Login: add an action indicator to know the user signed a login request.
This commit is contained in:
parent
d1017aac76
commit
54268ac027
@ -416,6 +416,7 @@ class AuthenticationLoginSerializer(serializers.Serializer):
|
|||||||
class AuthenticationLoginInnerSerializer(AuthenticationLoginChallengeSerializer):
|
class AuthenticationLoginInnerSerializer(AuthenticationLoginChallengeSerializer):
|
||||||
challenge = BinaryBase64Field()
|
challenge = BinaryBase64Field()
|
||||||
host = serializers.CharField()
|
host = serializers.CharField()
|
||||||
|
action = serializers.CharField()
|
||||||
|
|
||||||
def create(self, validated_data):
|
def create(self, validated_data):
|
||||||
raise NotImplementedError()
|
raise NotImplementedError()
|
||||||
|
@ -607,6 +607,7 @@ class AuthenticationViewSet(viewsets.ViewSet):
|
|||||||
user = self.get_login_user(username)
|
user = self.get_login_user(username)
|
||||||
host = serializer.validated_data['host']
|
host = serializer.validated_data['host']
|
||||||
challenge = serializer.validated_data['challenge']
|
challenge = serializer.validated_data['challenge']
|
||||||
|
action = serializer.validated_data['action']
|
||||||
|
|
||||||
salt = bytes(user.userinfo.salt)
|
salt = bytes(user.userinfo.salt)
|
||||||
enc_key = self.get_encryption_key(salt)
|
enc_key = self.get_encryption_key(salt)
|
||||||
@ -614,7 +615,10 @@ class AuthenticationViewSet(viewsets.ViewSet):
|
|||||||
|
|
||||||
challenge_data = json.loads(box.decrypt(challenge).decode())
|
challenge_data = json.loads(box.decrypt(challenge).decode())
|
||||||
now = int(datetime.now().timestamp())
|
now = int(datetime.now().timestamp())
|
||||||
if now - challenge_data['timestamp'] > app_settings.CHALLENGE_VALID_SECONDS:
|
if action != "login":
|
||||||
|
content = {'code': 'wrong_action', 'detail': 'Expected "login" but got something else'}
|
||||||
|
return Response(content, status=status.HTTP_400_BAD_REQUEST)
|
||||||
|
elif now - challenge_data['timestamp'] > app_settings.CHALLENGE_VALID_SECONDS:
|
||||||
content = {'code': 'challenge_expired', 'detail': 'Login challange has expired'}
|
content = {'code': 'challenge_expired', 'detail': 'Login challange has expired'}
|
||||||
return Response(content, status=status.HTTP_400_BAD_REQUEST)
|
return Response(content, status=status.HTTP_400_BAD_REQUEST)
|
||||||
elif challenge_data['userId'] != user.id:
|
elif challenge_data['userId'] != user.id:
|
||||||
|
Loading…
Reference in New Issue
Block a user