Add 2FA gen qrcode

2025-11-09 01:53:00 +01:00
parent 42c610f37f
commit 3455795cdb
3 changed files with 25 additions and 3 deletions
--- a/views/profil.py
+++ b/views/profil.py
@@ -10,6 +10,8 @@ from socket import gethostname
 from flask_bcrypt import Bcrypt
 from tools.utils import email_disp, append_to_log, gen_token, valid_passwd, valid_token_register, get_user_by_token, totp_is_valid
 from pyotp import random_base32
+import qrcode
+

 profil = Blueprint('profil', __name__, template_folder='templates')

@@ -195,6 +197,8 @@ def change_passwd() :

      if not(account['totp']):
          account['totp'] = random_base32()
+          img = qrcode.make('otpauth://totp/'+BASE_URL+'?secret='+account['totp'])
+          img.save(DOSSIER_PERSO + user + "/totp.png")
          shared_key_validate = False
          
      return render_template('mypassword.html',
@@ -203,7 +207,8 @@ def change_passwd() :
                             alias=account['alias'],
                             totp_shared_key=account['totp'],
                             shared_key_validate=shared_key_validate,
-                             username=user)
+                             username=user,
+                             base_url=BASE_URL)

   else :
      return redirect(BASE_URL, code=401)
@@ -301,6 +306,8 @@ def set_totp():
          print("shared_key: " +shared_key)
          cursor.execute("""UPDATE users SET totp=? WHERE name=?""", (shared_key, user,))
          conn.commit()
+          img = qrcode.make('otpauth://totp/'+BASE_URL+'?secret='+shared_key)
+          img.save(DOSSIER_PERSO + user + "/totp.png")
          flash(u'Votre mot de passe à usage unique est configuré et actif.', 'success')
      else:
          flash(u'Le code de validation totp n\'est pas valide.', 'error')
@@ -321,6 +328,16 @@ def del_totp():
      conn.close()
      return redirect(url_for('profil.change_passwd', _external=True))

+
+@profil.route('/totp.png', methods=['GET'])
+def totp_qrcode():
+    if 'username' in session :
+        user='%s' % escape(session['username'])
+        return send_file(
+            os.path.join(DOSSIER_PERSO, user, "totp.png"), "totp.png")
+    else :
+        return redirect(BASE_URL, code=401)
+
  
@profil.route('/deltoken-password-lost/<token>', methods=['GET','POST'] )
 def deltoken_passwd_lost(token) :