") {
+                    mfa_success_function();
+                }
+
+            } else {
+                $("#msgdiv").addClass("alert alert-danger").removeClass("alert-success")
+                $("#msgdiv").html("Verification Failed as " + res.message + ", <a href='javascript:void(0)' onclick='authen())'> try again</a> or <a href='javascript:void(0)' onclick='history.back()'> Go Back</a>")
+
+                if (mode === "recheck") {
+                    mfa_failed_function();
+                }
+            }
+        })
+
+    })
+
+}
+
+$(document).ready(function () {
+    if (location.protocol != 'https:') {
+        $("#main_paragraph").addClass("alert alert-danger")
+        $("#main_paragraph").html("FIDO2 must work under secure context")
+    } else {
+        ua = new UAParser().getResult()
+        if (ua.browser.name == "Safari" || ua.browser.name == "Mobile Safari")
+            $("#res").html("<button class='btn btn-success' onclick='authen()'>Authenticate...</button>")
+        else
+            authen()
+    }
+});
+
diff --git a/mfa/static/mfa/js/TOTP/add.js b/mfa/static/mfa/js/TOTP/add.js
@@ -0,0 +1,53 @@
+var key = "";
+$(document).ready(function addToken() {
+    $.ajax({
+        "url": "{% url 'get_new_otop' %}", dataType: "JSON",
+        success: function (data) {
+            window.key = data.secret_key;
+            var qr = new QRious({
+                element: document.getElementById('qr'),
+                value: data.qr
+            });
+            $("#second_step").show()
+        }
+    })
+
+    // Replace Onclick
+    // $('showTOTP').on('click', showTOTP);
+     document.getElementById('show-TOTP').addEventListener('click', showTOTP);
+     document.getElementById('show-key').addEventListener('click', showKey);
+     document.getElementById('verify').addEventListener('click', verify);
+
+});
+
+function showKey() {
+    $("#modal-title").html("Your Secret Key")
+    $("#modal-body").html("<pre>" + window.key + "</pre")
+    $("#popUpModal").modal('show')
+}
+
+function verify() {
+    answer = $("#answer").val()
+    $.ajax({
+        "url": "{% url 'verify_otop' %}?key=" + key + "&answer=" + answer,
+        success: function (data) {
+            if (data == "Error")
+                alert("You entered wrong numbers, please try again")
+            else {
+                alert("Your authenticator is added successfully.")
+                window.location.href = "{{ redirect_html }}"
+            }
+        }
+    })
+}
+
+function showTOTP() {
+    $("#modal-title").html("One Time Password Apps")
+    html = "<div class='row'><ul>" +
+        "<li>Android: <a href='https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2' target='_blank'>Google Authenticator</a> | <a href='https://play.google.com/store/apps/details?id=com.authy.authy' target='_blank'>Authy</a></li>"
+    html += "<li>iPhone/iPad: <a href='https://itunes.apple.com/us/app/authy/id494168017' target='_blank'>Authy</a></li> "
+    html += "<li>Chrome: <a href='https://chrome.google.com/webstore/detail/authenticator/bhghoamapcdpbohphigoooaddinpkbai?hl=en'>Google Authenticator</a> | <a href='https://chrome.google.com/webstore/detail/authy/gaedmjdfmmahhbjefcbgaolhhanlaolb?hl=en' target='_blank'>Authy</a></li>"
+    html += "</ul></div>"
+    $("#modal-body").html(html)
+    $('#popUpModal').modal('show')
+}
diff --git a/mfa/static/mfa/js/TOTP/recheck.js b/mfa/static/mfa/js/TOTP/recheck.js
@@ -0,0 +1,25 @@
+$(document).ready(function () {
+    document.getElementById('send-totp').addEventListener('click', check_mode);
+})
+
+function check_mode() {
+    const mode = JSON.parse(document.getElementById('recheck-js').textContent);
+    if (mode === 'recheck') {
+        send_totp();
+    }
+}
+
+function send_totp() {
+    $.ajax({
+        "url": "{% url 'totp_recheck' %}", method: "POST", dataType: "JSON",
+        data: {"csrfmiddlewaretoken": "{{ csrf_token }}", "otp": $("#otp").val()},
+        success: function (data) {
+            if (data["recheck"])
+                mfa_success_function();
+            else {
+                mfa_failed_function();
+            }
+        }
+    })
+
+}
diff --git a/mfa/static/mfa/js/TrustedDevice/add.js b/mfa/static/mfa/js/TrustedDevice/add.js
@@ -0,0 +1,27 @@
+$(document).ready(function () {
+    document.getElementById('formLogin').addEventListener('submit', checkFlag);
+})
+
+function checkFlag() {
+    if ($("#agree").is(":checked"))
+        return true;
+    else
+        alert("Please agree to the statement first");
+    return false;
+}
+
+function checkTrusted() {
+    $.ajax({
+        url: "{% url 'td_checkTrusted' %}",
+        success: function (data) {
+            if (data == "OK")
+                window.location.href = "{% url 'td_securedevice' %}";
+            else
+                setTimeout('checkTrusted()', 2000)
+        }
+
+    })
+
+}
+
+$(document).ready(checkTrusted())