mirror of https://github.com/jumpserver/jumpserver
[Update] 修改判断MFA是否全局启用的逻辑,放到User.otp_force_enabled中
BaiJiangJie
parent
fcd17460d7
commit
b026e86741
|
|
@ -14,6 +14,7 @@ from django.utils import timezone
|
||||||
from django.shortcuts import reverse
|
from django.shortcuts import reverse
|
||||||
|
|
||||||
from common.utils import get_signer, date_expired_default
|
from common.utils import get_signer, date_expired_default
|
||||||
|
from common.models import Setting
|
||||||
|
|
||||||
|
|
||||||
__all__ = ['User']
|
__all__ = ['User']
|
||||||
|
|
@ -248,10 +249,13 @@ class User(AbstractUser):
|
||||||
|
|
||||||
@property
|
@property
|
||||||
def otp_enabled(self):
|
def otp_enabled(self):
|
||||||
return self.otp_level > 0
|
return self.otp_force_enabled or self.otp_level > 0
|
||||||
|
|
||||||
@property
|
@property
|
||||||
def otp_force_enabled(self):
|
def otp_force_enabled(self):
|
||||||
|
mfa_setting = Setting.objects.filter(name='SECURITY_MFA_AUTH').first()
|
||||||
|
if mfa_setting and mfa_setting.cleaned_value:
|
||||||
|
return True
|
||||||
return self.otp_level == 2
|
return self.otp_level == 2
|
||||||
|
|
||||||
def enable_otp(self):
|
def enable_otp(self):
|
||||||
|
|
|
||||||
|
|
@ -155,7 +155,7 @@
|
||||||
<a type="button" class="btn btn-primary btn-xs" style="width: 54px" id=""
|
<a type="button" class="btn btn-primary btn-xs" style="width: 54px" id=""
|
||||||
href="
|
href="
|
||||||
{% if request.user.otp_enabled and request.user.otp_secret_key %}
|
{% if request.user.otp_enabled and request.user.otp_secret_key %}
|
||||||
{% if request.user.otp_force_enabled or mfa_setting %}
|
{% if request.user.otp_force_enabled %}
|
||||||
" disabled >{% trans 'Disable' %}
|
" disabled >{% trans 'Disable' %}
|
||||||
{% else %}
|
{% else %}
|
||||||
{% url 'users:user-otp-disable-authentication' %}
|
{% url 'users:user-otp-disable-authentication' %}
|
||||||
|
|
|
||||||
|
|
@ -82,13 +82,6 @@ class UserLoginView(FormView):
|
||||||
def get_success_url(self):
|
def get_success_url(self):
|
||||||
user = get_user_or_tmp_user(self.request)
|
user = get_user_or_tmp_user(self.request)
|
||||||
|
|
||||||
mfa_setting = Setting.objects.filter(name='SECURITY_MFA_AUTH').first()
|
|
||||||
if mfa_setting and mfa_setting.cleaned_value:
|
|
||||||
if user.otp_enabled and user.otp_secret_key:
|
|
||||||
return reverse('users:login-otp')
|
|
||||||
else:
|
|
||||||
return reverse('users:user-otp-enable-authentication')
|
|
||||||
else:
|
|
||||||
if user.otp_enabled and user.otp_secret_key:
|
if user.otp_enabled and user.otp_secret_key:
|
||||||
# 1,2 & T
|
# 1,2 & T
|
||||||
return reverse('users:login-otp')
|
return reverse('users:login-otp')
|
||||||
|
|
|
||||||
|
|
@ -337,7 +337,6 @@ class UserProfileView(LoginRequiredMixin, TemplateView):
|
||||||
|
|
||||||
def get_context_data(self, **kwargs):
|
def get_context_data(self, **kwargs):
|
||||||
mfa_setting = Setting.objects.filter(name='SECURITY_MFA_AUTH').first()
|
mfa_setting = Setting.objects.filter(name='SECURITY_MFA_AUTH').first()
|
||||||
|
|
||||||
context = {
|
context = {
|
||||||
'action': _('Profile'),
|
'action': _('Profile'),
|
||||||
'mfa_setting': mfa_setting.cleaned_value if mfa_setting else False,
|
'mfa_setting': mfa_setting.cleaned_value if mfa_setting else False,
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue