fix: 用户登陆mfa code为空限制

apps/authentication/errors.py

@@ -372,9 +372,19 @@ class NotEnableMFAError(JMSException):
     default_detail = mfa_unset_msg
 
 
-class OTPRequiredError(JMSException):
+class OTPBindRequiredError(JMSException):
     default_detail = otp_unset_msg
 
     def __init__(self, url, *args, **kwargs):
         super().__init__(*args, **kwargs)
         self.url = url
+
+
+class OTPCodeRequiredError(AuthFailedError):
+    msg = _("Please enter MFA code")
+
+class SMSCodeRequiredError(AuthFailedError):
+    msg = _("Please enter SMS code")
+
+class UserPhoneNotSet(AuthFailedError):
+    msg = _('Phone not set')

apps/authentication/mixins.py

@@ -242,7 +242,12 @@ class AuthMixin(PasswordEncryptionViewMixin):
             data = request.POST
         code = data.get('code')
         mfa_type = data.get('mfa_type')
-        if settings.SECURITY_MFA_IN_LOGIN_PAGE and code and mfa_type:
+        if settings.SECURITY_MFA_IN_LOGIN_PAGE and mfa_type:
+            if not code:
+                if mfa_type ==  MFAType.OTP and bool(user.otp_secret_key):
+                    raise errors.OTPCodeRequiredError
+                elif mfa_type ==  MFAType.SMS_CODE:
+                    raise errors.SMSCodeRequiredError
             self.check_user_mfa(code, mfa_type, user=user)
 
     def _check_login_acl(self, user, ip):
@@ -405,9 +410,12 @@ class AuthMixin(PasswordEncryptionViewMixin):
         if not user.mfa_enabled:
             return
 
+        if not bool(user.phone) and mfa_type == MFAType.SMS_CODE:
+            raise errors.UserPhoneNotSet
+
         if not bool(user.otp_secret_key) and mfa_type == MFAType.OTP:
             self.set_passwd_verify_on_session(user)
-            raise errors.OTPRequiredError(reverse_lazy('authentication:user-otp-enable-bind'))
+            raise errors.OTPBindRequiredError(reverse_lazy('authentication:user-otp-enable-bind'))
 
         ip = self.get_request_ip()
         self.check_mfa_is_block(user.username, ip)

apps/authentication/views/login.py

@@ -124,18 +124,19 @@ class UserLoginView(mixins.AuthMixin, FormView):
         except (
                 errors.PasswdTooSimple,
                 errors.PasswordRequireResetError,
-                errors.PasswdNeedUpdate
+                errors.PasswdNeedUpdate,
+                errors.OTPBindRequiredError
         ) as e:
             return redirect(e.url)
         except (
-                errors.MFAUnsetError,
                 errors.MFAFailedError,
-                errors.BlockMFAError
+                errors.BlockMFAError,
+                errors.OTPCodeRequiredError,
+                errors.SMSCodeRequiredError,
+                errors.UserPhoneNotSet
         ) as e:
             form.add_error('code', e.msg)
             return super().form_invalid(form)
-        except errors.OTPRequiredError as e:
-            return redirect(e.url)
         self.clear_rsa_key()
         return self.redirect_to_guard_view()