fix: 修复serializer问题

2021-09-16 19:06:16 +08:00 · 2021-09-16 19:06:16 +08:00 · 2c46072db2
parent b375cd3e75
commit 2c46072db2
5 changed files with 12 additions and 8 deletions
--- a/apps/authentication/forms.py
+++ b/apps/authentication/forms.py
@ -67,9 +67,9 @@ class ChallengeMixin(forms.Form):

 def get_user_login_form_cls(*, captcha=False):
    bases = []
-    if settings.SECURITY_LOGIN_CAPTCHA_ENABLED and captcha:
-        bases.append(CaptchaMixin)
    if settings.SECURITY_LOGIN_CHALLENGE_ENABLED:
        bases.append(ChallengeMixin)
+    elif settings.SECURITY_LOGIN_CAPTCHA_ENABLED and captcha:
+        bases.append(CaptchaMixin)
    bases.append(UserLoginForm)
    return type('UserLoginForm', tuple(bases), {})
--- a/apps/authentication/mixins.py
+++ b/apps/authentication/mixins.py
@ -191,7 +191,10 @@ class AuthMixin(PasswordEncryptionViewMixin):
        raise self.partial_credential_error(error=error)

    def _set_partial_credential_error(self, username, ip, request):
-        self.partial_credential_error = partial(errors.CredentialError, username=username, ip=ip, request=request)
+        self.partial_credential_error = partial(
+            errors.CredentialError, username=username,
+            ip=ip, request=request
+        )

    def get_auth_data(self, decrypt_passwd=False):
        request = self.request
--- a/apps/authentication/views/login.py
+++ b/apps/authentication/views/login.py
@ -9,6 +9,7 @@ from django.contrib.auth import login as auth_login, logout as auth_logout
 from django.http import HttpResponse
 from django.shortcuts import reverse, redirect
 from django.utils.decorators import method_decorator
+from django.db import transaction
 from django.utils.translation import ugettext as _
 from django.views.decorators.cache import never_cache
 from django.views.decorators.csrf import csrf_protect
@ -18,14 +19,13 @@ from django.views.generic.edit import FormView
 from django.conf import settings
 from django.urls import reverse_lazy
 from django.contrib.auth import BACKEND_SESSION_KEY
-from django.db.transaction import atomic

-from common.utils import get_request_ip, FlashMessageUtil
+from common.utils import FlashMessageUtil
 from users.utils import (
    redirect_user_first_login_or_index
 )
 from ..const import RSA_PRIVATE_KEY, RSA_PUBLIC_KEY
-from .. import mixins, errors, utils
+from .. import mixins, errors
 from ..forms import get_user_login_form_cls


@ -109,7 +109,7 @@ class UserLoginView(mixins.AuthMixin, FormView):
        self.request.session.delete_test_cookie()

        try:
-            with atomic():
+            with transaction.atomic():
                self.check_user_auth(decrypt_passwd=True)
        except errors.AuthFailedError as e:
            form.add_error(None, e.msg)
--- a/apps/settings/serializers/security.py
+++ b/apps/settings/serializers/security.py
@ -70,7 +70,7 @@ class SecurityAuthSerializer(serializers.Serializer):
        help_text=_("If enable, CAS、OIDC auth will be failed, if user not exist yet")
    )
    SECURITY_MFA_VERIFY_TTL = serializers.IntegerField(
-        min_value=5, max_value=60*30,
+        min_value=5, max_value=60*60*10,
        label=_("MFA verify TTL"), help_text=_("Unit: second"),
    )
    SECURITY_LOGIN_CAPTCHA_ENABLED = serializers.BooleanField(
--- a/apps/users/models/user.py
+++ b/apps/users/models/user.py
@ -472,6 +472,7 @@ class MFAMixin:
        (2, _("Force enable")),
    )
    is_org_admin: bool
+    username: str

    @property
    def mfa_enabled(self):