implement two factor check during login

2026-03-12 17:07:23 +01:00 · 2020-09-02 17:23:32 +02:00
parent a7a66929aa
commit 3c3683429b
4 changed files with 130 additions and 26 deletions
--- a/management/daemon.py
+++ b/management/daemon.py
@@ -40,14 +40,23 @@ def authorized_personnel_only(viewfunc):
 		error = None
 		try:
 			email, privs = auth_service.authenticate(request, env)
+		except auth.MissingTokenError as e:
+			privs = []
+			error = str(e)
+		except auth.BadTokenError as e:
+			# Write a line in the log recording the failed login
+			log_failed_login(request)
+
+			privs = []
+			error = str(e)
 		except ValueError as e:
+			# Write a line in the log recording the failed login
+			log_failed_login(request)
+
 			# Authentication failed.
 			privs = []
 			error = "Incorrect username or password"

-			# Write a line in the log recording the failed login
-			log_failed_login(request)
-
 		# Authorized to access an API view?
 		if "admin" in privs:
 			# Call view func.
@@ -119,6 +128,23 @@ def me():
 	# Is the caller authorized?
 	try:
 		email, privs = auth_service.authenticate(request, env)
+	except auth.MissingTokenError as e:
+		# Log the failed login
+		log_failed_login(request)
+
+		return json_response({
+			"status": "missing_token",
+			"reason": str(e),
+		})
+	except auth.BadTokenError as e:
+		# Log the failed login
+		log_failed_login(request)
+
+		return json_response({
+			"status": "bad_token",
+			"reason": str(e),
+		})
+
 	except ValueError as e:
 		# Log the failed login
 		log_failed_login(request)
@@ -126,7 +152,7 @@ def me():
 		return json_response({
 			"status": "invalid",
 			"reason": "Incorrect username or password",
-			})
+		})

 	resp = {
 		"status": "ok",