perf: 修改用户确认

2023-10-13 14:40:40 +08:00 · 2023-10-13 14:40:40 +08:00 · 1ca912373f
parent 116d0ba5c6
commit 1ca912373f
5 changed files with 31 additions and 8 deletions
--- a/apps/authentication/api/confirm.py
+++ b/apps/authentication/api/confirm.py
@ -4,10 +4,12 @@ import time

 from django.utils.translation import gettext_lazy as _
 from rest_framework import status
-from rest_framework.generics import RetrieveAPIView, CreateAPIView
+from rest_framework.decorators import action
+from rest_framework.generics import RetrieveAPIView
 from rest_framework.response import Response

 from authentication.permissions import UserConfirmation
+from common.api import JMSGenericViewSet
 from common.permissions import IsValidUser
 from ..const import ConfirmType
 from ..serializers import ConfirmSerializer
@ -20,10 +22,17 @@ class ConfirmBindORUNBindOAuth(RetrieveAPIView):
        return Response('ok')


-class ConfirmApi(RetrieveAPIView, CreateAPIView):
+class UserConfirmationViewSet(JMSGenericViewSet):
    permission_classes = (IsValidUser,)
    serializer_class = ConfirmSerializer

+    @action(methods=['get'], detail=False)
+    def check(self, request):
+        confirm_type = request.query_params.get('confirm_type', 'password')
+        permission = UserConfirmation.require(confirm_type)()
+        permission.has_permission(request, self)
+        return Response('ok')
+
    def get_confirm_backend(self, confirm_type):
        backend_classes = ConfirmType.get_prop_backends(confirm_type)
        if not backend_classes:
@ -34,12 +43,12 @@ class ConfirmApi(RetrieveAPIView, CreateAPIView):
                continue
            return backend

-    def retrieve(self, request, *args, **kwargs):
+    def list(self, request, *args, **kwargs):
        confirm_type = request.query_params.get('confirm_type', 'password')
        backend = self.get_confirm_backend(confirm_type)
        if backend is None:
            msg = _('This action require verify your MFA')
-            return Response(data={'error': msg}, status=status.HTTP_404_NOT_FOUND)
+            return Response(data={'error': msg}, status=status.HTTP_400_BAD_REQUEST)

        data = {
            'confirm_type': backend.name,
--- a/apps/authentication/backends/passkey/api.py
+++ b/apps/authentication/backends/passkey/api.py
@ -4,19 +4,30 @@ from django.shortcuts import render
 from django.utils.translation import gettext as _
 from rest_framework.decorators import action
 from rest_framework.permissions import IsAuthenticated, AllowAny
-from rest_framework.viewsets import ModelViewSet

 from authentication.mixins import AuthMixin
+from common.api import JMSModelViewSet
 from .fido import register_begin, register_complete, auth_begin, auth_complete
 from .models import Passkey
 from .serializer import PasskeySerializer
+from ...const import ConfirmType
+from ...permissions import UserConfirmation
 from ...views import FlashMessageMixin


-class PasskeyViewSet(AuthMixin, FlashMessageMixin, ModelViewSet):
+class PasskeyViewSet(AuthMixin, FlashMessageMixin, JMSModelViewSet):
    serializer_class = PasskeySerializer
    permission_classes = (IsAuthenticated,)

+    def get_permissions(self):
+        if self.is_swagger_request():
+            return super().get_permissions()
+        if self.action == 'register':
+            self.permission_classes = [
+                IsAuthenticated, UserConfirmation.require(ConfirmType.PASSWORD)
+            ]
+        return super().get_permissions()
+
    def get_queryset(self):
        return Passkey.objects.filter(user=self.request.user)

--- a/apps/authentication/serializers/confirm.py
+++ b/apps/authentication/serializers/confirm.py
@ -7,4 +7,4 @@ from ..const import ConfirmType, MFAType
 class ConfirmSerializer(serializers.Serializer):
    confirm_type = serializers.ChoiceField(required=True, allow_blank=True, choices=ConfirmType.choices)
    mfa_type = serializers.ChoiceField(required=False, allow_blank=True, choices=MFAType.choices)
-    secret_key = EncryptedField(allow_blank=True)
+    secret_key = EncryptedField(allow_blank=True, required=False)
--- a/apps/authentication/urls/api_urls.py
+++ b/apps/authentication/urls/api_urls.py
@ -13,6 +13,7 @@ router.register('sso', api.SSOViewSet, 'sso')
 router.register('temp-tokens', api.TempTokenViewSet, 'temp-token')
 router.register('connection-token', api.ConnectionTokenViewSet, 'connection-token')
 router.register('super-connection-token', api.SuperConnectionTokenViewSet, 'super-connection-token')
+router.register('confirm', api.UserConfirmationViewSet, 'confirm')

 urlpatterns = [
    path('wecom/qr/unbind/', api.WeComQRUnBindForUserApi.as_view(), name='wecom-qr-unbind'),
@ -29,7 +30,6 @@ urlpatterns = [
         name='feishu-event-subscription-callback'),

    path('auth/', api.TokenCreateApi.as_view(), name='user-auth'),
-    path('confirm/', api.ConfirmApi.as_view(), name='user-confirm'),
    path('confirm-oauth/', api.ConfirmBindORUNBindOAuth.as_view(), name='confirm-oauth'),
    path('tokens/', api.TokenCreateApi.as_view(), name='auth-token'),
    path('mfa/verify/', api.MFAChallengeVerifyApi.as_view(), name='mfa-verify'),
--- a/apps/common/exceptions.py
+++ b/apps/common/exceptions.py
@ -42,8 +42,11 @@ class ReferencedByOthers(JMSException):


 class UserConfirmRequired(JMSException):
+    status_code = status.HTTP_412_PRECONDITION_FAILED
+
    def __init__(self, code=None):
        detail = {
+            'type': 'user_confirm_required',
            'code': code,
            'detail': _('This action require confirm current user')
        }