使用自定义视图的django-otp实现

时间:2019-02-05 12:48:37

标签: django two-factor-authentication

我一直在尝试使用自定义“表单和视图”将django-otpqrcode一起实现。问题是我对自己的实现是否正确感到有些困惑。正如文档指出的那样,request.user.is_verified()属性已添加到经过OTP验证的用户,实际上我无法正确使用它。已使用Microsoft Authenticator应用程序为使用QR码设置的用户创建了已确认的TOTP设备。

我能够成功实施默认的管理网站OTP验证,而没有任何问题。以下是自定义实现的文件。

urls.py

from django.conf.urls import url
from account.views import AccountLoginView, AccountHomeView, AccountLogoutView

urlpatterns = [
    url(r'^login/$', AccountLoginView.as_view(), name='account-login',),
    url(r'^home/$', AccountHomeView.as_view(), name='account-home',),
    url(r'^logout/$', AccountLogoutView.as_view(), name='account-logout',)
]

views.py

from django.contrib.auth import authenticate, login as auth_login
from django.views.generic.base import TemplateView
from django.views.generic.edit import FormView
from django_otp.forms import OTPAuthenticationForm

class AccountLoginView(FormView):

    template_name = 'login.html'
    form_class = OTPAuthenticationForm
    success_url = '/account/home/'

    def form_invalid(self, form):
        return super().form_invalid(form)

    def form_valid(self, form):

        # self.request.user returns AnonymousUser
        # self.request.user.is_authenticated returns False
        # self.request.user.is_verified() returns False

        username = form.cleaned_data.get('username')
        password = form.cleaned_data.get('password')
        otp_token = form.cleaned_data.get('otp_token')
        otp_device = form.cleaned_data.get('otp_device')

        user = authenticate(request=self.request, username=username, password=password)

        if user is not None:

            device_match = match_token(user=user, token=otp_token)

            # device_match returns None

            auth_login(self.request, user)

            # self.request.user returns admin@mywebsite.com
            # self.request.user.authenticated returns True
            # self.request.user.is_verified returns AttributeError 'User' object has no attribute 'is_verified'
            # user.is_verified returns AttributeError 'User' object has no attribute 'is_verified'

        return super().form_valid(form)

class AccountHomeView(TemplateView):
    template_name = 'account.html'

    def get(self, request, *args, **kwargs):

        # request.user.is_authenticated returns True
        # request.user.is_verified() returns False

        return super(AccountHomeView, self).get(request, *args, **kwargs)

    def get_context_data(self, **kwargs):
        context = super().get_context_data(**kwargs)
        context['data'] = 'This is secured text'
        return context

login.html

<!DOCTYPE html>
<html lang="en">
    <head>
        <meta charset="UTF-8">
        <title>Login</title>
    </head>
    <body>
        <form action="." method="post">

            {% csrf_token %}

            {{ form.non_field_errors }}

            <div class="fieldWrapper">
                {{ form.username.errors }}
                <label for="{{ form.username.id_for_label }}">{{ form.username.label_tag }}</label>
                {{ form.username }}
            </div>

            <div class="fieldWrapper">
                {{ form.password.errors }}
                <label for="{{ form.password.id_for_label }}">{{ form.password.label_tag }}</label>
                {{ form.password }}
            </div>

            {% if form.get_user %}
                <div class="fieldWrapper">
                    {{ form.otp_device.errors }}
                    <label for="{{ form.otp_device.id_for_label }}">{{ form.otp_device.label_tag }}</label>
                    {{ form.otp_device }}
                </div>
            {% endif %}

            <div class="fieldWrapper">
                {{ form.otp_token.errors }}
                <label for="{{ form.otp_token.id_for_label }}">{{ form.otp_token.label_tag }}</label>
                {{ form.otp_token }}
            </div>

            <input type="submit" value="Log In" />

            {% if form.get_user %}
                <input type="submit" name="otp_challenge" value="Get Challenge" />
            {% endif %}

        </form>
    </body>
</html>

任何人都可以让我知道我想念的是什么。我希望能够使用现有的OTP表单类使用自己的视图进行身份验证和验证。

请咨询。

0 个答案:

没有答案