Merge branch 'MFA'

mkalioby · Jan 20, 2019 · 775f962 · 775f962
2 parents 2bd27f0 + d689ed6
commit 775f962
Show file tree

Hide file tree

Showing 127 changed files with 30,467 additions and 21 deletions.
diff --git a/...p/autoDeploy/templates/account/login.html → .../autoDeploy/accounts/templates/login.html b/...p/autoDeploy/templates/account/login.html → .../autoDeploy/accounts/templates/login.html
diff --git a/.../autoDeploy/templates/account/logout.html → ...autoDeploy/accounts/templates/logout.html b/.../autoDeploy/templates/account/logout.html → ...autoDeploy/accounts/templates/logout.html
diff --git a/webapp/autoDeploy/accounts/templates/mfa_auth_base.html b/webapp/autoDeploy/accounts/templates/mfa_auth_base.html
@@ -0,0 +1 @@
+{% extends "base.html" %}
diff --git a/webapp/autoDeploy/accounts/views.py b/webapp/autoDeploy/accounts/views.py
@@ -4,9 +4,18 @@
 from django.shortcuts import render, render_to_response,redirect
 from django.contrib.auth import authenticate, login,logout
 from django.template import RequestContext
-from autoDeploy import settings
+from django.conf import settings
 
+def log_user_in(request,username):
+    from django.contrib.auth.models import User
+    user=User.objects.get(username=username)
+    user.backend='django.contrib.auth.backends.ModelBackend'
+    login(request, user)
 
+    if "redirect" in request.POST:
+        return redirect(request.POST["redirect"])
+    else:
+        return redirect(settings.BASE_URL)
 
 def check(request):
     if request.method=="POST":
@@ -15,24 +24,22 @@ def check(request):
         password = request.POST['password']
         user = authenticate(username=username, password=password)
         err=""
-        print "Hi"
         if user is not None:
             if user.is_active:
-                login(request, user)
-                if "redirect" in request.POST:
-                    return redirect(request.POST["redirect"])
-                else:
-                    return redirect(settings.BASE_URL)
-                # Redirect to a success page.
+                if "mfa" in settings.INSTALLED_APPS:
+                    from mfa.helpers import has_mfa
+                    res =  has_mfa(request,username=username)
+                    if res: return res
+                    return log_user_in(request,username)
             else:
                 err="This user is NOT activated yet."
         else:
             err="The username or the password is wrong."
         print "Error:", err
-        return render_to_response("account/login.html",{"err":err},context_instance=RequestContext(request))
+        return render_to_response("login.html",{"err":err},context_instance=RequestContext(request))
     else:
-        return render_to_response("account/login.html",context_instance=RequestContext(request))
+        return render_to_response("login.html",context_instance=RequestContext(request))
 
 def signOut(request):
     logout(request)
-    return render_to_response("account/logout.html",context_instance=RequestContext(request))
+    return render_to_response("logout.html",context_instance=RequestContext(request))
diff --git a/webapp/autoDeploy/autoDeploy/settings.py b/webapp/autoDeploy/autoDeploy/settings.py
@@ -40,7 +40,8 @@
     'autodeploy',
     'django_tables2',
     'django_tables2_reports',
-    'accounts'
+    'accounts',
+    'mfa',
 )
 
 MIDDLEWARE_CLASSES = (
@@ -59,7 +60,7 @@
 TEMPLATES = [
     {
         'BACKEND': 'django.template.backends.django.DjangoTemplates',
-        'DIRS': [os.path.join(BASE_DIR, "templates"),os.path.join(BASE_DIR, "accounts/templates")],
+        'DIRS': [os.path.join(BASE_DIR, "templates")],
         'APP_DIRS': True,
         'OPTIONS': {
             'context_processors': [
@@ -74,9 +75,9 @@
     },
 ]
 
+STATIC_ROOT=BASE_DIR+'/static/'
 WSGI_APPLICATION = 'autoDeploy.wsgi.application'
-STATICFILES_DIRS = (os.path.join(BASE_DIR, "static"),
-)
+STATICFILES_DIRS = ('my_static',)
 
 # Database
 # https://docs.djangoproject.com/en/1.8/ref/settings/#databases
@@ -105,6 +106,7 @@
 
 USE_TZ = True
 
+TITLE="autoDeploy"
 BASE_URL="/"
 # Static files (CSS, JavaScript, Images)
 # https://docs.djangoproject.com/en/1.8/howto/static-files/
@@ -127,4 +129,17 @@
 EMAIL_USE_TLS=True
 EMAIL_FROM="AutoDeploy"
 
-TITLE="autoDeploy"
+
+MFA_UNALLOWED_METHODS=()   # Methods that shouldn't be allowed for the user
+MFA_LOGIN_CALLBACK="accounts.views.log_user_in"            # A function that should be called by username to login the user in session
+MFA_RECHECK=True           # Allow random rechecking of the user
+MFA_RECHECK_MIN=10         # Minimum interval in seconds
+MFA_RECHECK_MAX=30         # Maximum in seconds
+MFA_QUICKLOGIN=True        # Allow quick login for returning users by provide only their 2FA
+
+TOKEN_ISSUER_NAME="Auto Deploy"      #TOTP Issuer name
+
+U2F_APPID="https://localhost"    #URL For U2F
+FIDO_SERVER_ID=u"localhost"      # Server rp id for FIDO2
+FIDO_SERVER_NAME=u"Autodeploy"
+FIDO_LOGIN_URL=BASE_URL
diff --git a/webapp/autoDeploy/autoDeploy/urls.py b/webapp/autoDeploy/autoDeploy/urls.py
@@ -16,9 +16,12 @@
 from django.conf.urls import include, url
 from django.contrib import admin
 import accounts.urls
-
+import mfa
+import mfa.TrustedDevice
 urlpatterns = [
     url(r'^admin/', include(admin.site.urls)),
+    url(r'^mfa/', include(mfa.urls)),
+    url(r'devices/add$', mfa.TrustedDevice.add,name="mfa_add_new_trusted_device"),
     url(r'^accounts/', include(accounts.urls)),
     url(r'^$','autodeploy.views.projects'),
     url(r'add_project','autodeploy.views.add_project'),

