django-pfx 1.4.dev42__tar.gz → 1.4.dev46__tar.gz

{django_pfx-1.4.dev42 → django_pfx-1.4.dev46}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: django-pfx
-Version: 1.4.dev42
+Version: 1.4.dev46
 Summary: Django PFX is a toolkit designed to streamline the development of RESTful APIs using the Django framework.
 Author: Hervé Martinet
 Author-email: herve.martinet@gmail.com

{django_pfx-1.4.dev42 → django_pfx-1.4.dev46}/django_pfx.egg-info/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: django-pfx
-Version: 1.4.dev42
+Version: 1.4.dev46
 Summary: Django PFX is a toolkit designed to streamline the development of RESTful APIs using the Django framework.
 Author: Hervé Martinet
 Author-email: herve.martinet@gmail.com

{django_pfx-1.4.dev42 → django_pfx-1.4.dev46}/pfx/pfxcore/default_settings.py

@@ -2,6 +2,7 @@ PFX_TOKEN_SHORT_VALIDITY = {'hours': 12}
 PFX_TOKEN_LONG_VALIDITY = {'days': 30}
 PFX_TOKEN_OTP_VALIDITY = {'minutes': 15}
 PFX_HOTP_CODE_VALIDITY = 15
+PFX_OTP_IMAGE = None
 
 PFX_COOKIE_DOMAIN = None
 PFX_COOKIE_SECURE = True

{django_pfx-1.4.dev42 → django_pfx-1.4.dev46}/pfx/pfxcore/locale/fr/LC_MESSAGES/django.po

@@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: \n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2024-04-22 11:49+0200\n"
+"POT-Creation-Date: 2024-04-23 14:41+0200\n"
 "PO-Revision-Date: 2021-06-22 23:31+0200\n"
 "Last-Translator: \n"
 "Language-Team: \n"
@@ -95,7 +95,7 @@ msgstr "Compte HOTP"
 msgid "HOTP expiry"
 msgstr "Expiration HOTP"
 
-#: models/otp_user_mixin.py:29 views/authentication_views.py:489
+#: models/otp_user_mixin.py:29 views/authentication_views.py:496
 msgid "OTP enabled"
 msgstr "OTP activé"
 
@@ -205,7 +205,11 @@ msgstr ""
 "Votre connexion est temporairement désactivée après plusieurs tentatives "
 "infructueuses, veuillez réessayer dans {seconds} secondes."
 
-#: views/authentication_views.py:243 views/authentication_views.py:408
+#: views/authentication_views.py:173
+msgid "Successful login"
+msgstr "Connexion réussie"
+
+#: views/authentication_views.py:243 views/authentication_views.py:413
 msgid "password updated successfully"
 msgstr "le mot de passe a été mis à jour avec succès"
 
@@ -213,31 +217,31 @@ msgstr "le mot de passe a été mis à jour avec succès"
 msgid "Incorrect password"
 msgstr "Mot de passe incorrect"
 
-#: views/authentication_views.py:251 views/authentication_views.py:417
+#: views/authentication_views.py:251 views/authentication_views.py:422
 msgid "Empty password is not allowed"
 msgstr "Un mot de passe vide n’est pas autorisé"
 
-#: views/authentication_views.py:342
+#: views/authentication_views.py:347
 msgid "User and token are valid"
 msgstr "L'utilisateur et le token sont valides"
 
-#: views/authentication_views.py:344
+#: views/authentication_views.py:349
 msgid "User or token is invalid"
 msgstr "L'utilisateur ou le token est invalide"
 
-#: views/authentication_views.py:451
+#: views/authentication_views.py:456
 msgid "OTP is already enabled"
 msgstr "OTP est déjà activé"
 
-#: views/authentication_views.py:490 views/authentication_views.py:524
+#: views/authentication_views.py:497 views/authentication_views.py:533
 msgid "Invalid code"
 msgstr "Code invalide"
 
-#: views/authentication_views.py:523
+#: views/authentication_views.py:532
 msgid "OTP disabled"
 msgstr "OTP désactivé"
 
-#: views/authentication_views.py:783
+#: views/authentication_views.py:792
 msgid ""
 "If the email address you entered is correct, you will receive an email from "
 "us with instructions to reset your password."
@@ -246,7 +250,7 @@ msgstr ""
 "un courrier électronique de notre part contenant des instructions pour "
 "réinitialiser votre mot de passe."
 
