From b026e86741ecfd07a177e19c9dcebb32c875cced Mon Sep 17 00:00:00 2001
From: BaiJiangJie <bugatti_it@163.com>
Date: Wed, 6 Jun 2018 15:35:26 +0800
Subject: [PATCH] =?UTF-8?q?[Update]=20=E4=BF=AE=E6=94=B9=E5=88=A4=E6=96=AD?=
=?UTF-8?q?MFA=E6=98=AF=E5=90=A6=E5=85=A8=E5=B1=80=E5=90=AF=E7=94=A8?=
=?UTF-8?q?=E7=9A=84=E9=80=BB=E8=BE=91=EF=BC=8C=E6=94=BE=E5=88=B0User.otp?=
=?UTF-8?q?=5Fforce=5Fenabled=E4=B8=AD?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
apps/users/models/user.py | 6 +++-
apps/users/templates/users/user_profile.html | 2 +-
apps/users/views/login.py | 29 ++++++++------------
apps/users/views/user.py | 1 -
4 files changed, 17 insertions(+), 21 deletions(-)
diff --git a/apps/users/models/user.py b/apps/users/models/user.py
index 025fe7c8..fa01ba82 100644
--- a/apps/users/models/user.py
+++ b/apps/users/models/user.py
@@ -14,6 +14,7 @@ from django.utils import timezone
from django.shortcuts import reverse
from common.utils import get_signer, date_expired_default
+from common.models import Setting
__all__ = ['User']
@@ -248,10 +249,13 @@ class User(AbstractUser):
@property
def otp_enabled(self):
- return self.otp_level > 0
+ return self.otp_force_enabled or self.otp_level > 0
@property
def otp_force_enabled(self):
+ mfa_setting = Setting.objects.filter(name='SECURITY_MFA_AUTH').first()
+ if mfa_setting and mfa_setting.cleaned_value:
+ return True
return self.otp_level == 2
def enable_otp(self):
diff --git a/apps/users/templates/users/user_profile.html b/apps/users/templates/users/user_profile.html
index 0d586902..50dabeab 100644
--- a/apps/users/templates/users/user_profile.html
+++ b/apps/users/templates/users/user_profile.html
@@ -155,7 +155,7 @@
<a type="button" class="btn btn-primary btn-xs" style="width: 54px" id=""
href="
{% if request.user.otp_enabled and request.user.otp_secret_key %}
- {% if request.user.otp_force_enabled or mfa_setting %}
+ {% if request.user.otp_force_enabled %}
" disabled >{% trans 'Disable' %}
{% else %}
{% url 'users:user-otp-disable-authentication' %}
diff --git a/apps/users/views/login.py b/apps/users/views/login.py
index 411a2f95..c058b440 100644
--- a/apps/users/views/login.py
+++ b/apps/users/views/login.py
@@ -82,24 +82,17 @@ class UserLoginView(FormView):
def get_success_url(self):
user = get_user_or_tmp_user(self.request)
- mfa_setting = Setting.objects.filter(name='SECURITY_MFA_AUTH').first()
- if mfa_setting and mfa_setting.cleaned_value:
- if user.otp_enabled and user.otp_secret_key:
- return reverse('users:login-otp')
- else:
- return reverse('users:user-otp-enable-authentication')
- else:
- if user.otp_enabled and user.otp_secret_key:
- # 1,2 & T
- return reverse('users:login-otp')
- elif user.otp_enabled and not user.otp_secret_key:
- # 1,2 & F
- return reverse('users:user-otp-enable-authentication')
- elif not user.otp_enabled:
- # 0 & T,F
- auth_login(self.request, user)
- self.write_login_log()
- return redirect_user_first_login_or_index(self.request, self.redirect_field_name)
+ if user.otp_enabled and user.otp_secret_key:
+ # 1,2 & T
+ return reverse('users:login-otp')
+ elif user.otp_enabled and not user.otp_secret_key:
+ # 1,2 & F
+ return reverse('users:user-otp-enable-authentication')
+ elif not user.otp_enabled:
+ # 0 & T,F
+ auth_login(self.request, user)
+ self.write_login_log()
+ return redirect_user_first_login_or_index(self.request, self.redirect_field_name)
def get_context_data(self, **kwargs):
context = {
diff --git a/apps/users/views/user.py b/apps/users/views/user.py
index 414a96a6..598726fc 100644
--- a/apps/users/views/user.py
+++ b/apps/users/views/user.py
@@ -337,7 +337,6 @@ class UserProfileView(LoginRequiredMixin, TemplateView):
def get_context_data(self, **kwargs):
mfa_setting = Setting.objects.filter(name='SECURITY_MFA_AUTH').first()
-
context = {
'action': _('Profile'),
'mfa_setting': mfa_setting.cleaned_value if mfa_setting else False,
--
2.18.0