sanspie/akarpov
1
1
Fork 0
mirror of https://github.com/Alexander-D-Karpov/akarpov synced 2024-11-11 00:06:34 +03:00
Code Issues Packages Projects Releases Wiki Activity

fixed 2fa for non 2fa

Browse Source
This commit is contained in:
Alexander Karpov 2023-12-29 00:56:44 +03:00
parent bf9e2beda1
commit d8c4c0a927
3 changed files with 18 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
akarpov/templates/users/disable_2fa.html
View File

@ -14,7 +14,7 @@
<form method="POST"> <form method="POST">
{% csrf_token %} {% csrf_token %}
{% crispy form %} {% crispy form %}
<input type="submit" class="btn btn-primary btn-block" value="Disable 2FA"> <button type="submit" class="btn btn-primary btn-block" value="Disable 2FA">
</form> </form>
</div> </div>
</div> </div>

18
akarpov/users/middleware.py
View File

@ -1,6 +1,8 @@
from cacheops import cached_as
from django.shortcuts import redirect from django.shortcuts import redirect
from django.urls import resolve from django.urls import resolve
from django.utils.deprecation import MiddlewareMixin from django.utils.deprecation import MiddlewareMixin
from django_otp.plugins.otp_totp.models import TOTPDevice
from rest_framework.exceptions import AuthenticationFailed from rest_framework.exceptions import AuthenticationFailed
@ -24,8 +26,20 @@ def __call__(self, request):
otp_not_verified = not request.session.get("otp_verified", False) otp_not_verified = not request.session.get("otp_verified", False)
on_2fa_page = resolve(request.path_info).url_name == "enforce_otp_login" on_2fa_page = resolve(request.path_info).url_name == "enforce_otp_login"
# Enforce OTP token input, if user is authenticated but has not verified OTP, and is NOT on the 2FA page # Caches the checker for has_otp_device
if is_authenticated and otp_not_verified and not on_2fa_page: @cached_as(
TOTPDevice, timeout=15 * 60
) # consider appropriate time for your use case
def has_otp_device(user):
return TOTPDevice.objects.devices_for_user(user, confirmed=True).exists()
# Enforce OTP token input, if user is authenticated, has OTP enabled but has not verified OTP
if (
is_authenticated
and has_otp_device(request.user)
and otp_not_verified
and not on_2fa_page
):
request.session["next"] = request.get_full_path() request.session["next"] = request.get_full_path()
return redirect("users:enforce_otp_login") return redirect("users:enforce_otp_login")

1
config/settings/base.py
View File

@ -77,6 +77,7 @@
"files.*": {"ops": ("fetch", "get", "list"), "timeout": 60}, "files.*": {"ops": ("fetch", "get", "list"), "timeout": 60},
"auth.permission": {"ops": "all", "timeout": 60 * 15}, "auth.permission": {"ops": "all", "timeout": 60 * 15},
"music.*": {"ops": ("fetch", "get", "list"), "timeout": 60 * 15}, "music.*": {"ops": ("fetch", "get", "list"), "timeout": 60 * 15},
"otp_totp.totpdevice": {"ops": "all", "timeout": 15 * 60},
} }
CACHEOPS_REDIS = env.str("REDIS_URL") CACHEOPS_REDIS = env.str("REDIS_URL")