haiwen/seahub
1
0
Fork 0
mirror of https://github.com/haiwen/seahub.git synced 2025-09-20 19:08:21 +00:00
Code Issues Releases Wiki Activity

support two factor authentication

Browse Source
This commit is contained in:
Shuai Lin
2016-04-15 09:08:22 +08:00
parent 37f6648a12
commit 3d04bfea6d
9 changed files with 65 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
seahub/auth/views.py
View File

@@ -28,6 +28,7 @@ from seahub.profile.models import Profile
from seahub.utils import is_ldap_user from seahub.utils import is_ldap_user
from seahub.utils.http import is_safe_url from seahub.utils.http import is_safe_url
from seahub.utils.ip import get_remote_ip from seahub.utils.ip import get_remote_ip
from seahub.utils.two_factor_auth import two_factor_auth_enabled, handle_two_factor_auth
from constance import config from constance import config
@@ -43,14 +44,17 @@ def log_user_in(request, user, redirect_to):
if not is_safe_url(url=redirect_to, host=request.get_host()): if not is_safe_url(url=redirect_to, host=request.get_host()):
redirect_to = settings.LOGIN_REDIRECT_URL redirect_to = settings.LOGIN_REDIRECT_URL
# Okay, security checks complete. Log the user in.
auth_login(request, user)
if request.session.test_cookie_worked(): if request.session.test_cookie_worked():
request.session.delete_test_cookie() request.session.delete_test_cookie()
_clear_login_failed_attempts(request) _clear_login_failed_attempts(request)
if two_factor_auth_enabled(user):
return handle_two_factor_auth(request, user, redirect_to)
# Okay, security checks complete. Log the user in.
auth_login(request, user)
return HttpResponseRedirect(redirect_to) return HttpResponseRedirect(redirect_to)
def _get_login_failed_attempts(username=None, ip=None): def _get_login_failed_attempts(username=None, ip=None):

3
seahub/profile/templates/profile/set_profile.html
View File

@@ -15,6 +15,9 @@
<li class="tab"><a href="#default-lib">{% trans "Default Library" %}</a></li> <li class="tab"><a href="#default-lib">{% trans "Default Library" %}</a></li>
{% endif %} {% endif %}
<li class="tab"><a href="#del-account">{% trans "Delete Account" %}</a></li> <li class="tab"><a href="#del-account">{% trans "Delete Account" %}</a></li>
{% if two_factor_auth_enabled %}
<li class="tab"><a href="{% url 'two_factor:profile' %}">{% trans "Security" %}</a></li>
{% endif %}
</ul> </ul>
</div> </div>

16
seahub/profile/urls.py
View File

@@ -1,4 +1,5 @@
from django.conf.urls import patterns, url from django.conf.urls import patterns, url, include
from seahub.utils.two_factor_auth import HAS_TWO_FACTOR_AUTH
urlpatterns = patterns('seahub.profile.views', urlpatterns = patterns('seahub.profile.views',
# url(r'^list_user/$', 'list_userids', name="list_userids"), # url(r'^list_user/$', 'list_userids', name="list_userids"),
@@ -6,7 +7,14 @@ urlpatterns = patterns('seahub.profile.views',
url(r'^(?P<user>[^/]+)/get/$', 'get_user_profile', name="get_user_profile"), url(r'^(?P<user>[^/]+)/get/$', 'get_user_profile', name="get_user_profile"),
url(r'^delete/$', 'delete_user_account', name="delete_user_account"), url(r'^delete/$', 'delete_user_account', name="delete_user_account"),
url(r'^default-repo/$', 'default_repo', name="default_repo"), url(r'^default-repo/$', 'default_repo', name="default_repo"),
)
url(r'^(?P<username>[^/]*)/$', 'user_profile', name="user_profile"),
# url(r'^logout/$', 'logout_relay', name="logout_relay"), if HAS_TWO_FACTOR_AUTH:
urlpatterns += patterns('',
(r'^two_factor_authentication/', include('seahub_extra.two_factor.urls', 'two_factor')),
)
# Move the catch-all pattern to the end.
urlpatterns += patterns('seahub.profile.views',
url(r'^(?P<username>[^/]*)/$', 'user_profile', name="user_profile"),
) )

