[two factor] Fix sms method for desktop/mobile client.

2025-09-18 00:00:00 +00:00 · 2019-01-02 12:11:26 +08:00
parent aa699dd40f
commit 390e4963ab
3 changed files with 36 additions and 7 deletions
--- a/seahub/api2/serializers.py
+++ b/seahub/api2/serializers.py
@@ -8,6 +8,7 @@ from seahub.auth import authenticate
 from seahub.api2.models import DESKTOP_PLATFORMS
 from seahub.api2.utils import get_token_v1, get_token_v2
 from seahub.profile.models import Profile
+from seahub.two_factor.models import default_device
 from seahub.two_factor.views.login import is_device_remembered
 from seahub.utils.two_factor_auth import has_two_factor_auth, \
        two_factor_auth_enabled, verify_two_factor_token
@@ -118,10 +119,13 @@ class AuthTokenSerializer(serializers.Serializer):

        token = request.META.get('HTTP_X_SEAFILE_OTP', '')
        if not token:
+            # Generate challenge(send sms/call/...) if token is not provided.
+            default_device(user).generate_challenge()
+
            self.two_factor_auth_failed = True
            msg = 'Two factor auth token is missing.'
            raise serializers.ValidationError(msg)
-        if not verify_two_factor_token(user.username, token):
+        if not verify_two_factor_token(user, token):
            self.two_factor_auth_failed = True
            msg = 'Two factor auth token is invalid.'
            raise serializers.ValidationError(msg)
--- a/seahub/two_factor/gateways/seaf_messenger.py
+++ b/seahub/two_factor/gateways/seaf_messenger.py
@@ -0,0 +1,26 @@
+# Copyright (c) 2012-2016 Seafile Ltd.
+import logging
+
+from django.conf import settings
+import requests
+
+
+logger = logging.getLogger(__name__)
+
+
+class SeafMessenger(object):
+    @staticmethod
+    def make_call(device, token):
+        logger.info('Fake call to %s: "Your token is: %s"', device.number, token)
+
+    @staticmethod
+    def send_sms(device, token):
+        api_token = settings.SEAF_MESSAGER_API_TOKEN
+        url = settings.SEAF_MESSAGER_SMS_API
+
+        values = {
+            'phone_num': device.number,
+            'code': token,
+        }
+        requests.post(url, data=values,
+                      headers={'Authorization': 'Token %s' % api_token})
--- a/seahub/two_factor/views/login.py
+++ b/seahub/two_factor/views/login.py
@@ -215,14 +215,13 @@ def handle_two_factor_auth(request, user, redirect_to):
    request.session[SESSION_KEY_TWO_FACTOR_FAILED_ATTEMPT] = 0
    return redirect(reverse('two_factor_auth'))

-def verify_two_factor_token(username, token):
+def verify_two_factor_token(user, token):
    """
-    This function is called when doing the api authentication. We only support
-    totp here to simply the case. Backup token is not supported, because if the
-    user has the backup token, he can always login the website and re-setup the
-    totp.
+    This function is called when doing the api authentication.
+    Backup token is not supported, because if the user has the backup token,
+    he can always login the website and re-setup the totp.
    """
-    device = TOTPDevice.objects.device_for_user(username)
+    device = default_device(user)
    if device:
        return device.verify_token(token)