-
-
-{% blocktrans %}
-Once you have created your account, log in with an other authentication method.
-Then, in account management, follow the instructions to deploy the
-One Time password authentication method.
-{% endblocktrans %}
-
-
-
-
-
-
-
-
-
diff --git a/authentic2/auth2_auth/auth2_oath/templates/oath/totp_profile.html b/authentic2/auth2_auth/auth2_oath/templates/oath/totp_profile.html
deleted file mode 100644
index b6c33235c..000000000
--- a/authentic2/auth2_auth/auth2_oath/templates/oath/totp_profile.html
+++ /dev/null
@@ -1,32 +0,0 @@
-{% load i18n %}
-
-
-
-
- {% if key %}
-
{% trans "Secret" %}: {{ key }}
- {% if google_authenticator %}
-
{% trans "Google authenticator" %}:
{{ google_authenticator|safe }}
- {% endif %}
-
{% trans "Bookmarklet" %}
-
{% trans "Copy this link to your bookmarks. When clicking on it it will generate a new one-time password which will allow you to login" %}
-
- {% else %}
-
{% trans "This kind of authentication is actually not possible, because you do not have any secret setup." %}
- {% endif %}
-
-
-
diff --git a/authentic2/auth2_auth/auth2_oath/urls.py b/authentic2/auth2_auth/auth2_oath/urls.py
deleted file mode 100644
index 2a564b58f..000000000
--- a/authentic2/auth2_auth/auth2_oath/urls.py
+++ /dev/null
@@ -1,6 +0,0 @@
-from django.conf.urls import patterns
-import views
-
-urlpatterns = patterns('',
- (r'^new_totp_secret$', views.new_totp_secret),
- (r'^delete_totp_secret$', views.delete_totp_secret))
diff --git a/authentic2/auth2_auth/auth2_oath/views.py b/authentic2/auth2_auth/auth2_oath/views.py
deleted file mode 100644
index 082fd103c..000000000
--- a/authentic2/auth2_auth/auth2_oath/views.py
+++ /dev/null
@@ -1,58 +0,0 @@
-import urllib
-import random
-import base64
-
-from django.http import HttpResponseBadRequest, HttpResponseRedirect
-from django.template import RequestContext
-from django.template.loader import render_to_string
-
-import models
-import authentic2.vendor.totp_js.totp_bookmarklet as totp_bookmarklet
-
-_hexachars = '0123456789abcdef'
-
-def new_totp_secret(request, next_url='/'):
- if request.user is None or not hasattr(request.user, '_meta') \
- or request.method != 'POST':
- return HttpResponseBadRequest()
- key = ''.join([random.choice(_hexachars) for x in range(40)])
- secret, _ = models.OATHTOTPSecret.objects.get_or_create(user=request.user)
- secret.key = key
- secret.save()
- next_url = request.REQUEST.get('next', next_url)
- return HttpResponseRedirect(next_url)
-
-def delete_totp_secret(request, next_url='/'):
- if request.user is None or not hasattr(request.user, '_meta') \
- or request.method != 'POST':
- return HttpResponseBadRequest()
- try:
- models.OATHTOTPSecret.objects.filter(user=request.user).delete()
- except models.OATHTOTPSecret.DoesNotExist:
- pass
- next_url = request.REQUEST.get('next', next_url)
- return HttpResponseRedirect(next_url)
-
-def totp_profile(request, next_url='', template_name='oath/totp_profile.html'):
- if request.user is None or not hasattr(request.user, '_meta'):
- return ''
- if next_url:
- next_url = '?next=%s' % urllib.quote(next_url)
- google_authenticator, key, bookmarklet = '', '', ''
- try:
- secret = models.OATHTOTPSecret.objects.get(user=request.user)
- key = secret.key
- bookmarklet = totp_bookmarklet.otp_doc(secret.key)
- google_authenticator = 'otpauth://totp/%(user)s@localhost?secret=%(b32_secret)s' % \
- { 'user': request.user.username,
- 'domain': request.get_host(),
- 'b32_secret': base64.b32encode(key.decode('hex')) }
- except models.OATHTOTPSecret.DoesNotExist:
- pass
- return render_to_string(template_name,
- { 'key': key,
- 'bookmarklet': bookmarklet,
- 'google_authenticator': google_authenticator,
- 'next': next_url,
- 'base': '/oath'},
- RequestContext(request))
diff --git a/authentic2/idp/saml/saml2_endpoints.py b/authentic2/idp/saml/saml2_endpoints.py
index a750605f9..093b62ea1 100644
--- a/authentic2/idp/saml/saml2_endpoints.py
+++ b/authentic2/idp/saml/saml2_endpoints.py
@@ -260,9 +260,6 @@ def build_assertion(request, login, nid_format='transient', attributes=None):
elif backend == \
'authentic2.authsaml2.backends.AuthSAML2TransientBackend':
authn_context = lasso.SAML2_AUTHN_CONTEXT_UNSPECIFIED
- elif backend == \
- 'authentic2.auth2_auth.auth2_oath.backend.OATHTOTPBackend':
- authn_context = lasso.SAML2_AUTHN_CONTEXT_TIME_SYNC_TOKEN
else:
backend = load_backend(backend)
if hasattr(backend, 'get_saml2_authn_context'):
diff --git a/authentic2/settings.py b/authentic2/settings.py
index c580fa37b..13e10efdb 100644
--- a/authentic2/settings.py
+++ b/authentic2/settings.py
@@ -317,7 +317,6 @@ ADMIN_TOOLS_MENU = 'authentic2.menu.CustomMenu'
AUTH_SAML2 = 'AUTH_SAML2' in os.environ
AUTH_OPENID = 'AUTH_OPENID' in os.environ
AUTH_SSL = 'AUTH_SSL' in os.environ
-AUTH_OATH = 'AUTH_OATH' in os.environ
IDP_SAML2 = 'IDP_SAML2' in os.environ
IDP_OPENID = 'IDP_OPENID' in os.environ
IDP_CAS = 'IDP_CAS' in os.environ
@@ -354,11 +353,6 @@ if AUTH_SSL:
AUTH_FRONTENDS += ('authentic2.auth2_auth.auth2_ssl.frontend.SSLFrontend',)
INSTALLED_APPS += ('authentic2.auth2_auth.auth2_ssl',)
-if AUTH_OATH:
- INSTALLED_APPS += ('authentic2.auth2_auth.auth2_oath',)
- AUTHENTICATION_BACKENDS += ('authentic2.auth2_auth.auth2_oath.backend.OATHTOTPBackend',)
- AUTH_FRONTENDS += ('authentic2.auth2_auth.auth2_oath.frontend.OATHOTPFrontend',)
-
if IDP_SAML2:
IDP_BACKENDS += ('authentic2.idp.saml.backend.SamlBackend',)
diff --git a/authentic2/urls.py b/authentic2/urls.py
index aebcbd0cb..45ee94d03 100644
--- a/authentic2/urls.py
+++ b/authentic2/urls.py
@@ -41,10 +41,6 @@ if getattr(settings, 'IDP_OPENID', False):
urlpatterns += patterns('',
(r'^openid/', include('authentic2.idp.idp_openid.urls')))
-if 'authentic2.auth2_auth.auth2_oath' in settings.INSTALLED_APPS:
- urlpatterns += patterns('',
- (r'^oath/', include('authentic2.auth2_auth.auth2_oath.urls')))
-
try:
if settings.DISCO_SERVICE:
urlpatterns += patterns('',
diff --git a/authentic2/vendor/oath/TODO b/authentic2/vendor/oath/TODO
deleted file mode 100644
index 2e2b1c6b7..000000000
--- a/authentic2/vendor/oath/TODO
+++ /dev/null
@@ -1,3 +0,0 @@
-- implement accept_hotp
-- add truncation functions for hashing algorithm with a larger output like SHA2
- variant.
diff --git a/authentic2/vendor/oath/__init__.py b/authentic2/vendor/oath/__init__.py
deleted file mode 100644
index e69de29bb..000000000
diff --git a/authentic2/vendor/oath/hotp.py b/authentic2/vendor/oath/hotp.py
deleted file mode 100644
index d0bdde062..000000000
--- a/authentic2/vendor/oath/hotp.py
+++ /dev/null
@@ -1,133 +0,0 @@
-import hashlib
-import hmac
-import binascii
-import time
-import datetime
-import calendar
-
-'''
-Python implementation of HOTP and TOTP algorithms from the OATH project.
-
-Copyright 2010, Benjamin Dauvergne
-
-* All rights reserved.
-* Redistribution and use in source and binary forms, with or without
-* modification, are permitted provided that the following conditions are met:
-
- * Redistributions of source code must retain the above copyright
- notice, this list of conditions and the following disclaimer.
- * Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.'''
-
-def __truncated_value(h):
- bytes = map(ord, h)
- offset = bytes[19] & 0xf
- v = (bytes[offset] & 0x7f) << 24 | (bytes[offset+1] & 0xff) << 16 | \
- (bytes[offset+2] & 0xff) << 8 | (bytes[offset+3] & 0xff)
- return v
-
-def dec(h,p):
- v = str(__truncated_value(h))
- return v[len(v)-p:]
-
-def __hotp(key, counter, hash=hashlib.sha1):
- hex_counter = hex(long(counter))[2:-1]
- hex_counter = '0' * (16 - len(hex_counter)) + hex_counter
- bin_counter = binascii.unhexlify(hex_counter)
- bin_key = binascii.unhexlify(key)
-
- return hmac.new(bin_key, bin_counter, hash).digest()
-
-def hotp(key,counter,format='dec6',hash=hashlib.sha1):
- '''Compute a HOTP value as prescribed by RFC4226
-
- See http://tools.ietf.org/html/rfc4226
- '''
- bin_hotp = __hotp(key, counter, hash)
-
- if format == 'hex40':
- return binascii.hexlify(bin_hotp[0:5])
- elif format == 'dec6':
- return dec(bin_hotp, 6)
- elif format == 'dec7':
- return dec(bin_hotp, 7)
- elif format == 'dec8':
- return dec(bin_hotp, 8)
- else:
- raise ValueError('unknown format')
-
-def totp(key, format='dec8', period=30, t=None, hash=hashlib.sha1):
- '''Compute a TOTP value as prescribed by OATH specifications.
