perf: in safe mode passkey cannot be as mfa

2025-07-24 16:51:36 +08:00 · 2025-07-24 16:51:36 +08:00 · be24f28d9b
parent 26cea550c4
commit be24f28d9b
2 changed files with 6 additions and 2 deletions
--- a/apps/authentication/backends/passkey/api.py
+++ b/apps/authentication/backends/passkey/api.py
@ -71,7 +71,8 @@ class PasskeyViewSet(AuthMixin, FlashMessageMixin, JMSModelViewSet):
            return self.redirect_to_error(_('Auth failed'))

        confirm_mfa = request.session.get('passkey_confirm_mfa')
-        if confirm_mfa:
+        # 如果开启了安全模式，Passkey 不能作为 MFA
+        if confirm_mfa and not settings.SAFE_MODE:
            request.session['CONFIRM_LEVEL'] = ConfirmType.values.index('mfa') + 1
            request.session['CONFIRM_TIME'] = int(time.time())
            request.session['CONFIRM_TYPE'] = ConfirmType.MFA
@ -80,7 +81,9 @@ class PasskeyViewSet(AuthMixin, FlashMessageMixin, JMSModelViewSet):

        try:
            self.check_oauth2_auth(user, settings.AUTH_BACKEND_PASSKEY)
-            self.mark_mfa_ok('passkey', user)
+            # 如果开启了安全模式，passkey 不能作为 MFA
+            if not settings.SAFE_MODE:
+                self.mark_mfa_ok('passkey', user)
            return self.redirect_to_guard_view()
        except Exception as e:
            msg = getattr(e, 'msg', '') or str(e)
--- a/apps/terminal/api/applet/applet.py
+++ b/apps/terminal/api/applet/applet.py
@ -42,6 +42,7 @@ class DownloadUploadMixin:
        rel_path = default_storage.save(save_to, file)
        path = default_storage.path(rel_path)
        extract_to = default_storage.path('applets/{}.tmp'.format(file.name))
+
        if os.path.exists(extract_to):
            shutil.rmtree(extract_to)