fix: 修复serializer问题

apps/authentication/forms.py

@@ -67,9 +67,9 @@ class ChallengeMixin(forms.Form):
 
 def get_user_login_form_cls(*, captcha=False):
     bases = []
-    if settings.SECURITY_LOGIN_CAPTCHA_ENABLED and captcha:
-        bases.append(CaptchaMixin)
     if settings.SECURITY_LOGIN_CHALLENGE_ENABLED:
         bases.append(ChallengeMixin)
+    elif settings.SECURITY_LOGIN_CAPTCHA_ENABLED and captcha:
+        bases.append(CaptchaMixin)
     bases.append(UserLoginForm)
     return type('UserLoginForm', tuple(bases), {})

apps/authentication/mixins.py

@@ -191,7 +191,10 @@ class AuthMixin(PasswordEncryptionViewMixin):
         raise self.partial_credential_error(error=error)
 
     def _set_partial_credential_error(self, username, ip, request):
-        self.partial_credential_error = partial(errors.CredentialError, username=username, ip=ip, request=request)
+        self.partial_credential_error = partial(
+            errors.CredentialError, username=username,
+            ip=ip, request=request
+        )
 
     def get_auth_data(self, decrypt_passwd=False):
         request = self.request

apps/authentication/views/login.py

@@ -9,6 +9,7 @@ from django.contrib.auth import login as auth_login, logout as auth_logout
 from django.http import HttpResponse
 from django.shortcuts import reverse, redirect
 from django.utils.decorators import method_decorator
+from django.db import transaction
 from django.utils.translation import ugettext as _
 from django.views.decorators.cache import never_cache
 from django.views.decorators.csrf import csrf_protect
@@ -18,14 +19,13 @@ from django.views.generic.edit import FormView
 from django.conf import settings
 from django.urls import reverse_lazy
 from django.contrib.auth import BACKEND_SESSION_KEY
-from django.db.transaction import atomic
 
-from common.utils import get_request_ip, FlashMessageUtil
+from common.utils import FlashMessageUtil
 from users.utils import (
     redirect_user_first_login_or_index
 )
 from ..const import RSA_PRIVATE_KEY, RSA_PUBLIC_KEY
-from .. import mixins, errors, utils
+from .. import mixins, errors
 from ..forms import get_user_login_form_cls
 
 
@@ -109,7 +109,7 @@ class UserLoginView(mixins.AuthMixin, FormView):
         self.request.session.delete_test_cookie()
 
         try:
-            with atomic():
+            with transaction.atomic():
                 self.check_user_auth(decrypt_passwd=True)
         except errors.AuthFailedError as e:
             form.add_error(None, e.msg)

apps/settings/serializers/security.py

@@ -70,7 +70,7 @@ class SecurityAuthSerializer(serializers.Serializer):
         help_text=_("If enable, CAS、OIDC auth will be failed, if user not exist yet")
     )
     SECURITY_MFA_VERIFY_TTL = serializers.IntegerField(
-        min_value=5, max_value=60*30,
+        min_value=5, max_value=60*60*10,
         label=_("MFA verify TTL"), help_text=_("Unit: second"),
     )
     SECURITY_LOGIN_CAPTCHA_ENABLED = serializers.BooleanField(

apps/users/models/user.py

@@ -472,6 +472,7 @@ class MFAMixin:
         (2, _("Force enable")),
     )
     is_org_admin: bool
+    username: str
 
     @property
     def mfa_enabled(self):