Merge 2fa branch into dev

teraserver/python/.env.vscode

@@ -0,0 +1 @@
+PYTHONPATH=${workspaceFolder}

teraserver/python/.vscode/launch.json

@@ -0,0 +1,33 @@
+{
+      // Utilisez IntelliSense pour en savoir plus sur les attributs possibles.
+      // Pointez pour afficher la description des attributs existants.
+      // Pour plus d'informations, visitez : https://go.microsoft.com/fwlink/?linkid=830387
+      "version": "0.2.0",
+      "configurations": [
+            {
+                  "name": "Python: OpenTera Server TeraServer.py",
+                  "type": "debugpy",
+                  "request": "launch",
+                  "program": "${workspaceFolder}/TeraServer.py",
+                  "console": "integratedTerminal",
+                  "env": {
+                        "PYTHONPATH": "${workspaceFolder}"
+                  }
+            },
+            {
+                  "name": "Python Debugger: Attach",
+                  "type": "debugpy",
+                  "request": "attach",
+                  "connect": {
+                        "host": "localhost",
+                        "port": 5688
+                  },
+                  "pathMappings": [
+                        {
+                              "localRoot": "${workspaceFolder}", // Maps C:\Users\user1\project1
+                              "remoteRoot": "/root/opentera/teraserver/python" // To current working directory ~/project1
+                        }
+                  ]
+            }
+      ]
+}

teraserver/python/.vscode/settings.json

@@ -0,0 +1,13 @@
+
+{
+    "python.testing.unittestArgs": [
+        "-v",
+        "-s",
+        "${workspaceFolder}",
+        "-p",
+        "test_*.py"
+    ],
+    "python.testing.pytestEnabled": false,
+    "python.testing.unittestEnabled": true,
+    "python.envFile": "${workspaceFolder}/.env.vscode"
+}

teraserver/python/alembic/versions/60f5b2ed8b5a_assets_table_rework.py

@@ -18,7 +18,7 @@
 
 def upgrade():
     # Change t_assets column asset_type to string - integers values should be converted directly in Postgresql
-    op.alter_column(table_name='t_assets', column_name='asset_type', type_=sa.String)
+    op.alter_column(table_name='t_assets', column_name='asset_type', type=sa.String)
 
     # Change all current values to "application/octet-stream" since that is what we have right now
     op.execute("UPDATE t_assets SET asset_type=\'application/octet-stream\'")

teraserver/python/alembic/versions/65a42f6ee567_soft_delete_upgrade.py

@@ -18,7 +18,7 @@
 
 def upgrade():
     # Remove site_name unique constraint on t_sites
-    op.drop_constraint(constraint_name='t_sites_site_name_key', table_name='t_sites', type_='unique')
+    op.drop_constraint(constraint_name='t_sites_site_name_key', table_name='t_sites', type='unique')
 
     # TeraSessionParticipants.id_session add ondelete='cascade'
     op.drop_constraint(constraint_name='t_sessions_participants_id_session_fkey', table_name='t_sessions_participants',

teraserver/python/alembic/versions/89343f5c95b9_allow_2fa_login.py

@@ -0,0 +1,50 @@
+"""allow 2fa login
+
+Revision ID: 89343f5c95b9
+Revises: 09764faa2d57
+Create Date: 2024-09-05 14:49:04.781595
+
+"""
+from alembic import op
+import sqlalchemy as sa
+
+
+# revision identifiers, used by Alembic.
+revision = '89343f5c95b9'
+down_revision = '09764faa2d57'
+branch_labels = None
+depends_on = None
+
+
+def upgrade():
+    # Add 2fa_enabled column to t_users table
+    op.add_column(table_name='t_users', column=sa.Column('user_2fa_enabled',
+                                                         sa.Boolean, nullable=False, server_default=str(False)))
+
+    # Add 2fa_otp_enabled column to t_users table
+    op.add_column(table_name='t_users', column=sa.Column('user_2fa_otp_enabled',
+                                                         sa.Boolean, nullable=False, server_default=str(False)))
+
+    # Add 2fa_email_enabled_column to t_users table
+    # Will user user_email as 2fa email
+    op.add_column(table_name='t_users', column=sa.Column('user_2fa_email_enabled',
+                                                         sa.Boolean, nullable=False, server_default=str(False)))
+
+    # Add 2fa_otp_secret column to t_users table
+    # Secrets will be generated with pytop.random_base32()
+    op.add_column(table_name='t_users', column=sa.Column('user_2fa_otp_secret',
+                                                         sa.String(32), nullable=True))
+
+    # Add a force_password_change column to t_users table
+    op.add_column(table_name='t_users', column=sa.Column('user_force_password_change',
+                                                         sa.Boolean, nullable=False, server_default=str(False)))
+
+
+def downgrade():
+    # Remove columns
+    op.drop_column('t_users', 'user_2fa_enabled')
+    op.drop_column('t_users', 'user_2fa_otp_enabled')
+    op.drop_column('t_users', 'user_2fa_email_enabled')
+    op.drop_column('t_users', 'user_2fa_otp_secret')
+    op.drop_column('t_users', 'user_force_password_change')
+

