fix: 修复禁用 MFA 后还可以用 MFA 查看密码匣子

apps/users/exceptions.py

@@ -0,0 +1,10 @@
+from django.utils.translation import gettext_lazy as _
+from rest_framework import status
+
+from common.exceptions import JMSException
+
+
+class MFANotEnabled(JMSException):
+    status_code = status.HTTP_403_FORBIDDEN
+    default_code = 'mfa_not_enabled'
+    default_detail = _('MFA not enabled')

apps/users/models/user.py

@@ -22,6 +22,7 @@ from common.utils import date_expired_default, get_logger, lazyproperty
 from common import fields
 from common.const import choices
 from common.db.models import ChoiceSet
+from users.exceptions import MFANotEnabled
 from ..signals import post_user_change_password
 
 
@@ -489,6 +490,9 @@ class MFAMixin:
         return check_otp_code(self.otp_secret_key, code)
 
     def check_mfa(self, code):
+        if not self.mfa_enabled:
+            raise MFANotEnabled
+
         if settings.OTP_IN_RADIUS:
             return self.check_radius(code)
         else: