|
|
@ -62,16 +62,22 @@ class UserConfirmation(permissions.BasePermission):
|
|
|
|
|
|
|
|
|
|
|
|
confirm_level = request.session.get('CONFIRM_LEVEL')
|
|
|
|
confirm_level = request.session.get('CONFIRM_LEVEL')
|
|
|
|
confirm_time = request.session.get('CONFIRM_TIME')
|
|
|
|
confirm_time = request.session.get('CONFIRM_TIME')
|
|
|
|
|
|
|
|
ttl = self.get_ttl()
|
|
|
|
if not confirm_level or not confirm_time or \
|
|
|
|
if not confirm_level or not confirm_time or \
|
|
|
|
confirm_level < self.min_level or \
|
|
|
|
confirm_level < self.min_level or \
|
|
|
|
confirm_time < time.time() - self.ttl:
|
|
|
|
confirm_time < time.time() - ttl:
|
|
|
|
raise UserConfirmRequired(code=self.confirm_type)
|
|
|
|
raise UserConfirmRequired(code=self.confirm_type)
|
|
|
|
return True
|
|
|
|
return True
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def get_ttl(self):
|
|
|
|
|
|
|
|
if self.confirm_type == ConfirmType.MFA:
|
|
|
|
|
|
|
|
ttl = settings.SECURITY_MFA_VERIFY_TTL
|
|
|
|
|
|
|
|
else:
|
|
|
|
|
|
|
|
ttl = self.ttl
|
|
|
|
|
|
|
|
return ttl
|
|
|
|
|
|
|
|
|
|
|
|
@classmethod
|
|
|
|
@classmethod
|
|
|
|
def require(cls, confirm_type=ConfirmType.ReLogin, ttl=60 * 5):
|
|
|
|
def require(cls, confirm_type=ConfirmType.ReLogin, ttl=60 * 5):
|
|
|
|
min_level = ConfirmType.values.index(confirm_type) + 1
|
|
|
|
min_level = ConfirmType.values.index(confirm_type) + 1
|
|
|
|
ttl = settings.SECURITY_MFA_VERIFY_TTL if confirm_type == ConfirmType.MFA else ttl
|
|
|
|
|
|
|
|
name = 'UserConfirmationLevel{}TTL{}'.format(min_level, ttl)
|
|
|
|
name = 'UserConfirmationLevel{}TTL{}'.format(min_level, ttl)
|
|
|
|
return type(name, (cls,), {'min_level': min_level, 'ttl': ttl, 'confirm_type': confirm_type})
|
|
|
|
return type(name, (cls,), {'min_level': min_level, 'ttl': ttl, 'confirm_type': confirm_type})
|
|
|
|