fix: 增加上了第三方用户登录失败的原因 (#8714)

* feat: OAuth2.0登录方式加上用户登录规则校验 * fix: 修复第三方用户登录规则（复核）问题 * fix: 增加上了第三方用户登录失败的原因 * fix: 修改变量名称 Co-authored-by: huangzhiwen <zhiwen.huang@fit2cloud.com>
2022-08-10 11:03:51 +08:00 · 2022-08-10 11:03:51 +08:00 · 30fe5214c7
parent 708a87c903
commit 30fe5214c7
3 changed files with 11 additions and 2 deletions
--- a/apps/authentication/api/login_confirm.py
+++ b/apps/authentication/api/login_confirm.py
@ -17,8 +17,10 @@ class TicketStatusApi(mixins.AuthMixin, APIView):
    def get(self, request, *args, **kwargs):
        try:
            self.check_user_login_confirm()
+            self.request.session['auth_third_party_done'] = 1
            return Response({"msg": "ok"})
        except errors.NeedMoreInfoError as e:
+            self.send_auth_signal(success=False, reason=e.as_data().get('msg'))
            return Response(e.as_data(), status=200)

    def delete(self, request, *args, **kwargs):
--- a/apps/authentication/middleware.py
+++ b/apps/authentication/middleware.py
@ -10,6 +10,7 @@ from django.contrib.auth import logout as auth_logout
 from apps.authentication import mixins
 from common.utils import gen_key_pair
 from common.utils import get_request_ip
+from .signals import post_auth_failed


 class MFAMiddleware:
@ -62,8 +63,13 @@ class ThirdPartyLoginMiddleware(mixins.AuthMixin):
            return response
        ip = get_request_ip(request)
        try:
+            self.request = request
            self._check_login_acl(request.user, ip)
        except Exception as e:
+            post_auth_failed.send(
+                sender=self.__class__, username=request.user.username,
+                request=self.request, reason=e.msg
+            )
            auth_logout(request)
            context = {
                'title': _('Authentication failed'),
@ -72,7 +78,8 @@ class ThirdPartyLoginMiddleware(mixins.AuthMixin):
                'redirect_url': reverse('authentication:login'),
                'auto_redirect': True,
            }
-            response = render(request, 'authentication/auth_fail_flash_message_standalone.html', context)
+            response = render(
+                request, 'authentication/auth_fail_flash_message_standalone.html', context)
        else:
            guard_url = reverse('authentication:login-guard')
            args = request.META.get('QUERY_STRING', '')
--- a/apps/authentication/signal_handlers.py
+++ b/apps/authentication/signal_handlers.py
@ -29,7 +29,7 @@ def on_user_auth_login_success(sender, user, request, **kwargs):
            and user.mfa_enabled \
            and not request.session.get('auth_mfa'):
        request.session['auth_mfa_required'] = 1
-    if request.session.get('auth_backend') in AUTHENTICATION_BACKENDS_THIRD_PARTY:
+    if not request.session.get("auth_third_party_done") and request.session.get('auth_backend') in AUTHENTICATION_BACKENDS_THIRD_PARTY:
        request.session['auth_third_party_required'] = 1
    # 单点登录，超过了自动退出
    if settings.USER_LOGIN_SINGLE_MACHINE_ENABLED: