allura.lib.multifactor

class allura.lib.multifactor.GoogleAuthenticatorFile

Parse & write server-side .google_authenticator files for PAM. https://github.com/google/google-authenticator/blob/master/libpam/FILEFORMAT

class allura.lib.multifactor.GoogleAuthenticatorPamFilesystemTotpService

Store in home directories, compatible with the TOTP PAM module for Google Authenticator https://github.com/google/google-authenticator/tree/master/libpam

class allura.lib.multifactor.MongodbTotpService

Store in TOTP keys in mongodb.

class allura.lib.multifactor.RecoveryCodeService

An interface for handling multifactor recovery codes. Common functionality is provided in this base class, and specific subclasses implement different storage options. A provider must implement get_codes(), replace_codes(), and verify_and_remove_code().

To use a new provider, expose an entry point in setup.py:

[allura.multifactor.recovery_code]
myrecovery = foo.bar:MyRecoveryCodeService

Then in your .ini file, set auth.multifactor.recovery_code.service=myrecovery

classmethod get()
Return type:RecoveryCodeService
get_codes(user)
Parameters:user – a User
Returns:list[str]
regenerate_codes(user)

Regenerate and replace existing codes

Parameters:user – a User
Returns:codes, list[str]
replace_codes(user, codes)
Parameters:user – a User
verify_and_remove_code(user, code)

Verify and remove recovery codes. Also check for rate limiting.

Parameters:
  • user – a User
  • code – str
Raises:

InvalidRecoveryCode

Raises:

MultifactorRateLimitError

class allura.lib.multifactor.TotpService

An interface for handling multifactor auth TOTP secret keys. Common functionality is provided in this base class, and specific subclasses implement different storage options. A provider must implement get_secret_key() and set_secret_key() and enforce_rate_limit()

To use a new provider, expose an entry point in setup.py:

[allura.multifactor.totp_service]
mytotp = foo.bar:MyTotpService

Then in your .ini file, set auth.multifactor.totp.service=mytotp

enforce_rate_limit(user)
Parameters:user – a User
Raises:MultifactorRateLimitError
classmethod get()
Return type:TotpService
get_secret_key(user)
Parameters:user – a User
Returns:key
get_totp(user)
Parameters:user – a User
Returns:
set_secret_key(user, key)
Parameters:
  • user – a User
  • key (bytes|None) – may be None to clear out a key
allura.lib.multifactor.check_rate_limit(num_allowed, time_allowed, attempts)
Parameters:
  • num_allowed (int) –
  • time_allowed (int) –
  • attempts (list[int]) –
Returns:

tuple: ok (bool), attempts still in window (list[int])