5
seahub/profile/views.py
View File

@@ -1,4 +1,5 @@
# encoding: utf-8 # encoding: utf-8
from constance import config
from django.conf import settings from django.conf import settings
import json import json
from django.core.urlresolvers import reverse from django.core.urlresolvers import reverse
@@ -21,6 +22,7 @@ from seahub.base.templatetags.seahub_tags import email2nickname
from seahub.contacts.models import Contact from seahub.contacts.models import Contact
from seahub.options.models import UserOptions, CryptoOptionNotSetError from seahub.options.models import UserOptions, CryptoOptionNotSetError
from seahub.utils import is_ldap_user from seahub.utils import is_ldap_user
from seahub.utils.two_factor_auth import HAS_TWO_FACTOR_AUTH
from seahub.views import get_owned_repo_list from seahub.views import get_owned_repo_list
@login_required @login_required
@@ -73,6 +75,8 @@ def edit_profile(request):
owned_repos = get_owned_repo_list(request) owned_repos = get_owned_repo_list(request)
owned_repos = filter(lambda r: not r.is_virtual, owned_repos) owned_repos = filter(lambda r: not r.is_virtual, owned_repos)
two_factor_auth_enabled = HAS_TWO_FACTOR_AUTH and config.ENABLE_TWO_FACTOR_AUTH
return render_to_response('profile/set_profile.html', { return render_to_response('profile/set_profile.html', {
'form': form, 'form': form,
'server_crypto': server_crypto, 'server_crypto': server_crypto,
@@ -82,6 +86,7 @@ def edit_profile(request):
'owned_repos': owned_repos, 'owned_repos': owned_repos,
'is_pro': is_pro_version(), 'is_pro': is_pro_version(),
'is_ldap_user': is_ldap_user(request.user), 'is_ldap_user': is_ldap_user(request.user),
'two_factor_auth_enabled': two_factor_auth_enabled,
}, context_instance=RequestContext(request)) }, context_instance=RequestContext(request))
@login_required @login_required

3
seahub/settings.py
View File

@@ -533,6 +533,8 @@ ADD_REPLY_TO_HEADER = False
CLOUD_DEMO_USER = 'demo@seafile.com' CLOUD_DEMO_USER = 'demo@seafile.com'
ENABLE_TWO_FACTOR_AUTH = False
##################### #####################
# External settings # # External settings #
##################### #####################
@@ -631,4 +633,5 @@ CONSTANCE_CONFIG = {
'USER_PASSWORD_STRENGTH_LEVEL': (USER_PASSWORD_STRENGTH_LEVEL,''), 'USER_PASSWORD_STRENGTH_LEVEL': (USER_PASSWORD_STRENGTH_LEVEL,''),
'SHARE_LINK_PASSWORD_MIN_LENGTH': (SHARE_LINK_PASSWORD_MIN_LENGTH,''), 'SHARE_LINK_PASSWORD_MIN_LENGTH': (SHARE_LINK_PASSWORD_MIN_LENGTH,''),
'ENABLE_TWO_FACTOR_AUTH': (ENABLE_TWO_FACTOR_AUTH,''),
} }

6
seahub/templates/sysadmin/settings.html
View File

@@ -73,6 +73,12 @@
{% endwith %} {% endwith %}
</div> </div>
{% if has_two_factor_auth %}
{% with type="checkbox" setting_display_name="enable two factor authentication" help_tip="Enable two factor authentication" setting_name="ENABLE_TWO_FACTOR_AUTH" setting_val=config_dict.ENABLE_TWO_FACTOR_AUTH %}
{% include "snippets/web_settings_form.html" %}
{% endwith %}
{% endif %}
<h4>Library</h4> <h4>Library</h4>
<div> <div>

9
seahub/utils/two_factor_auth.py Normal file
View File

@@ -0,0 +1,9 @@
# encoding: utf-8
try:
from seahub_extra.two_factor.views.login import two_factor_auth_enabled, handle_two_factor_auth
HAS_TWO_FACTOR_AUTH = True
except ImportError:
two_factor_auth_enabled = lambda *a: False
handle_two_factor_auth = None
HAS_TWO_FACTOR_AUTH = False

