Commit Graph

15 Commits

Author SHA1 Message Date
Nicholas Staples
7001d8261d Fix for security hole with setting session['user_id'] before second factor of authentication has been authorised. 2016-01-07 12:43:10 +00:00
Nicholas Staples
0ebacd6929 Refactor for code_not_received, sign_in, two_factor and verify. 2016-01-05 17:08:50 +00:00
Rebecca Law
785c413cde Move and rename macro.html
Remove print statements
Fix code style
2016-01-04 15:50:26 +00:00
Rebecca Law
b2f544a165 110880218: Completed implementation of resend the verificaton code 2015-12-31 13:16:59 +00:00
Rebecca Law
64812c1614 109898688: All codes are valid until one code is used, then they are all marked used.
Fixed the is_active() method on the Users model, if the user was pending they would come back as active, allowing a user to sign in before being active.
There is still a problem with the validate_sms_code and validate_email_code method.
2015-12-17 14:33:20 +00:00
Rebecca Law
caabda92e0 Test for VerifyForm and TwoFactorForm 2015-12-14 14:09:29 +00:00
Rebecca Law
295dbeb7d1 Create unit tests that test the forms. 2015-12-14 13:25:27 +00:00
Rebecca Law
c0550d2c61 Refactor unit tests 2015-12-14 13:25:27 +00:00
Rebecca Law
588730d594 109526036: Persist the verify code to the db.
The codes are hashed and saved to the db.
The code is marked as used once a valid code is submitted.
The code is valid for 1 hour.
The codes are no longer saved to the session.
2015-12-10 14:48:01 +00:00
Rebecca Law
9ba229820a 109638656: Implementation of two factor verification
Validation of the code is done in the form, when the form.validate_on_submit is called the validate code methods are called as well.
2015-12-09 11:36:57 +00:00
Rebecca Law
1af2dd5e98 109638656: Use Regex validator for sms code to ensure it is 5 digits. 2015-12-09 10:17:50 +00:00
Rebecca Law
7570a80a00 109638656: Added test and moved common function to __init__ 2015-12-09 10:17:09 +00:00
Rebecca Law
2e59870490 109638656: Implement two factor verify flow
When user enters valid sms code they are redirected to the dashboard.
Otherwise, form errors are present.
2015-12-09 10:17:09 +00:00
Rebecca Law
c946f85f9d 109638656: Send sms code from sign-in post. 2015-12-09 10:16:30 +00:00
Rebecca Law
eae2756a5e 109638656: Initial implementation for two-factor 2015-12-09 10:15:41 +00:00