django-mfa2
django-mfa2 copied to clipboard
Published
20 hours ago •
mkalioby
mkalioby
Add a setting to control the number of generated recovery tokens (at the moment set to 5)
The function genTokens in recovery.py generates 5 tokens by default:
@never_cache
def genTokens(request):
#Delete old ones
delTokens(request)
#Then generate new one
salt = randomGen(15)
hashedKeys = []
clearKeys = []
for i in range(5):
token = randomGen(5) + "-" + randomGen(5)
hashedToken = make_password(token, salt, 'pbkdf2_sha256_custom')
hashedKeys.append(hashedToken)
clearKeys.append(token)
uk=User_Keys()
uk.username = request.user.username
uk.properties={"secret_keys":hashedKeys, "salt":salt}
uk.key_type="RECOVERY"
uk.enabled = True
uk.save()
return HttpResponse(simplejson.dumps({"keys":clearKeys}))
There is no way to change the number of generated tokens. I am thinking of adding a settings variable to control the number of generated recovery tokens, called MFA_NUMBER_OF_RECOVERY_CODES... something like this:
@never_cache
def genTokens(request):
#Delete old ones
delTokens(request)
#Then generate new one
salt = randomGen(15)
hashedKeys = []
clearKeys = []
n = MFA_NUMBER_OF_RECOVERY_CODES
if n < 5 or n > 10:
n = 5
for i in range(n):
token = randomGen(5) + "-" + randomGen(5)
hashedToken = make_password(token, salt, 'pbkdf2_sha256_custom')
hashedKeys.append(hashedToken)
clearKeys.append(token)
uk=User_Keys()
uk.username = request.user.username
uk.properties={"secret_keys":hashedKeys, "salt":salt}
uk.key_type="RECOVERY"
uk.enabled = True
uk.save()
return HttpResponse(simplejson.dumps({"keys":clearKeys}))
Good idea but the line that is doing the check on n shall moved to a check or removed completely as it is the developer decision
I agree, that having the if statement to check n is ugly, and most probably not conform with other parts of the package. Where would the check happen?
Maybe I could add a dedicated function for that in helpers.py?