From 4621dba3d3bc359e96b418333e5bda91385a160e Mon Sep 17 00:00:00 2001 From: wh1te909 Date: Sun, 2 Feb 2020 07:29:48 +0000 Subject: [PATCH] fake 2-factor when debug is true --- api/tacticalrmm/accounts/views.py | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/api/tacticalrmm/accounts/views.py b/api/tacticalrmm/accounts/views.py index 1f5cecff..8d022e6c 100644 --- a/api/tacticalrmm/accounts/views.py +++ b/api/tacticalrmm/accounts/views.py @@ -32,9 +32,16 @@ class LoginView(KnoxLoginView): permission_classes = (AllowAny,) def post(self, request, format=None): + valid = False token = request.data["twofactor"] totp = pyotp.TOTP(settings.TWO_FACTOR_OTP) - if totp.verify(token, valid_window=1): + + if settings.DEBUG and token == "sekret": + valid = True + elif totp.verify(token, valid_window=1): + valid = True + + if valid: serializer = AuthTokenSerializer(data=request.data) serializer.is_valid(raise_exception=True) user = serializer.validated_data["user"] @@ -50,7 +57,10 @@ class LoginView(KnoxLoginView): def installer_twofactor(request): token = request.data["twofactorToken"] totp = pyotp.TOTP(settings.TWO_FACTOR_OTP) - if totp.verify(token, valid_window=1): + + if settings.DEBUG and token == "sekret": + return Response("ok") + elif totp.verify(token, valid_window=1): return Response("ok") else: return Response("bad 2 factor code", status=status.HTTP_400_BAD_REQUEST)