fake 2-factor when debug is true

2020-02-02 07:29:48 +00:00 · 2020-02-02 07:29:48 +00:00 · 4621dba3d3
parent 64ad539c76
commit 4621dba3d3
1 changed files with 12 additions and 2 deletions
--- a/api/tacticalrmm/accounts/views.py
+++ b/api/tacticalrmm/accounts/views.py
@ -32,9 +32,16 @@ class LoginView(KnoxLoginView):
    permission_classes = (AllowAny,)

    def post(self, request, format=None):
+        valid = False
        token = request.data["twofactor"]
        totp = pyotp.TOTP(settings.TWO_FACTOR_OTP)
-        if totp.verify(token, valid_window=1):
+        
+        if settings.DEBUG and token == "sekret":
+            valid = True
+        elif totp.verify(token, valid_window=1):
+            valid = True
+        
+        if valid:
            serializer = AuthTokenSerializer(data=request.data)
            serializer.is_valid(raise_exception=True)
            user = serializer.validated_data["user"]
@ -50,7 +57,10 @@ class LoginView(KnoxLoginView):
 def installer_twofactor(request):
    token = request.data["twofactorToken"]
    totp = pyotp.TOTP(settings.TWO_FACTOR_OTP)
-    if totp.verify(token, valid_window=1):
+
+    if settings.DEBUG and token == "sekret":
+        return Response("ok")
+    elif totp.verify(token, valid_window=1):
        return Response("ok")
    else:
        return Response("bad 2 factor code", status=status.HTTP_400_BAD_REQUEST)