perf: otp support sha256

This commit is contained in:
ibuler
2026-06-01 10:19:41 +08:00
committed by 老广
parent a9a92b4621
commit eb13477610
3 changed files with 8 additions and 2 deletions

View File

@@ -560,6 +560,7 @@ class Config(dict):
'OTP_VALID_WINDOW': 2,
'OTP_ISSUER_NAME': 'JumpServer',
'OTP_DIGEST': 'sha1',
'EMAIL_SUFFIX': 'example.com',
# Terminal配置

View File

@@ -10,6 +10,7 @@ from . import exist_or_default
# OTP settings
OTP_ISSUER_NAME = CONFIG.OTP_ISSUER_NAME
OTP_VALID_WINDOW = CONFIG.OTP_VALID_WINDOW
OTP_DIGEST = CONFIG.OTP_DIGEST
# Auth LDAP settings
AUTH_LDAP = CONFIG.AUTH_LDAP

View File

@@ -7,6 +7,7 @@ import re
import time
from contextlib import contextmanager
from urllib.parse import unquote
import hashlib
import pyotp
from django.conf import settings
@@ -18,6 +19,7 @@ from common.utils import reverse, get_object_or_none, ip, safe_next_url
from .models import User
logger = logging.getLogger('jumpserver.users')
otp_digest = hashlib.sha256 if settings.OTP_DIGEST == 'sha256' else hashlib.sha1
def send_user_created_mail(user):
@@ -69,7 +71,8 @@ def redirect_user_first_login_or_index(request, redirect_field_name):
def generate_otp_uri(username, otp_secret_key=None, issuer="JumpServer"):
if otp_secret_key is None:
otp_secret_key = base64.b32encode(os.urandom(10)).decode('utf-8')
totp = pyotp.TOTP(otp_secret_key)
totp = pyotp.TOTP(otp_secret_key, digest=otp_digest)
otp_issuer_name = settings.OTP_ISSUER_NAME or issuer
uri = totp.provisioning_uri(name=username, issuer_name=otp_issuer_name)
return uri, otp_secret_key
@@ -78,7 +81,8 @@ def generate_otp_uri(username, otp_secret_key=None, issuer="JumpServer"):
def check_otp_code(otp_secret_key, otp_code):
if not otp_secret_key or not otp_code:
return False
totp = pyotp.TOTP(otp_secret_key)
totp = pyotp.TOTP(otp_secret_key, digest=otp_digest)
otp_valid_window = settings.OTP_VALID_WINDOW or 0
return totp.verify(otp=otp_code, valid_window=otp_valid_window)