Bases: object
Came from handling.
Plone came_from field had to be taken out of the login form, so that users always get the token validation screen, prior to being redirected to page they came from. The came_from is instead extracted from referer and handled in such a way, that Plone functionality stays intact.
In cases your existing package smuggles with came_from (for example, you want users first to accept terms and conditions prior redirection), you would likely need to define a new adapter and make appropriate changes to the getCameFrom method.
| Example : |
|---|
>>> from zope.interface import implements
>>> from plone import api
>>> from collective.smsauthenticator.helpers import extract_next_url_from_referer
>>> from collective.smsauthenticator.adapter import ICameFrom
>>>
>>> class CameFromAdapter(object):
>>> implements(ICameFrom)
>>>
>>> def __init__(self, request):
>>> self.request = request
>>>
>>> def getCameFrom(self):
>>> real_referrer = extract_next_url_from_referer(self.request)
>>> portal = api.portal.get()
>>> if not real_referrer:
>>> real_referrer = portal.absolute_url()
>>> referrer = "{0}/tac-form/?came_from={1}".format(portal.portal_url(), real_referrer)
>>> return referrer
Bases: plone.app.users.browser.personalpreferences.UserDataPanelAdapter
Adapter for collective.smsauthenticator.userdataschema.IEnhancedUserDataSchema.
The helper module contains various methods for api security and for downloading files
Disable two-step verification for the list of users given.
Enable two-step verification for the list of users given.
Extracts client’s IP address from request. This is not the safest solution, since client may change headers.
| Parameters: | request (ZPublisher.HTTPRequest) – |
|---|---|
| Return string: |
Since we override the default Plone functionality (take out the came_from from the login form for a very strong reason), we want to make sure that for users, the “came from” functionality stays intact. That why, we check the referer for the came_from attributes and if present, redirect to that after successful two-step verification token validation. :param request ZPublisher.HTTPRequest: :return string: Extracted came_from URL.
Plone seems to strip/escape some special chars (such as ‘+’) from values and those chars are quite important for us. This method extracts the vars from request QUERY_STRING given and returns them unescaped.
| Fixme : | As stated above, for some reason Plone escapes from special chars from the values. If |
|---|
you know what the reason is and if it has some effects on security, please make the changes necessary.
| Parameters: | ZPublisher.HTTPRequest (request) – |
|---|---|
| Return dict: |
Plone seems to strip/escape some special chars (such as ‘+’) from values and those chars are quite important for us. This method extracts the vars from request QUERY_STRING given and returns them unescaped.
| Fixme : | As stated above, for some reason Plone escapes from special chars from the values. If |
|---|
you know what the reason is and if it has some effects on security, please make the changes necessary.
| Parameters: | request_qs (string) – |
|---|---|
| Return dict: |
Gets a random token to reset the mobile number (time based) + random char.
| Parameters: |
|
|---|---|
| Return string: |
Generates secret for the user.
| Parameters: | user (Products.PlonePAS.tools.memberdata) – |
|---|
Gets the SMS Authenticator settings.
Gets domain name (with HTTP).
| Parameters: | request (ZPublisher.HTTPRequest) – |
|---|---|
| Return string: |
Gets browser hash. Adds an extra security layer, since browser version is unlikely to be changed.
| Parameters: | request (ZPublisher.HTTPRequest) – |
|---|---|
| Return string: |
Gets domain name (without HTTP).
| Parameters: | request (ZPublisher.HTTPRequest) – |
|---|---|
| Return string: |
Gets IP addresses white list.
| Parameters: | request (ZPublisher.HTTPRequest) – |
|---|---|
| Return list: |
Gets or creates token secret for the user given. Checks first if user given has a secret generated. If not, generate it for him and save it in his profile (two_step_verification_secret).
| Parameters: | user (Products.PlonePAS.tools.memberdata) – If provided, used. Otherwise plone.api.user.get_current is used to obtain the user. |
|---|---|
| Return string: |
Gets users’ secret code. If hashed is set to True, returned hashed.
| Parameters: |
|
|---|---|
| Return string: |
Gets the secret_key to be used in ska package.
| Parameters: |
|
|---|---|
| Return string: |
Gets the ska token lifetime (in seconds) from settings.
| Return int: |
|---|
Save IP, from which user is logged in, into the system.
| Parameters: |
|
|---|---|
| Return bool: | True on success and False on failure. |
Get user by username given and return member object.
Gets the username of the user.
| Parameters: | user – If given, used to extract the user. Otherwise, plone.api.user.get_current is used. |
|---|---|
| Return string: |
Gets list of white-listed IP addresses.
| Return list: |
|---|
Checks if user has enabled the two-step verification.
| Parameters: | user (Products.PlonePAS.tools.memberdata) – |
|---|---|
| Return bool: |
Checks if the two-step verification is globally enabled.
| Return bool: |
|---|
Checks if client’s IP address is whitelisted.
| Parameters: | request (ZPublisher.HTTPRequest) – |
|---|---|
| Return bool: |
Save IP, from which user is logged in, into the system.
| Parameters: |
|
|---|---|
| Return bool: | True on success and False on failure. |
Sends an SMS to the monile number given for mobile number reset confirmation.
| Parameters: |
|
|---|---|
| Return bool: | True on success and False on failure. |
Sends an SMS to the monile number given for mobile number reset confirmation.
| Parameters: |
|
|---|---|
| Return bool: | True on success and False on failure. |
Sends an SMS to the monile number given for mobile number setup confirmation.
| Parameters: |
|
|---|---|
| Return bool: | True on success and False on failure. |
Sends an SMS to the monile number given for mobile number reset confirmation.
| Parameters: |
|
|---|---|
| Return bool: | True on success and False on failure. |
Signs the user data with ska package. The secret key is secret_key to be used with ska is a combination of:
| Parameters: |
|
|---|---|
| Return string: |
Validates the given code by matching it with one stored in users’ profile.
| Parameters: |
|
|---|---|
| Return bool: |
The idea of this PAS plugin is quite simple. It should check the user profile for the user being logged in and if user has enabled two-step verification for his account (enable_two_step_verification is set to True), then redirect him further to a another page, where he would enter his SMS Authenticator token, after successful validation of which the user would be definitely logged in.
If user has not enabled the two-step verification for his account (enable_two_step_verification is set to False), then do nothing so that Plone continues logging in the user normal way.
Bases: Products.PluggableAuthService.plugins.BasePlugin.BasePlugin
SMS Authenticator PAS Plugin
Place to actually validate the user credentials specified and return a tuple (login, login) on success or (None, None) on failure.
If we find one and two-step verification is not enabled for the account, we consider the authentication passed and log the user in. If two-step verification has been enabled for the account, the first step of authentication is considered to be passed and we go to the next page (having the user and pass remembered), where we check for the token generated by the token generator (SMS Authenticator). If the token is valid too, we log the user in.
@param context: Products.GenericSetup.context.DirectoryImportContext instance
Remove the PAS plugin.
Bases: plone.app.users.browser.personalpreferences.UserDataPanel
Customise the user form shown in personal-preferences.
Fired upon creation of each user. If app setting globally_enabled is set to True, two-step verification would be automatically enabled for the registered users (in that case they would have to go through the mobile number recovery procedure.
The principal value is seems to be a user object, although it does not have the setMemberProperties method defined (that’s why we obtain the user using plone.api, ‘cause that one has it).