Rooba
/
tacticalrmm
mirror of https://github.com/amidaware/tacticalrmm.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fake 2-factor when debug is true

This commit is contained in:
wh1te909 2020-02-02 07:29:48 +00:00
parent 64ad539c76
commit 4621dba3d3
1 changed files with 12 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
api/tacticalrmm/accounts/views.py
View File

@ -32,9 +32,16 @@ class LoginView(KnoxLoginView):
permission_classes = (AllowAny,) permission_classes = (AllowAny,)
def post(self, request, format=None): def post(self, request, format=None):
valid = False
token = request.data["twofactor"] token = request.data["twofactor"]
totp = pyotp.TOTP(settings.TWO_FACTOR_OTP) totp = pyotp.TOTP(settings.TWO_FACTOR_OTP)
if totp.verify(token, valid_window=1):
if settings.DEBUG and token == "sekret":
valid = True
elif totp.verify(token, valid_window=1):
valid = True
if valid:
serializer = AuthTokenSerializer(data=request.data) serializer = AuthTokenSerializer(data=request.data)
serializer.is_valid(raise_exception=True) serializer.is_valid(raise_exception=True)
user = serializer.validated_data["user"] user = serializer.validated_data["user"]
@ -50,7 +57,10 @@ class LoginView(KnoxLoginView):
def installer_twofactor(request): def installer_twofactor(request):
token = request.data["twofactorToken"] token = request.data["twofactorToken"]
totp = pyotp.TOTP(settings.TWO_FACTOR_OTP) totp = pyotp.TOTP(settings.TWO_FACTOR_OTP)
if totp.verify(token, valid_window=1):
if settings.DEBUG and token == "sekret":
return Response("ok")
elif totp.verify(token, valid_window=1):
return Response("ok") return Response("ok")
else: else:
return Response("bad 2 factor code", status=status.HTTP_400_BAD_REQUEST) return Response("bad 2 factor code", status=status.HTTP_400_BAD_REQUEST)