diff --git a/apps/users/models/user.py b/apps/users/models/user.py index 025fe7c8f..fa01ba82c 100644 --- a/apps/users/models/user.py +++ b/apps/users/models/user.py @@ -14,6 +14,7 @@ from django.utils import timezone from django.shortcuts import reverse from common.utils import get_signer, date_expired_default +from common.models import Setting __all__ = ['User'] @@ -248,10 +249,13 @@ class User(AbstractUser): @property def otp_enabled(self): - return self.otp_level > 0 + return self.otp_force_enabled or self.otp_level > 0 @property def otp_force_enabled(self): + mfa_setting = Setting.objects.filter(name='SECURITY_MFA_AUTH').first() + if mfa_setting and mfa_setting.cleaned_value: + return True return self.otp_level == 2 def enable_otp(self): diff --git a/apps/users/templates/users/user_profile.html b/apps/users/templates/users/user_profile.html index 0d586902b..50dabeabc 100644 --- a/apps/users/templates/users/user_profile.html +++ b/apps/users/templates/users/user_profile.html @@ -155,7 +155,7 @@ {% trans 'Disable' %} {% else %} {% url 'users:user-otp-disable-authentication' %} diff --git a/apps/users/views/login.py b/apps/users/views/login.py index 411a2f95a..c058b4402 100644 --- a/apps/users/views/login.py +++ b/apps/users/views/login.py @@ -82,24 +82,17 @@ class UserLoginView(FormView): def get_success_url(self): user = get_user_or_tmp_user(self.request) - mfa_setting = Setting.objects.filter(name='SECURITY_MFA_AUTH').first() - if mfa_setting and mfa_setting.cleaned_value: - if user.otp_enabled and user.otp_secret_key: - return reverse('users:login-otp') - else: - return reverse('users:user-otp-enable-authentication') - else: - if user.otp_enabled and user.otp_secret_key: - # 1,2 & T - return reverse('users:login-otp') - elif user.otp_enabled and not user.otp_secret_key: - # 1,2 & F - return reverse('users:user-otp-enable-authentication') - elif not user.otp_enabled: - # 0 & T,F - auth_login(self.request, user) - self.write_login_log() - return redirect_user_first_login_or_index(self.request, self.redirect_field_name) + if user.otp_enabled and user.otp_secret_key: + # 1,2 & T + return reverse('users:login-otp') + elif user.otp_enabled and not user.otp_secret_key: + # 1,2 & F + return reverse('users:user-otp-enable-authentication') + elif not user.otp_enabled: + # 0 & T,F + auth_login(self.request, user) + self.write_login_log() + return redirect_user_first_login_or_index(self.request, self.redirect_field_name) def get_context_data(self, **kwargs): context = { diff --git a/apps/users/views/user.py b/apps/users/views/user.py index 414a96a64..598726fc1 100644 --- a/apps/users/views/user.py +++ b/apps/users/views/user.py @@ -337,7 +337,6 @@ class UserProfileView(LoginRequiredMixin, TemplateView): def get_context_data(self, **kwargs): mfa_setting = Setting.objects.filter(name='SECURITY_MFA_AUTH').first() - context = { 'action': _('Profile'), 'mfa_setting': mfa_setting.cleaned_value if mfa_setting else False,