fix: OTP_IN_RADIUS 与 mfa 冲突

2021-09-13 15:57:04 +08:00 · 2021-09-13 15:57:04 +08:00 · 09d51fd5be
parent fc8181b5ed
commit 09d51fd5be
2 changed files with 6 additions and 1 deletions
--- a/apps/authentication/mixins.py
+++ b/apps/authentication/mixins.py
@ -346,6 +346,10 @@ class AuthMixin(PasswordEncryptionViewMixin):
    def check_user_mfa_if_need(self, user):
        if self.request.session.get('auth_mfa'):
            return
+
+        if settings.OTP_IN_RADIUS:
+            return
+
        if not user.mfa_enabled:
            return
        unset, url = user.mfa_enabled_but_not_set()
--- a/apps/authentication/signals_handlers.py
+++ b/apps/authentication/signals_handlers.py
@ -14,7 +14,8 @@ from .signals import post_auth_success, post_auth_failed
@receiver(user_logged_in)
 def on_user_auth_login_success(sender, user, request, **kwargs):
    # 开启了 MFA，且没有校验过
-    if user.mfa_enabled and not request.session.get('auth_mfa'):
+
+    if user.mfa_enabled and not settings.OTP_IN_RADIUS and not request.session.get('auth_mfa'):
        request.session['auth_mfa_required'] = 1

    if settings.USER_LOGIN_SINGLE_MACHINE_ENABLED: