mirror of https://github.com/jumpserver/jumpserver
fix: 用户登陆mfa code为空限制
feng626
Jiangjie.Bai
parent
f88e5de3c1
commit
380226a7d2
|
|
@ -372,9 +372,19 @@ class NotEnableMFAError(JMSException):
|
||||||
default_detail = mfa_unset_msg
|
default_detail = mfa_unset_msg
|
||||||
|
|
||||||
|
|
||||||
class OTPRequiredError(JMSException):
|
class OTPBindRequiredError(JMSException):
|
||||||
default_detail = otp_unset_msg
|
default_detail = otp_unset_msg
|
||||||
|
|
||||||
def __init__(self, url, *args, **kwargs):
|
def __init__(self, url, *args, **kwargs):
|
||||||
super().__init__(*args, **kwargs)
|
super().__init__(*args, **kwargs)
|
||||||
self.url = url
|
self.url = url
|
||||||
|
|
||||||
|
|
||||||
|
class OTPCodeRequiredError(AuthFailedError):
|
||||||
|
msg = _("Please enter MFA code")
|
||||||
|
|
||||||
|
class SMSCodeRequiredError(AuthFailedError):
|
||||||
|
msg = _("Please enter SMS code")
|
||||||
|
|
||||||
|
class UserPhoneNotSet(AuthFailedError):
|
||||||
|
msg = _('Phone not set')
|
||||||
|
|
|
||||||
|
|
@ -242,7 +242,12 @@ class AuthMixin(PasswordEncryptionViewMixin):
|
||||||
data = request.POST
|
data = request.POST
|
||||||
code = data.get('code')
|
code = data.get('code')
|
||||||
mfa_type = data.get('mfa_type')
|
mfa_type = data.get('mfa_type')
|
||||||
if settings.SECURITY_MFA_IN_LOGIN_PAGE and code and mfa_type:
|
if settings.SECURITY_MFA_IN_LOGIN_PAGE and mfa_type:
|
||||||
|
if not code:
|
||||||
|
if mfa_type == MFAType.OTP and bool(user.otp_secret_key):
|
||||||
|
raise errors.OTPCodeRequiredError
|
||||||
|
elif mfa_type == MFAType.SMS_CODE:
|
||||||
|
raise errors.SMSCodeRequiredError
|
||||||
self.check_user_mfa(code, mfa_type, user=user)
|
self.check_user_mfa(code, mfa_type, user=user)
|
||||||
|
|
||||||
def _check_login_acl(self, user, ip):
|
def _check_login_acl(self, user, ip):
|
||||||
|
|
@ -405,9 +410,12 @@ class AuthMixin(PasswordEncryptionViewMixin):
|
||||||
if not user.mfa_enabled:
|
if not user.mfa_enabled:
|
||||||
return
|
return
|
||||||
|
|
||||||
|
if not bool(user.phone) and mfa_type == MFAType.SMS_CODE:
|
||||||
|
raise errors.UserPhoneNotSet
|
||||||
|
|
||||||
if not bool(user.otp_secret_key) and mfa_type == MFAType.OTP:
|
if not bool(user.otp_secret_key) and mfa_type == MFAType.OTP:
|
||||||
self.set_passwd_verify_on_session(user)
|
self.set_passwd_verify_on_session(user)
|
||||||
raise errors.OTPRequiredError(reverse_lazy('authentication:user-otp-enable-bind'))
|
raise errors.OTPBindRequiredError(reverse_lazy('authentication:user-otp-enable-bind'))
|
||||||
|
|
||||||
ip = self.get_request_ip()
|
ip = self.get_request_ip()
|
||||||
self.check_mfa_is_block(user.username, ip)
|
self.check_mfa_is_block(user.username, ip)
|
||||||
|
|
|
||||||
|
|
@ -124,18 +124,19 @@ class UserLoginView(mixins.AuthMixin, FormView):
|
||||||
except (
|
except (
|
||||||
errors.PasswdTooSimple,
|
errors.PasswdTooSimple,
|
||||||
errors.PasswordRequireResetError,
|
errors.PasswordRequireResetError,
|
||||||
errors.PasswdNeedUpdate
|
errors.PasswdNeedUpdate,
|
||||||
|
errors.OTPBindRequiredError
|
||||||
) as e:
|
) as e:
|
||||||
return redirect(e.url)
|
return redirect(e.url)
|
||||||
except (
|
except (
|
||||||
errors.MFAUnsetError,
|
|
||||||
errors.MFAFailedError,
|
errors.MFAFailedError,
|
||||||
errors.BlockMFAError
|
errors.BlockMFAError,
|
||||||
|
errors.OTPCodeRequiredError,
|
||||||
|
errors.SMSCodeRequiredError,
|
||||||
|
errors.UserPhoneNotSet
|
||||||
) as e:
|
) as e:
|
||||||
form.add_error('code', e.msg)
|
form.add_error('code', e.msg)
|
||||||
return super().form_invalid(form)
|
return super().form_invalid(form)
|
||||||
except errors.OTPRequiredError as e:
|
|
||||||
return redirect(e.url)
|
|
||||||
self.clear_rsa_key()
|
self.clear_rsa_key()
|
||||||
return self.redirect_to_guard_view()
|
return self.redirect_to_guard_view()
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue