o "4g4 @s ddlZddlZddlZddlZddlZddlZddlmZddlm Z ddl m Z ddl m Z ddlmZmZdZd!d ed efd d Zd"ded efddZd efddZdeded efddZded efddZded efddZdeded efddZGdd d ZdS)#N)cache)context) app_settings) Authenticator)decryptencryptzmfa.totp.secretlengthreturncCst|}t|dS)Nzutf-8)secrets token_bytesbase64 b32encodedecode)r random_bytesrg/var/www/html/authentication-server/venv/lib/python3.10/site-packages/allauth/mfa/totp/internal/auth.pygenerate_totp_secrets rF regeneratecCs0d}|s tjjt}|st}tjjt<|SN)rrequestsessiongetSECRET_SESSION_KEYr)rsecretrrrget_totp_secrets rcCstt}|tjSr)inttimer TOTP_PERIOD) current_timerrrhotp_counter_from_time!s  r rcountercCstd|}tj|ddd}t||tj }|dd@}t |||d}|dd @|d<t d |d}|d t j ;}|S) Nz>QasciiT)casefoldrz>I )structpackr b32decodeencodehmacnewhashlibsha1digest bytearrayunpackr TOTP_DIGITS)rr! counter_bytes secret_enc hmac_resultoffsettruncated_hashvaluerrr hotp_value&s  r;r:cCs|dtjS)N0)rr4)r:rrrformat_hotp_value8sr=codecCst|otj|kSr)boolrTOTP_INSECURE_BYPASS_CODE)r>rrr_is_insecure_bypass<srAcCs$t|rdSt|t}|t|kS)NT)rAr;r r=)rr>r:rrrvalidate_totp_code@s  rBc@s|eZdZdeddfddZededdfddZd edefd d Z d edefd d Z d edefddZ d eddfddZ dS)TOTPinstancer NcCs ||_dSr)rD)selfrDrrr__init__Hs z TOTP.__init__rcCs*t|tjjdt|id}|||S)Nr)usertypedata)rTyperCrsave)clsrGrrDrrractivateKs z TOTP.activater>cCsFt|rdS||r dSt|jjd}t||}|r!|||S)NTFr)rA _is_code_usedrrDrIrB_mark_code_used)rEr>rvalidrrr validate_codeSs   zTOTP.validate_codecCsd|jjd|S)Nzallauth.mfa.totp.used?user=z&code=)rDuser_idrEr>rrr_get_used_cache_key_zTOTP._get_used_cache_keycCst||dkS)Ny)rrrTrSrrrrNbrUzTOTP._is_code_usedcCstj||dtjddS)NrV)timeout)rsetrTrrrSrrrrOeszTOTP._mark_code_used) __name__ __module__ __qualname__rrF classmethodstrrMr?rQrTrNrOrrrrrCGs rC)r)F)r r/r-r r)rdjango.core.cacher allauth.corer allauth.mfarallauth.mfa.modelsrallauth.mfa.utilsrrrrr]rr?rr r;r=rArBrCrrrrs(