teraserver/python/alembic/versions/README.md

@@ -6,6 +6,16 @@
 alembic revision -m "create account table"
 ```
 
+## Changes for next version (Sept 5 2024)
+
+### TeraServer
+**Modified t_users table**
+* Add column user_2fa_enabled (Boolean, default=False)
+* Add column user_2fa_otp_enabled (Boolean, default=False)
+* Add column user_2fa_email_enabled (Boolean, default=False)
+* Add column user_2fa_otp_secret (String(32), nullable=True)
+* Add column user_force_password_change (Boolean, default=False)
+
 ## Changes for next version (Feb 6 2023)
 
 ### TeraServer

teraserver/python/alembic/versions/c58727df3ac2_add_site_2fa_required_column_to_tera_.py

@@ -0,0 +1,26 @@
+"""add_site_2fa_required_column_to_tera_site
+
+Revision ID: c58727df3ac2
+Revises: 89343f5c95b9
+Create Date: 2024-09-30 13:58:38.839824
+
+"""
+from alembic import op
+import sqlalchemy as sa
+
+
+# revision identifiers, used by Alembic.
+revision = 'c58727df3ac2'
+down_revision = '89343f5c95b9'
+branch_labels = None
+depends_on = None
+
+
+def upgrade():
+    # Add site_2fa_required column to t_sites table
+    op.add_column(table_name='t_sites', column=sa.Column('site_2fa_required',
+                                                         sa.Boolean, nullable=False, server_default=str(False)))
+
+def downgrade():
+    # Remove columns
+    op.drop_column('t_sites', 'site_2fa_required')

teraserver/python/env/requirements.txt

@@ -1,41 +1,43 @@
 pypiwin32==223; sys_platform == 'win32'
-Twisted==24.3.0
-treq==23.11.0
-cryptography==42.0.5
-autobahn==23.6.2
-SQLAlchemy==2.0.28
+Twisted==24.7.0
+treq==24.9.1
+cryptography==43.0.1
+autobahn==24.4.2
+SQLAlchemy==2.0.35
 sqlalchemy-schemadisplay==2.0
-pydot==2.0.0
+pydot==3.0.1
 psycopg2-binary==2.9.9
-Flask==3.0.2
+Flask==3.0.3
 Flask-SQLAlchemy==3.1.1
 Flask-Login==0.6.3
 Flask-Login-Multi==0.1.2
 Flask-HTTPAuth==4.8.0
-Flask-SocketIO==5.3.6
-Flask-Session==0.6.0
+Flask-SocketIO==5.3.7
+Flask-Session==0.8.0
 flask-restx==1.3.0
-Flask-Security==3.0.0
+Flask-Security==5.5.2
 Flask-Babel==4.0.0
 Flask-BabelEx==0.9.4
-Flask-Migrate==4.0.5
+Flask-Migrate==4.0.7
 flask-swagger-ui==4.11.1
-Flask-Limiter==3.5.1
-Flask-Mail==0.9.1
+Flask-Limiter==3.8.0
+Flask-Mail==0.10.0
 Flask-Principal==0.4.0
-redis==5.0.2
+redis==5.0.8
 txredisapi==1.4.10
 passlib==1.7.4
-bcrypt==4.1.2
+bcrypt==4.2.0
 WTForms==3.1.2
-pyOpenSSL==24.0.0
+pyOpenSSL==24.2.1
 service-identity==24.1.0
-PyJWT==2.8.0
+PyJWT==2.9.0
 pylzma==0.5.0
 bz2file==0.98
 python-slugify==8.0.4
-websocket-client==1.7.0
-pytest==8.0.2
-Jinja2==3.1.3
+websocket-client==1.8.0
+pytest==8.3.3
+Jinja2==3.1.4
 ua-parser==0.18.0
-
+pyotp==2.9.0
+pyqrcode==1.2.1
+pypng==0.20220715.0