-
- See http://tools.ietf.org/html/draft-mraihi-totp-timebased-06
- '''
- if t is None:
- t = time.time()
- else:
- if isinstance(t, datetime.datetime):
- t = calendar.timegm(t.utctimetuple())
- else:
- t = int(t)
- T = int(t/period)
- return hotp(key, T, format=format, hash=hash)
-
-def accept_totp(key, response, period=30, format='dec8', hash=hashlib.sha1,
- forward_drift=1, backward_drift=1, drift=0, t=None):
- '''Validate a TOTP value inside a window of
- [drift-bacward_drift:drift+forward_drift] of time steps.
- Where drift is the drift obtained during the last call to accept_totp.
-
- Return a pair (v,d) where v is a boolean giving the result, and d the
- needed drift to validate the value. The drift value should be saved for
- user with later call to accept_totp in order to accept a slowly
- accumulating drift with a token clock.
- '''
- t = t or time.time()
- for i in range(-backward_drift,forward_drift+1):
- d = (drift+i) * period
- if totp(key, format=format, period=period, hash=hash, t=t+d) == response:
- return True, drift+i
- return False, 0
-
-if __name__ == '__main__':
- # Test vectors extracted from RFC 4226
- secret = '3132333435363738393031323334353637383930'
- tvector = [
- (0, 'cc93cf18508d94934c64b65d8ba7667fb7cde4b0'),
- (1, '75a48a19d4cbe100644e8ac1397eea747a2d33ab'),
- (2, '0bacb7fa082fef30782211938bc1c5e70416ff44'),
- (3, '66c28227d03a2d5529262ff016a1e6ef76557ece'),
- (4, 'a904c900a64b35909874b33e61c5938a8e15ed1c'),
- (5, 'a37e783d7b7233c083d4f62926c7a25f238d0316'),
- (6, 'bc9cd28561042c83f219324d3c607256c03272ae'),
- (7, 'a4fb960c0bc06e1eabb804e5b397cdc4b45596fa'),
- (8, '1b3c89f65e6c9e883012052823443f048b4332db'),
- (9, '1637409809a679dc698207310c8c7fc07290d9e5'), ]
- for counter, value in tvector:
- assert(binascii.hexlify(__hotp(secret, counter)) == value)
- tvector2 = [
- (0, '4c93cf18', '1284755224', '755224',),
- (1, '41397eea', '1094287082', '287082',),
- (2, '82fef30', '137359152', '359152',),
- (3, '66ef7655', '1726969429', '969429',),
- (4, '61c5938a', '1640338314', '338314',),
- (5, '33c083d4', '868254676', '254676',),
- (6, '7256c032', '1918287922', '287922',),
- (7, '4e5b397', '82162583', '162583',),
- (8, '2823443f', '673399871', '399871',),
- (9, '2679dc69', '645520489', '520489',),]
- for counter, hexa, deci, trunc in tvector2:
- h = __hotp(secret, counter)
- v = __truncated_value(h)
- assert(hex(v)[2:] == hexa)
- assert(str(v) == deci)
- assert(dec(h,6) == trunc)
- secret = binascii.hexlify('12345678901234567890')
- tvector3 = [
- (59, hashlib.sha1, '94287082'),
- (1111111109, hashlib.sha1, '07081804') ]
- for timestamp, hash, value in tvector3:
- assert (totp(secret,t=datetime.datetime.utcfromtimestamp(timestamp),hash=hash) == value)
- assert(accept_totp(secret, '94287082', t=65) == (True, -1))
- assert(accept_totp(secret, '94287082', t=65, drift=-1) == (True, -1))
diff --git a/authentic2/vendor/totp_js/README.rst b/authentic2/vendor/totp_js/README.rst
deleted file mode 100644
index 99721322e..000000000
--- a/authentic2/vendor/totp_js/README.rst
+++ /dev/null
@@ -1,8 +0,0 @@
-Simple data document generator containing a TOTP soft token
-===========================================================
-
-To use it from your python application just do:
-
- import totp_bookmarklet
-
- html_fragment = '