diff --git a/webapp/autoDeploy/autodeploy/migrations/0017_auto_20180812_1025.py b/webapp/autoDeploy/autodeploy/migrations/0017_auto_20180812_1025.py
@@ -8,6 +8,7 @@ class Migration(migrations.Migration):
 
     dependencies = [
         ('autodeploy', '0016_auto_20180807_1651'),
+        ('contenttypes', '0002_remove_content_type_name'),
     ]
 
     operations = [

diff --git a/webapp/autoDeploy/templates/add_project.html → ...loy/autodeploy/templates/add_project.html b/webapp/autoDeploy/templates/add_project.html → ...loy/autodeploy/templates/add_project.html
diff --git a/webapp/autoDeploy/templates/add_server.html → ...ploy/autodeploy/templates/add_server.html b/webapp/autoDeploy/templates/add_server.html → ...ploy/autodeploy/templates/add_server.html
diff --git a/webapp/autoDeploy/templates/add_sshkey.html → ...ploy/autodeploy/templates/add_sshkey.html b/webapp/autoDeploy/templates/add_sshkey.html → ...ploy/autodeploy/templates/add_sshkey.html
diff --git a/webapp/autoDeploy/templates/base.html → ...autoDeploy/autodeploy/templates/base.html b/webapp/autoDeploy/templates/base.html → ...autoDeploy/autodeploy/templates/base.html
@@ -88,7 +88,16 @@
 
             <ul class="nav navbar-top-links navbar-right">
                     {% if user.is_authenticated %}
-                        <a href="{{ BASE_URL }}accounts/logout" style="margin-right: 25px;position: relative;top: 10px"><span class="fa fa-sign-out" title="Log out"></span></a>
+
+                        <a href='javascript:void(0)' data-toggle="dropdown" id="userDropdown" style="margin-right: 25px;position: relative;top: 10px"><span class="fa fa-2x fa-user" title="User"></span></a>
+                        <ul class="dropdown-menu"  aria-labelledby="userDropdown">
+                        <li><a href="{% url 'mfa_home' %}">Security</a> </li>
+                        {% if request.user.is_staff or  request.user.is_superuser%}
+                            <li><a href="{{ BASE_URL }}admin">Admin Interface</a></li>
+                        {% endif %}
+                        <li role="separator" class="divider"></li>
+                        <li><a href="{{ BASE_URL }}accounts/logout">Log out</a></li>
+                        </ul>
                     {% endif %}
             </ul>
             <!-- /.navbar-top-links -->

diff --git a/webapp/autoDeploy/templates/clone.html → ...utoDeploy/autodeploy/templates/clone.html b/webapp/autoDeploy/templates/clone.html → ...utoDeploy/autodeploy/templates/clone.html
diff --git a/webapp/autoDeploy/templates/confirm.html → ...oDeploy/autodeploy/templates/confirm.html b/webapp/autoDeploy/templates/confirm.html → ...oDeploy/autodeploy/templates/confirm.html
diff --git a/webapp/autoDeploy/templates/deploy.html → ...toDeploy/autodeploy/templates/deploy.html b/webapp/autoDeploy/templates/deploy.html → ...toDeploy/autodeploy/templates/deploy.html
diff --git a/webapp/autoDeploy/templates/deploy2.html → ...oDeploy/autodeploy/templates/deploy2.html b/webapp/autoDeploy/templates/deploy2.html → ...oDeploy/autodeploy/templates/deploy2.html
diff --git a/...p/autoDeploy/templates/django-table2.html → ...y/autodeploy/templates/django-table2.html b/...p/autoDeploy/templates/django-table2.html → ...y/autodeploy/templates/django-table2.html
diff --git a/webapp/autoDeploy/templates/modify.html → ...toDeploy/autodeploy/templates/modify.html b/webapp/autoDeploy/templates/modify.html → ...toDeploy/autodeploy/templates/modify.html
diff --git a/.../autoDeploy/templates/servers_status.html → .../autodeploy/templates/servers_status.html b/.../autoDeploy/templates/servers_status.html → .../autodeploy/templates/servers_status.html
diff --git a/webapp/autoDeploy/templates/table.html → ...utoDeploy/autodeploy/templates/table.html b/webapp/autoDeploy/templates/table.html → ...utoDeploy/autodeploy/templates/table.html
diff --git a/webapp/autoDeploy/install.sh b/webapp/autoDeploy/install.sh
@@ -0,0 +1,6 @@
+python manage.py migrate auth
+python manage.py migrate admin
+python manage.py migrate contenttypes
+python manage.py migrate
+python manage.py createsuperuser
+