[Update] 修改判断MFA是否全局启用的逻辑，放到User.otp_force_enabled中

2018-06-06 15:35:26 +08:00 · 2018-06-06 15:35:26 +08:00 · b026e86741
parent fcd17460d7
commit b026e86741
4 changed files with 17 additions and 21 deletions
--- a/apps/users/models/user.py
+++ b/apps/users/models/user.py
@ -14,6 +14,7 @@ from django.utils import timezone
 from django.shortcuts import reverse

 from common.utils import get_signer, date_expired_default
+from common.models import Setting


 __all__ = ['User']
@ -248,10 +249,13 @@ class User(AbstractUser):

    @property
    def otp_enabled(self):
-        return self.otp_level > 0
+        return self.otp_force_enabled or self.otp_level > 0

    @property
    def otp_force_enabled(self):
+        mfa_setting = Setting.objects.filter(name='SECURITY_MFA_AUTH').first()
+        if mfa_setting and mfa_setting.cleaned_value:
+            return True
        return self.otp_level == 2

    def enable_otp(self):
--- a/apps/users/templates/users/user_profile.html
+++ b/apps/users/templates/users/user_profile.html
@ -155,7 +155,7 @@
                                                <a type="button" class="btn btn-primary btn-xs" style="width: 54px" id=""
                                                   href="
                                                        {% if request.user.otp_enabled and request.user.otp_secret_key %}
-                                                            {% if request.user.otp_force_enabled or mfa_setting %}
+                                                            {% if request.user.otp_force_enabled %}
                                                                " disabled >{% trans 'Disable' %}
                                                            {% else %}
                                                                {% url 'users:user-otp-disable-authentication' %}
--- a/apps/users/views/login.py
+++ b/apps/users/views/login.py
@ -82,24 +82,17 @@ class UserLoginView(FormView):
    def get_success_url(self):
        user = get_user_or_tmp_user(self.request)

-        mfa_setting = Setting.objects.filter(name='SECURITY_MFA_AUTH').first()
-        if mfa_setting and mfa_setting.cleaned_value:
-            if user.otp_enabled and user.otp_secret_key:
-                return reverse('users:login-otp')
-            else:
-                return reverse('users:user-otp-enable-authentication')
-        else:
-            if user.otp_enabled and user.otp_secret_key:
-                # 1,2 & T
-                return reverse('users:login-otp')
-            elif user.otp_enabled and not user.otp_secret_key:
-                # 1,2 & F
-                return reverse('users:user-otp-enable-authentication')
-            elif not user.otp_enabled:
-                # 0 & T,F
-                auth_login(self.request, user)
-                self.write_login_log()
-                return redirect_user_first_login_or_index(self.request, self.redirect_field_name)
+        if user.otp_enabled and user.otp_secret_key:
+            # 1,2 & T
+            return reverse('users:login-otp')
+        elif user.otp_enabled and not user.otp_secret_key:
+            # 1,2 & F
+            return reverse('users:user-otp-enable-authentication')
+        elif not user.otp_enabled:
+            # 0 & T,F
+            auth_login(self.request, user)
+            self.write_login_log()
+            return redirect_user_first_login_or_index(self.request, self.redirect_field_name)

    def get_context_data(self, **kwargs):
        context = {
--- a/apps/users/views/user.py
+++ b/apps/users/views/user.py
@ -337,7 +337,6 @@ class UserProfileView(LoginRequiredMixin, TemplateView):

    def get_context_data(self, **kwargs):
        mfa_setting = Setting.objects.filter(name='SECURITY_MFA_AUTH').first()
-
        context = {
            'action': _('Profile'),
            'mfa_setting': mfa_setting.cleaned_value if mfa_setting else False,