From ec2071a6ca2aefc0efc4d1e93c67dd496c6c96ce Mon Sep 17 00:00:00 2001
From: jiangweidong <weidong.jiang@fit2cloud.com>
Date: Thu, 18 May 2023 14:48:22 +0800
Subject: [PATCH 1/2] =?UTF-8?q?fix:=20=E4=BF=AE=E5=A4=8D=E6=9F=90=E5=BE=85?=
 =?UTF-8?q?=E5=AE=A1=E6=A0=B8=E7=94=A8=E6=88=B7=E8=BF=94=E5=9B=9E=E6=97=B6?=
 =?UTF-8?q?=EF=BC=8C=E7=99=BB=E5=BD=95=E5=85=B6=E4=BB=96=E7=94=A8=E6=88=B7?=
 =?UTF-8?q?=E5=8F=AF=E7=BB=95=E5=BC=80mfa=E7=9A=84=E9=97=AE=E9=A2=98?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 apps/authentication/mixins.py | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/apps/authentication/mixins.py b/apps/authentication/mixins.py
index ab5d1d53d..555adf715 100644
--- a/apps/authentication/mixins.py
+++ b/apps/authentication/mixins.py
@@ -212,7 +212,8 @@ class MFAMixin:
         self._do_check_user_mfa(code, mfa_type, user=user)
 
     def check_user_mfa_if_need(self, user):
-        if self.request.session.get('auth_mfa'):
+        if self.request.session.get('auth_mfa') and \
+            self.request.session.get('auth_mfa_username') == user.username:
             return
         if not user.mfa_enabled:
             return
@@ -220,15 +221,16 @@ class MFAMixin:
         active_mfa_names = user.active_mfa_backends_mapper.keys()
         raise errors.MFARequiredError(mfa_types=tuple(active_mfa_names))
 
-    def mark_mfa_ok(self, mfa_type):
+    def mark_mfa_ok(self, mfa_type, user):
         self.request.session['auth_mfa'] = 1
+        self.request.session['auth_mfa_username'] = user.username
         self.request.session['auth_mfa_time'] = time.time()
         self.request.session['auth_mfa_required'] = 0
         self.request.session['auth_mfa_type'] = mfa_type
-        MFABlockUtils(self.request.user.username, self.get_request_ip()).clean_failed_count()
+        MFABlockUtils(user.username, self.get_request_ip()).clean_failed_count()
 
     def clean_mfa_mark(self):
-        keys = ['auth_mfa', 'auth_mfa_time', 'auth_mfa_required', 'auth_mfa_type']
+        keys = ['auth_mfa', 'auth_mfa_time', 'auth_mfa_required', 'auth_mfa_type', 'auth_mfa_username']
         for k in keys:
             self.request.session.pop(k, '')
 
@@ -263,7 +265,7 @@ class MFAMixin:
             ok, msg = mfa_backend.check_code(code)
 
         if ok:
-            self.mark_mfa_ok(mfa_type)
+            self.mark_mfa_ok(mfa_type, user)
             return
 
         raise errors.MFAFailedError(

From 3d66fe4758b5c5050c9bf62f8f77d8bbf59abde1 Mon Sep 17 00:00:00 2001
From: jiangweidong <weidong.jiang@fit2cloud.com>
Date: Thu, 18 May 2023 14:58:07 +0800
Subject: [PATCH 2/2] =?UTF-8?q?fix:=20=E7=BC=A9=E8=BF=9B?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 apps/authentication/mixins.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/apps/authentication/mixins.py b/apps/authentication/mixins.py
index 555adf715..247e2e4a0 100644
--- a/apps/authentication/mixins.py
+++ b/apps/authentication/mixins.py
@@ -213,7 +213,7 @@ class MFAMixin:
 
     def check_user_mfa_if_need(self, user):
         if self.request.session.get('auth_mfa') and \
-            self.request.session.get('auth_mfa_username') == user.username:
+                self.request.session.get('auth_mfa_username') == user.username:
             return
         if not user.mfa_enabled:
             return