-#: views/authentication_views.py:857
+#: views/authentication_views.py:866
 msgid "A new authentication code has been sent by email."
 msgstr "Un nouveau code d'authentification a été envoyé par e-mail."
 

{django_pfx-1.4.dev42 → django_pfx-1.4.dev46}/pfx/pfxcore/middleware/authentication.py

@@ -58,12 +58,10 @@ class JWTTokenDecodeMixin:
                 user.get_user_jwt_signature_key() + settings.PFX_SECRET_KEY,
                 options=dict(require=["exp"]),
                 algorithms="HS256")
-            if 'otp_login' in decoded:
-                if otp_login:
-                    return user, *decoded['otp_login']
+            if decoded.get('pfx_otp_login') and not otp_login:
                 raise jwt.InvalidTokenError(
                     "This token is reserved for OTP login")
-            return user
+            return user, *decoded.get('pfx_login_options', ['jwt', False])
         except (get_user_model().DoesNotExist, jwt.ExpiredSignatureError,
                 jwt.InvalidTokenError, jwt.InvalidSignatureError,
                 DecodeError) as e:
@@ -93,7 +91,8 @@ class AuthenticationMiddleware(JWTTokenDecodeMixin, MiddlewareMixin):
             except ValueError:
                 token = ""
             try:
-                request.user = self.decode_jwt(token)
+                request.user, request.login_mode, request.login_remember_me = (
+                    self.decode_jwt(token))
             except Exception:
                 request.user = AnonymousUser()
         else:
@@ -122,7 +121,8 @@ class CookieAuthenticationMiddleware(JWTTokenDecodeMixin, MiddlewareMixin):
         token = request.COOKIES.get('token', "")
         if token:
             try:
-                request.user = self.decode_jwt(token)
+                request.user, request.login_mode, request.login_remember_me = (
+                    self.decode_jwt(token))
             except Exception:
                 request.user = AnonymousUser()
                 request.delete_cookie = True

{django_pfx-1.4.dev42 → django_pfx-1.4.dev46}/pfx/pfxcore/models/otp_user_mixin.py

@@ -69,10 +69,13 @@ class OtpUserMixin(models.Model):
         """Return the setup URL for OTP activation.
         """
         import pyotp
+        args = dict(
+            name=self.get_username(), issuer_name=settings.PFX_SITE_NAME)
+        if settings.PFX_OTP_IMAGE:
+            args['image'] = settings.PFX_OTP_IMAGE
         return pyotp.totp.TOTP(
             tmp and self.otp_secret_token_tmp or
-            self.otp_secret_token).provisioning_uri(
-                name=self.email, issuer_name=settings.PFX_SITE_NAME)
+            self.otp_secret_token).provisioning_uri(**args)
 
     def is_otp_valid(self, otp_code, tmp=False):
         """Verify an OTP code.

{django_pfx-1.4.dev42 → django_pfx-1.4.dev46}/pfx/pfxcore/views/authentication_views.py

@@ -151,9 +151,9 @@ class AuthenticationView(
             return self._login_need_otp_response(user, mode, remember_me)
         return self._login_success(user, mode, remember_me)
 
-    def _login_success(self, user, mode, remember_me=False):
-        token = self._prepare_token(
-            user, token_validity('long' if remember_me else 'short'))
+    def _login_success(
+            self, user, mode, remember_me=False, message=None):
+        token = self._prepare_token(user, mode, remember_me)
         if mode == 'cookie':
             if remember_me:
                 expires = datetime.now(
@@ -170,6 +170,7 @@ class AuthenticationView(
                 httponly=True, samesite=settings.PFX_COOKIE_SAMESITE)
             return res
         return JsonResponse(dict(
+            message=message or _("Successful login"),
             need_otp=False,
             token=token,
             user=self.get_user_information(user)))
@@ -178,8 +179,7 @@ class AuthenticationView(
         """Return the response for login if OTP login is needed.
 
