B f@s>ddlTddlmZddlmZmZmZGdddejZdS))*) cmf_session)datetime timedeltatimezonecseZdZiZeeje j ddgZ e ed<ej feZ dZddddgZed d d Zeed d d ZdedddZddZededddZfddZZS) CmfSessionZcmfZ templatesloaderTgetsgettfa_check_code tfa_send_code)returncCs|jjdd}t|S)N:)idvaluesplitcmfutilZcrypt)selfmessager./cmf/models/cmf_session.py get_tokenszCmfSession.get_tokencCsyt|}WntddStjjd|dddgd}|rtt j }||j t |j jdkr|d g|j|}|rtjd d }|jj|_|jj|_|jj|_d|_d |_td |jd |jd|j||fSdS)NuDНе удалось расшифровать токен сессии)NNz CmfSession:Frplugin)rZexpiredfields)Zsecondszplugin.plugin.*T)emptyzfrom_session_token: jwt is ok, z, z , is_local=)rdecryptgdebugmodelsrr rnowrZutcZ reauth_daterZaccess_token_expires_inr load_fieldsrZ refresh_tokenCmfAuth user_loginZloginZ user_emailemailZ user_scopeZscopeZjwt_is_supportZjwt_is_match_org)clsZ session_tokenZdecrypted_tokensessionr!objrrr from_tokens*        "zCmfSession.from_tokenNany)two_factor_optcs.fdd}fdd}ddldddgtjjjd d d gd jsjtd ddS|sv}|r*j rj j  dkrtddj j  dSd fddt dD_j |dkr||n"|dkr|n|dkr*|dS)NcsXdksdkrTjjs0tdddddStj}|jjjjddS)Nr*phoneuУ абонента u. не указан номер телефонаT)abortu& ваш проверочный код.) two_factorr, cmf_alertr ZCmfPluginSMSGateZget_local_smsgate send_messageZnumbersms_code)Zsms_gate)methodpersonrrrsend_sms3s  z*CmfSession.tfa_send_code..send_smscspdksdkrljjs0tdddddSjd}|jjd}tj }|j jjj |d d dS) Nr*r%uУ абонента u не указан emailT)r-z tfa_mail.html)Ztfa_coder3uJКод безопасности для учетной записи EvaTeam)Zsubject) r.r%r/ _jinja_envZ get_templateZrenderr1r ZCmfPluginMailBoxZget_local_mailboxr0r)templateZ email_bodyZmail_box)r2r3rrr send_email;s  z,CmfSession.tfa_send_code..send_emailr sms_send_timer1user_idz two_factor.*ztwo_factor.two_factor_optr)rruУ пользователя u не настроена 2FAuKСледующая отправка будет доступна через c3s|]}tddVqdS)r N)strZrandint).0_)randomrr Usz+CmfSession.tfa_send_code..r*Zsmsr%)r@r"r CmfPersonr r9r.r/get_two_factor_optr8r!Z total_secondsjoinranger1set_nowsave)rr+r2r4r7r)r2r3r@rrr 2s2      zCmfSession.tfa_send_codecCsddlm}|jrdS|jtjjjkr.tj}ntj j |jdddgd}| r|j r`tj js`dSdtji}||}ttd|}tj d d |jd <d |jd <d|jd<|SdS)Nr) urlencodeis_adminZ is_supportztwo_factor.two_factor_opt)rrZnext_urlzauth/two-factor?ZOriginrzAccess-Control-Allow-Origintruez Access-Control-Allow-CredentialszContent-Type, x-ijtzAccess-Control-Allow-Headers)Z urllib.parserIcheckedr9rZ current_userrrr rCr rDrJZglobal_settingsZtwo_factor_adminZrequestZurlZredirectZauth_base_hrefZheaders)rrIr3paramsZqsrrrrtfa_check_two_factor`s"    zCmfSession.tfa_check_two_factorr,)codec Csddl}tjjtjjddgd}d}|dkrVx(dD] }t|j|r2| dd}Pq2W|sht d|tjj d 7_ tjj tjj}||krd tj_nD|jjrt||jj}WdQRX||}|rd tj_|rt|j|d d |jtj|S) Nrz two_factor.*r)rrF)Zapplication_verifiedZemail_verifiedZphone_verifiedr?uНеобходимо указать метод авторизации по которому происходит проверка method=rTZ _verified)pyotpr rCr rr'r9getattrr.rAssertionErrorZ sms_try_countZ sms_try_timerGr1rLZ topt_secretrZ disable_aclZTOTPrZverifysetattrrH)rPr2rQr3resultmZtotprrrr ts2        zCmfSession.tfa_check_codec s<tjjddt|jt|jddd|j|jd tj||S)NZlogin_successedr#okTr) ZoperateZcmf_model_nameZ cmf_authorparentZ result_statusZcurrent_transactionZsecurity_level parent_nameZ parent_code)r ZCmfAuditZ audit_eventr=r9r$superrH)rargskwargs) __class__rrrHs  zCmfSession.save)Nr*)r,)__name__ __module__ __qualname__Z_optionsZjinja2ZFileSystemLoaderospathrEZconfigZ PROJECT_DIRZ_loaderZ Environmentr5Z api_allowZ api_methodsr=r classmethodr)r rO staticmethodr rH __classcell__rr)r]rrs" .rN)Z cmf.includerrrrrrrrrrs