Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add a setting to control the number of generated recovery tokens (at the moment set to 5) #74

Open
oussjarrousse opened this issue Dec 21, 2023 · 2 comments

Comments

@oussjarrousse
Copy link

The function genTokens in recovery.py generates 5 tokens by default:

@never_cache
def genTokens(request):
    #Delete old ones
    delTokens(request)
    #Then generate new one
    salt = randomGen(15)
    hashedKeys = []
    clearKeys = []
    for i in range(5):
            token = randomGen(5) + "-" + randomGen(5)
            hashedToken = make_password(token, salt, 'pbkdf2_sha256_custom')
            hashedKeys.append(hashedToken)
            clearKeys.append(token)
    uk=User_Keys()

    uk.username = request.user.username
    uk.properties={"secret_keys":hashedKeys, "salt":salt}
    uk.key_type="RECOVERY"
    uk.enabled = True
    uk.save()
    return HttpResponse(simplejson.dumps({"keys":clearKeys}))

There is no way to change the number of generated tokens.
I am thinking of adding a settings variable to control the number of generated recovery tokens, called MFA_NUMBER_OF_RECOVERY_CODES... something like this:

@never_cache
def genTokens(request):
    #Delete old ones
    delTokens(request)
    #Then generate new one
    salt = randomGen(15)
    hashedKeys = []
    clearKeys = []
    n = MFA_NUMBER_OF_RECOVERY_CODES
    if n < 5 or n > 10:
        n = 5
    for i in range(n):
            token = randomGen(5) + "-" + randomGen(5)
            hashedToken = make_password(token, salt, 'pbkdf2_sha256_custom')
            hashedKeys.append(hashedToken)
            clearKeys.append(token)
    uk=User_Keys()

    uk.username = request.user.username
    uk.properties={"secret_keys":hashedKeys, "salt":salt}
    uk.key_type="RECOVERY"
    uk.enabled = True
    uk.save()
    return HttpResponse(simplejson.dumps({"keys":clearKeys}))
@mkalioby
Copy link
Owner

Good idea but the line that is doing the check on n shall moved to a check or removed completely as it is the developer decision

@oussjarrousse
Copy link
Author

I agree, that having the if statement to check n is ugly, and most probably not conform with other parts of the package. Where would the check happen?
Maybe I could add a dedicated function for that in helpers.py?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants