You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@allura.apache.org by br...@apache.org on 2016/09/06 14:50:41 UTC
[08/10] allura git commit: [#8117] make all 2FA pages look nicer;
increase pwd reconfirm timeout
[#8117] make all 2FA pages look nicer; increase pwd reconfirm timeout
Project: http://git-wip-us.apache.org/repos/asf/allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/allura/commit/d2b28380
Tree: http://git-wip-us.apache.org/repos/asf/allura/tree/d2b28380
Diff: http://git-wip-us.apache.org/repos/asf/allura/diff/d2b28380
Branch: refs/heads/master
Commit: d2b28380c795024ae3cb8aa9b5c15b66f7cbec59
Parents: 55eb734
Author: Dave Brondsema <da...@brondsema.net>
Authored: Wed Aug 31 17:14:16 2016 -0400
Committer: Dave Brondsema <da...@brondsema.net>
Committed: Tue Sep 6 10:38:52 2016 -0400
----------------------------------------------------------------------
Allura/allura/templates/login_multifactor.html | 7 ++-
Allura/allura/templates/reconfirm_auth.html | 7 ++-
Allura/allura/templates/user_account_base.html | 2 +
Allura/allura/templates/user_totp.html | 62 ++++++++++++++++-----
Allura/allura/tests/functional/test_auth.py | 4 +-
Allura/development.ini | 2 +-
6 files changed, 62 insertions(+), 22 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/allura/blob/d2b28380/Allura/allura/templates/login_multifactor.html
----------------------------------------------------------------------
diff --git a/Allura/allura/templates/login_multifactor.html b/Allura/allura/templates/login_multifactor.html
index 07eaa80..3edb53c 100644
--- a/Allura/allura/templates/login_multifactor.html
+++ b/Allura/allura/templates/login_multifactor.html
@@ -25,15 +25,18 @@
{% block content %}
<form method="post" action="/auth/do_multifactor">
- <h2>Please enter your Multifactor Authentication Code</h2>
+ <h2>Enter your Multifactor Authentication Code</h2>
+ <p>
+ Please enter the {{ config['auth.multifactor.totp.length'] }}-digit code from your authenticator app:<br>
{% if c.form_errors['code'] %}
- <div class="fielderror">{{ c.form_errors['code'] }}</div>
+ <span class="fielderror">{{ c.form_errors['code'] }}</span><br>
{% endif %}
<input type="text" name="code" autofocus autocomplete="off"/>
<input type="hidden" name="return_to" value="{{ return_to }}"/>
<br>
<input type="submit" value="Log In">
{{ lib.csrf_token() }}
+ </p>
</form>
{% endblock %}
http://git-wip-us.apache.org/repos/asf/allura/blob/d2b28380/Allura/allura/templates/reconfirm_auth.html
----------------------------------------------------------------------
diff --git a/Allura/allura/templates/reconfirm_auth.html b/Allura/allura/templates/reconfirm_auth.html
index f44be2d..26d6fd2 100644
--- a/Allura/allura/templates/reconfirm_auth.html
+++ b/Allura/allura/templates/reconfirm_auth.html
@@ -26,8 +26,10 @@
{% block content %}
<form method="post">
<h2>Password Confirmation</h2>
- <p>To access this account security page, you must reconfirm your password:</p>
- <div class="fielderror">{{ c.form_errors['password'] }}</div>
+ <p>To access this account security page, you must reconfirm your password:<br>
+ {% if c.form_errors['password'] %}
+ <span class="fielderror">{{ c.form_errors['password'] }}</span><br>
+ {% endif %}
<input type="password" name="password" autofocus>
<br>
<input type="submit" value="Submit">
@@ -40,5 +42,6 @@
{% endfor %}
{{ lib.csrf_token() }}
+ </p>
</form>
{% endblock %}
http://git-wip-us.apache.org/repos/asf/allura/blob/d2b28380/Allura/allura/templates/user_account_base.html
----------------------------------------------------------------------
diff --git a/Allura/allura/templates/user_account_base.html b/Allura/allura/templates/user_account_base.html
index eb68667..71442ee 100644
--- a/Allura/allura/templates/user_account_base.html
+++ b/Allura/allura/templates/user_account_base.html
@@ -20,6 +20,7 @@
{% extends g.theme.master %}
{% block content %}
+{% if menu %}
<ul id="account-nav-menu" class="b-hornav droppy">
{% for item in menu -%}
<li id="{{ item.tabid }}">
@@ -30,4 +31,5 @@
</li>
{%- endfor %}
</ul>
+{% endif %}
{% endblock %}
http://git-wip-us.apache.org/repos/asf/allura/blob/d2b28380/Allura/allura/templates/user_totp.html
----------------------------------------------------------------------
diff --git a/Allura/allura/templates/user_totp.html b/Allura/allura/templates/user_totp.html
index 4dce799..241ff42 100644
--- a/Allura/allura/templates/user_totp.html
+++ b/Allura/allura/templates/user_totp.html
@@ -30,26 +30,58 @@
{% if c.user.get_pref('multifactor') %}
<h3>Warning: this will invalidate your previous multifactor configuration.</h3>
{% endif %}
- <h2>Install App</h2>
- <p>To use two-factor authentication, you will need to install an app on your phone.
- You can use Duo Mobile, Authy, Google Authenticator, or Authenticator for Windows phones.</p>
+ <h2>Install App</h2>
+ <p>To use two-factor authentication, you will need to install an app on your phone.<br>
+ Install Google Authenticator for
+ <a href="https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2"><b>Android</b></a>
+ or <a href="https://itunes.apple.com/us/app/google-authenticator/id388497605"><b>iOS</b></a>.
+ <br>
+ Or use another app like Duo Mobile, Authy, or Authenticator for Windows phones.
+ </p>
{% endif %}
<h2>Scan this barcode with your app</h2>
- <img src="{{ h.base64uri(qr) }}"/>
+ <img class="qrcode" src="{{ h.base64uri(qr) }}"/>
{% if setup %}
- <h2>Enter the code</h2>
- <p>
- Enter the 6-digit code to confirm it is set up correctly:
- <form method="POST" action="totp_set">
- <div class="fielderror">{{ c.form_errors['code'] }}</div>
- <input type="text" name="code" autofocus autocomplete="off"/>
- {{ lib.csrf_token() }}
- <br>
- <input type="submit" value="Submit">
- </form>
- </p>
+ <h2>Enter the code</h2>
+ <form method="POST" action="totp_set">
+ <p>
+ Enter the {{ config['auth.multifactor.totp.length'] }}-digit code to confirm it is set up correctly:<br>
+ {% if c.form_errors['code'] %}
+ <span class="fielderror">{{ c.form_errors['code'] }}</span><br>
+ {% endif %}
+ <input type="text" name="code" autofocus autocomplete="off"/>
+ {{ lib.csrf_token() }}
+ <br>
+ <input type="submit" value="Submit">
+ <a class="cancel" href="/auth/preferences/">Cancel</a>
+ </p>
+ </form>
+ {% else %}
+ <p>
+ You may use this to set up additional devices with the same two-factor key.<br>
+ <br>
+ If you are replacing a device, please <a href="totp_new">regenerate a brand new key</a>.<br>
+ <br>
+ <a href="/auth/preferences/">Back</a>
+ </p>
{% endif %}
</div>
{% endblock %}
+
+{% block extra_css %}
+<style type="text/css">
+ .qrcode {
+ /* compensate for whitespace on QR code image */
+ position: relative;
+ top: -15px;
+ margin-bottom: -15px;
+ }
+ a.cancel {
+ /* align with floated button */
+ display: inline-block;
+ margin: 6px 10px;
+ }
+</style>
+{% endblock %}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/allura/blob/d2b28380/Allura/allura/tests/functional/test_auth.py
----------------------------------------------------------------------
diff --git a/Allura/allura/tests/functional/test_auth.py b/Allura/allura/tests/functional/test_auth.py
index 3483e6f..e203869 100644
--- a/Allura/allura/tests/functional/test_auth.py
+++ b/Allura/allura/tests/functional/test_auth.py
@@ -2037,12 +2037,12 @@ class TestTwoFactor(TestController):
assert_not_in('Password Confirmation', r)
# still not required
- datetime.utcnow.return_value = real_datetime(2016, 1, 1, 0, 0, 45)
+ datetime.utcnow.return_value = real_datetime(2016, 1, 1, 0, 1, 45)
r = self.app.get('/auth/preferences/totp_new')
assert_not_in('Password Confirmation', r)
# required later
- datetime.utcnow.return_value = real_datetime(2016, 1, 1, 0, 1, 3)
+ datetime.utcnow.return_value = real_datetime(2016, 1, 1, 0, 2, 3)
r = self.app.get('/auth/preferences/totp_new')
assert_in('Password Confirmation', r)
http://git-wip-us.apache.org/repos/asf/allura/blob/d2b28380/Allura/development.ini
----------------------------------------------------------------------
diff --git a/Allura/development.ini b/Allura/development.ini
index a72f9fd..31ad42f 100644
--- a/Allura/development.ini
+++ b/Allura/development.ini
@@ -191,7 +191,7 @@ auth.upload_ssh_url = /auth/preferences/
auth.recovery_hash_expiry_period = 600
; Some pages require users to reconfirm their password. This controls how long that lasts for
-auth.reconfirm.seconds = 60
+auth.reconfirm.seconds = 120
; TOTP stands for Time-based One Time Password
; it is the most common two-factor auth protocol, used with Google Authenticator and other phone apps