From be24f28d9b175530a8254fd32245b3dd2cddd49d Mon Sep 17 00:00:00 2001 From: ibuler Date: Thu, 24 Jul 2025 16:51:36 +0800 Subject: [PATCH] perf: in safe mode passkey cannot be as mfa --- apps/authentication/backends/passkey/api.py | 7 +++++-- apps/terminal/api/applet/applet.py | 1 + 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/apps/authentication/backends/passkey/api.py b/apps/authentication/backends/passkey/api.py index fd4c52a9a..9f0664654 100644 --- a/apps/authentication/backends/passkey/api.py +++ b/apps/authentication/backends/passkey/api.py @@ -71,7 +71,8 @@ class PasskeyViewSet(AuthMixin, FlashMessageMixin, JMSModelViewSet): return self.redirect_to_error(_('Auth failed')) confirm_mfa = request.session.get('passkey_confirm_mfa') - if confirm_mfa: + # 如果开启了安全模式,Passkey 不能作为 MFA + if confirm_mfa and not settings.SAFE_MODE: request.session['CONFIRM_LEVEL'] = ConfirmType.values.index('mfa') + 1 request.session['CONFIRM_TIME'] = int(time.time()) request.session['CONFIRM_TYPE'] = ConfirmType.MFA @@ -80,7 +81,9 @@ class PasskeyViewSet(AuthMixin, FlashMessageMixin, JMSModelViewSet): try: self.check_oauth2_auth(user, settings.AUTH_BACKEND_PASSKEY) - self.mark_mfa_ok('passkey', user) + # 如果开启了安全模式,passkey 不能作为 MFA + if not settings.SAFE_MODE: + self.mark_mfa_ok('passkey', user) return self.redirect_to_guard_view() except Exception as e: msg = getattr(e, 'msg', '') or str(e) diff --git a/apps/terminal/api/applet/applet.py b/apps/terminal/api/applet/applet.py index 225378a07..0bbdc8fa3 100644 --- a/apps/terminal/api/applet/applet.py +++ b/apps/terminal/api/applet/applet.py @@ -42,6 +42,7 @@ class DownloadUploadMixin: rel_path = default_storage.save(save_to, file) path = default_storage.path(rel_path) extract_to = default_storage.path('applets/{}.tmp'.format(file.name)) + if os.path.exists(extract_to): shutil.rmtree(extract_to)