Browse Source

fix: 用户登陆mfa code为空限制

pull/7075/head
feng626 3 years ago committed by Jiangjie.Bai
parent
commit
380226a7d2
  1. 12
      apps/authentication/errors.py
  2. 12
      apps/authentication/mixins.py
  3. 11
      apps/authentication/views/login.py

12
apps/authentication/errors.py

@ -372,9 +372,19 @@ class NotEnableMFAError(JMSException):
default_detail = mfa_unset_msg default_detail = mfa_unset_msg
class OTPRequiredError(JMSException): class OTPBindRequiredError(JMSException):
default_detail = otp_unset_msg default_detail = otp_unset_msg
def __init__(self, url, *args, **kwargs): def __init__(self, url, *args, **kwargs):
super().__init__(*args, **kwargs) super().__init__(*args, **kwargs)
self.url = url self.url = url
class OTPCodeRequiredError(AuthFailedError):
msg = _("Please enter MFA code")
class SMSCodeRequiredError(AuthFailedError):
msg = _("Please enter SMS code")
class UserPhoneNotSet(AuthFailedError):
msg = _('Phone not set')

12
apps/authentication/mixins.py

@ -242,7 +242,12 @@ class AuthMixin(PasswordEncryptionViewMixin):
data = request.POST data = request.POST
code = data.get('code') code = data.get('code')
mfa_type = data.get('mfa_type') mfa_type = data.get('mfa_type')
if settings.SECURITY_MFA_IN_LOGIN_PAGE and code and mfa_type: if settings.SECURITY_MFA_IN_LOGIN_PAGE and mfa_type:
if not code:
if mfa_type == MFAType.OTP and bool(user.otp_secret_key):
raise errors.OTPCodeRequiredError
elif mfa_type == MFAType.SMS_CODE:
raise errors.SMSCodeRequiredError
self.check_user_mfa(code, mfa_type, user=user) self.check_user_mfa(code, mfa_type, user=user)
def _check_login_acl(self, user, ip): def _check_login_acl(self, user, ip):
@ -405,9 +410,12 @@ class AuthMixin(PasswordEncryptionViewMixin):
if not user.mfa_enabled: if not user.mfa_enabled:
return return
if not bool(user.phone) and mfa_type == MFAType.SMS_CODE:
raise errors.UserPhoneNotSet
if not bool(user.otp_secret_key) and mfa_type == MFAType.OTP: if not bool(user.otp_secret_key) and mfa_type == MFAType.OTP:
self.set_passwd_verify_on_session(user) self.set_passwd_verify_on_session(user)
raise errors.OTPRequiredError(reverse_lazy('authentication:user-otp-enable-bind')) raise errors.OTPBindRequiredError(reverse_lazy('authentication:user-otp-enable-bind'))
ip = self.get_request_ip() ip = self.get_request_ip()
self.check_mfa_is_block(user.username, ip) self.check_mfa_is_block(user.username, ip)

11
apps/authentication/views/login.py

@ -124,18 +124,19 @@ class UserLoginView(mixins.AuthMixin, FormView):
except ( except (
errors.PasswdTooSimple, errors.PasswdTooSimple,
errors.PasswordRequireResetError, errors.PasswordRequireResetError,
errors.PasswdNeedUpdate errors.PasswdNeedUpdate,
errors.OTPBindRequiredError
) as e: ) as e:
return redirect(e.url) return redirect(e.url)
except ( except (
errors.MFAUnsetError,
errors.MFAFailedError, errors.MFAFailedError,
errors.BlockMFAError errors.BlockMFAError,
errors.OTPCodeRequiredError,
errors.SMSCodeRequiredError,
errors.UserPhoneNotSet
) as e: ) as e:
form.add_error('code', e.msg) form.add_error('code', e.msg)
return super().form_invalid(form) return super().form_invalid(form)
except errors.OTPRequiredError as e:
return redirect(e.url)
self.clear_rsa_key() self.clear_rsa_key()
return self.redirect_to_guard_view() return self.redirect_to_guard_view()

Loading…
Cancel
Save