diff --git a/bookwyrm/forms/edit_user.py b/bookwyrm/forms/edit_user.py index d86aed31d..ce7bb6d07 100644 --- a/bookwyrm/forms/edit_user.py +++ b/bookwyrm/forms/edit_user.py @@ -4,8 +4,6 @@ from django.contrib.auth.password_validation import validate_password from django.core.exceptions import ValidationError from django.utils.translation import gettext_lazy as _ -import pyotp - from bookwyrm import models from bookwyrm.models.fields import ClearableFileInputWithWarning from .custom_form import CustomForm @@ -118,32 +116,3 @@ class ConfirmPasswordForm(CustomForm): if not self.instance.check_password(password): self.add_error("password", _("Incorrect Password")) - - -class Confirm2FAForm(CustomForm): - otp = forms.CharField(max_length=6, min_length=6, widget=forms.TextInput) - - # IDK if we need this? - class Meta: - model = models.User - fields = ["otp_secret"] - - def clean(self): - """Check otp matches""" - otp = self.data.get("otp") - totp = pyotp.TOTP(self.instance.otp_secret) - - if not totp.verify(otp): - # maybe it's a backup code? - hotp = pyotp.HOTP(self.instance.otp_secret) - hotp_count = ( - self.instance.hotp_count if self.instance.hotp_count is not None else 0 - ) - - if not hotp.verify(otp, hotp_count): - self.add_error("otp", _("Code does not match")) - - # TODO: backup codes - # increment the user hotp_count if it was an HOTP - # self.instance.hotp_count = hotp_count + 1 - # self.instance.save(broadcast=False, update_fields=["hotp_count"]) diff --git a/bookwyrm/forms/landing.py b/bookwyrm/forms/landing.py index a31e8a7c4..ba7f69bb6 100644 --- a/bookwyrm/forms/landing.py +++ b/bookwyrm/forms/landing.py @@ -4,6 +4,8 @@ from django.contrib.auth.password_validation import validate_password from django.core.exceptions import ValidationError from django.utils.translation import gettext_lazy as _ +import pyotp + from bookwyrm import models from .custom_form import CustomForm @@ -74,3 +76,31 @@ class PasswordResetForm(CustomForm): validate_password(new_password) except ValidationError as err: self.add_error("password", err) + + +class Confirm2FAForm(CustomForm): + otp = forms.CharField(max_length=6, min_length=6, widget=forms.TextInput) + + class Meta: + model = models.User + fields = ["otp_secret", "hotp_count"] + + def clean_otp(self): + """Check otp matches""" + otp = self.data.get("otp") + totp = pyotp.TOTP(self.instance.otp_secret) + + if not totp.verify(otp): + # maybe it's a backup code? + hotp = pyotp.HOTP(self.instance.otp_secret) + hotp_count = ( + self.instance.hotp_count if self.instance.hotp_count is not None else 0 + ) + + if not hotp.verify(otp, hotp_count): + self.add_error("otp", _("Code does not match")) + + # TODO: backup codes + # increment the user hotp_count if it was an HOTP + # self.instance.hotp_count = hotp_count + 1 + # self.instance.save(broadcast=False, update_fields=["hotp_count"]) diff --git a/bookwyrm/templates/two_factor_auth/two_factor_login.html b/bookwyrm/templates/two_factor_auth/two_factor_login.html index b110b82d5..f4a2fdf04 100644 --- a/bookwyrm/templates/two_factor_auth/two_factor_login.html +++ b/bookwyrm/templates/two_factor_auth/two_factor_login.html @@ -30,23 +30,14 @@ {% endblock %} - {% if error %} -