U VPd@snddlmZddlTddlmZddlmZmZmZmZmZddl m Z ddl Z ddl Z Gdd d ej Z dS) )fields)*) cmf_session)datedatetime timedeltatimezonetime)AESNc@seZdZiZeeje j ddgZ e ed<ej feZ edddZeedddZded d d Zd dZeedddZd S) CmfSessioncmfZ templatesloader)returncCs|jjdd}t|S)N:)idvaluesplitcmfutilZcrypt)selfmessager./cmf/models/cmf_session.py get_tokenszCmfSession.get_tokencCszt|}WntdYdSXtjjd|ddgd}|rtt j }||j t |j jdkr|dg|j|}|rtjd d }|jj|_|jj|_|jj|_d|_d |_td |jd |jd |j||fSdS)NuDНе удалось расшифровать токен сессии)NNz CmfSession:Fr)rZexpiredr)Zsecondszplugin.plugin.*T)emptyzfrom_session_token: jwt is ok, z, z , is_local=)rdecryptgdebugmodelsr getrnowr ZutcZ reauth_daterZaccess_token_expires_inr load_fieldsZpluginZ refresh_tokenZCmfAuthZ user_loginZloginZ user_emailemailZ user_scopeZscopeZjwt_is_supportZjwt_is_match_org)clsZ session_tokenZdecrypted_tokensessionr!objrrr from_tokens*        "zCmfSession.from_tokenN)two_factor_optcsfdd}fdd}ddldddgtjjjd d gd jsdtd d dS|sp}|rj rj j  dkrtddj j  dSd fddt dD_j |dkr||n|dkr|n|dS)NcsHjjs tdddddStj}|jjjjddS)NУ абонента u. не указан номер телефонаTabortu& ваш проверочный код.) two_factorZphone cmf_alertrZCmfPluginSMSGateZget_local_smsgate send_messageZnumbersms_code)Zsms_gatepersonrrrsend_sms.s  z*CmfSession.tfa_send_code..send_smscs`jjs tdddddSjd}|jjd}tj }|j jjj |dddS) Nr)u не указан emailTr*z tfa_mail.html)Ztfa_coder1uJКод безопасности для учетной записи EvaTeam)Zsubject) r,r#r- _jinja_envZ get_templateZrenderr/rZCmfPluginMailBoxZget_local_mailboxr.r)templateZ email_bodyZmail_boxr0rr send_email4s  z,CmfSession.tfa_send_code..send_emailr sms_send_timer/user_id two_factor.*rrruУ пользователя u не настроена 2FAuKСледующая отправка будет доступна через c3s|]}tddVqdS)r N)strZrandint).0_)randomrr Isz+CmfSession.tfa_send_code..anyZsms)r@r"r CmfPersonr r7r,r-get_two_factor_optr6r!Z total_secondsjoinranger/set_nowsave)rr(r2r5r)r1r@rr tfa_send_code-s."   zCmfSession.tfa_send_codecCsddlm}|jrdStjj|jd}|rdtj i}||}t t j d|}tj dd|j d<d |j d <d |j d <|SdS) Nr) urlencode)rZnext_urlz/auth/two-factor?ZOriginrzAccess-Control-Allow-Origintruez Access-Control-Allow-CredentialszContent-Type, x-ijtzAccess-Control-Allow-Headers)Z urllib.parserKcheckedrrDr r7rEZrequestZurlZredirectconfigZAUTH_SERVER_URLZheaders)rrKr1paramsZqsrrrrtfa_check_two_factorTs    zCmfSession.tfa_check_two_factor)codec Csddl}tjjd7_tjjtjj|kr:dtj_nXtj j tjj ddgd}|j j rt||j j }W5QRX||rdtj_tjtjjjS)NrrTr8rr9)pyotprr%Z sms_try_countZ sms_try_timerHr/rMrrDr r7r,Z topt_secretrZ disable_aclZTOTPrZverifyrIr)rRrSr1Ztotprrrtfa_check_codebs      zCmfSession.tfa_check_code)N)__name__ __module__ __qualname__Z_optionsZjinja2ZFileSystemLoaderospathrFrNZ PROJECT_DIRZ_loaderZ Environmentr3r=r classmethodr'rJrQ staticmethodrTrrrrr s 'r )r rZ cmf.includerrrrr r Z Crypto.Cipherr Zbinasciibase64r rrrrs