9
seahub/views/sysadmin.py
View File

@@ -67,6 +67,7 @@ try:
from seahub.settings import MULTI_TENANCY from seahub.settings import MULTI_TENANCY
except ImportError: except ImportError:
MULTI_TENANCY = False MULTI_TENANCY = False
from seahub.utils.two_factor_auth import HAS_TWO_FACTOR_AUTH
logger = logging.getLogger(__name__) logger = logging.getLogger(__name__)
@@ -2185,7 +2186,7 @@ def sys_settings(request):
if not dj_settings.ENABLE_SETTINGS_VIA_WEB: if not dj_settings.ENABLE_SETTINGS_VIA_WEB:
raise Http404 raise Http404
DIGIT_WEB_SETTINGS = ( DIGIT_WEB_SETTINGS = [
'DISABLE_SYNC_WITH_ANY_FOLDER', 'ENABLE_SIGNUP', 'DISABLE_SYNC_WITH_ANY_FOLDER', 'ENABLE_SIGNUP',
'ACTIVATE_AFTER_REGISTRATION', 'REGISTRATION_SEND_MAIL', 'ACTIVATE_AFTER_REGISTRATION', 'REGISTRATION_SEND_MAIL',
'LOGIN_REMEMBER_DAYS', 'REPO_PASSWORD_MIN_LENGTH', 'LOGIN_REMEMBER_DAYS', 'REPO_PASSWORD_MIN_LENGTH',
@@ -2194,7 +2195,10 @@ def sys_settings(request):
'USER_PASSWORD_STRENGTH_LEVEL', 'SHARE_LINK_PASSWORD_MIN_LENGTH', 'USER_PASSWORD_STRENGTH_LEVEL', 'SHARE_LINK_PASSWORD_MIN_LENGTH',
'ENABLE_USER_CREATE_ORG_REPO', 'FORCE_PASSWORD_CHANGE', 'ENABLE_USER_CREATE_ORG_REPO', 'FORCE_PASSWORD_CHANGE',
'LOGIN_ATTEMPT_LIMIT', 'FREEZE_USER_ON_LOGIN_FAILED', 'LOGIN_ATTEMPT_LIMIT', 'FREEZE_USER_ON_LOGIN_FAILED',
) ]
if HAS_TWO_FACTOR_AUTH:
DIGIT_WEB_SETTINGS.append('ENABLE_TWO_FACTOR_AUTH')
STRING_WEB_SETTINGS = ('SERVICE_URL', 'FILE_SERVER_ROOT',) STRING_WEB_SETTINGS = ('SERVICE_URL', 'FILE_SERVER_ROOT',)
@@ -2241,6 +2245,7 @@ def sys_settings(request):
return render_to_response('sysadmin/settings.html', { return render_to_response('sysadmin/settings.html', {
'config_dict': config_dict, 'config_dict': config_dict,
'has_two_factor_auth': HAS_TWO_FACTOR_AUTH,
}, context_instance=RequestContext(request)) }, context_instance=RequestContext(request))
@login_required_ajax @login_required_ajax

9
thirdpart/registration/auth_urls.py
View File

@@ -27,6 +27,7 @@ from django.conf import settings
from django.conf.urls import patterns, url from django.conf.urls import patterns, url
from seahub.auth import views as auth_views from seahub.auth import views as auth_views
from seahub.utils.two_factor_auth import HAS_TWO_FACTOR_AUTH
urlpatterns = patterns('', urlpatterns = patterns('',
url(r'^password/change/$', url(r'^password/change/$',
@@ -72,3 +73,11 @@ else:
{'template_name': 'registration/logout.html'}, {'template_name': 'registration/logout.html'},
name='auth_logout'), name='auth_logout'),
) )
if HAS_TWO_FACTOR_AUTH:
from seahub_extra.two_factor.views.login import TwoFactorVerifyView
urlpatterns += patterns('',
url(r'^login/two-factor-auth/$',
TwoFactorVerifyView.as_view(),
name='two_factor_auth'),
)