         Can be overridden to customize the response."""
-        token = self._prepare_token(user, token_validity('otp'), otp_login=[
-            mode, remember_me])
+        token = self._prepare_token(user, mode, remember_me, otp_login=True)
         return JsonResponse(dict(need_otp=True, token=token))
 
     @method_decorator(never_cache)
@@ -252,10 +252,15 @@ class AuthenticationView(
         return JsonResponse(
             ValidationError(errors), status=422)
 
-    def _prepare_token(self, user, validity, **extra_payload):
-        exp = datetime.now(tz=timezone.utc) + validity
+    def _prepare_token(
+            self, user, mode='jwt', remember_me=False, otp_login=False,
+            **extra_payload):
+        exp = datetime.now(tz=timezone.utc) + token_validity(
+            otp_login and 'otp' or (remember_me and 'long' or 'short'))
         payload = dict(
             exp=exp,
+            pfx_login_options=[mode, remember_me],
+            pfx_otp_login=otp_login,
             **self.get_extra_payload(user), **extra_payload)
         return jwt.encode(
             payload,
@@ -486,7 +491,9 @@ class AuthenticationView(
             raise NotFoundError()
         data = self.deserialize_body()
         if self.request.user.confirm_otp(data.get('otp_code')):
-            return JsonResponse(dict(message=_("OTP enabled")))
+            return self._login_success(
+                self.request.user, self.request.login_mode,
+                self.request.login_remember_me, message=_("OTP enabled"))
         return JsonResponse(dict(otp_code=[_("Invalid code")]), status=422)
 
     @method_decorator(never_cache)
@@ -520,7 +527,9 @@ class AuthenticationView(
         data = self.deserialize_body()
         if self.request.user.is_otp_valid(data.get('otp_code')):
             self.request.user.disable_otp()
-            return JsonResponse(dict(message=_("OTP disabled")))
+            return self._login_success(
+                self.request.user, self.request.login_mode,
+                self.request.login_remember_me, message=_("OTP disabled"))
         return JsonResponse(dict(otp_code=[_("Invalid code")]), status=422)
 
     @method_decorator(never_cache)

{django_pfx-1.4.dev42 → django_pfx-1.4.dev46}/tests/tests/test_auth_api.py

@@ -894,6 +894,7 @@ class AuthAPITest(TestAssertMixin, TransactionTestCase):
         self.assertRC(response, 200)
         self.client.token = self.get_val(response, 'token')
 
+    @override_settings(PFX_OTP_IMAGE="https://example.org/fake.png")
     def test_otp_enable(self):
         self.client.login(username='jrr.tolkien', password='RIGHT PASSWORD')
 
@@ -901,7 +902,14 @@ class AuthAPITest(TestAssertMixin, TransactionTestCase):
         response = self.client.get('/api/auth/otp/setup-uri')
         self.assertRC(response, 200)
         self.assertJIn(response, 'setup_uri', "otpauth://totp/")
+        self.assertJIn(response, 'setup_uri', "Books%20Demo:jrr.tolkien")
+        self.assertJIn(response, 'setup_uri', "issuer=Books%20Demo")
+        self.assertJIn(
+            response, 'setup_uri',
+            "image=https%3A%2F%2Fexample.org%2Ffake.png")
         self.user1.refresh_from_db()
+        self.assertJIn(
+            response, 'setup_uri', f"secret={self.user1.otp_secret_token_tmp}")
         self.assertIsNone(self.user1.otp_secret_token)
         self.assertEqual(len(self.user1.otp_secret_token_tmp), 32)
 

{django_pfx-1.4.dev42 → django_pfx-1.4.dev46}/tests/tests/test_settings.py

@@ -1,5 +1,3 @@
-from datetime import timedelta
-
 from django.core.exceptions import ImproperlyConfigured
 from django.test import TestCase, override_settings
 
@@ -20,4 +18,4 @@ class TestSettings(TestAssertMixin, TestCase):
             last_name='Test')
 
         with self.assertRaises(ImproperlyConfigured):
-            AuthenticationView()._prepare_token(user, timedelta())
+            AuthenticationView()._prepare_token(user)