perf: 优化写法 (#7498)

* fix: 修复登录页输入 mfa 时不支持某 mfa 的错误提示 fix tapd 1145454465001008371 * perf: 优化 send code api，避免暴力常识 * perf: 优化写法 * Update mfa.py Co-authored-by: ibuler <ibuler@qq.com> Co-authored-by: Jiangjie.Bai <32935519+BaiJiangJie@users.noreply.github.com>
2022-01-17 19:05:01 +08:00 · 2022-01-17 19:05:01 +08:00 · c43ad981bd
parent 088676d998
commit c43ad981bd
3 changed files with 17 additions and 7 deletions
--- a/apps/authentication/api/mfa.py
+++ b/apps/authentication/api/mfa.py
@ -47,12 +47,21 @@ class MFASendCodeApi(AuthMixin, CreateAPIView):
            self.incr_mfa_failed_time(username, self.ip)
            raise e

+    def get_user_from_db(self, username):
+        """避免暴力测试用户名"""
+        ip = self.get_request_ip()
+        self.check_mfa_is_block(username, ip)
+        try:
+            user = get_object_or_404(User, username=username)
+            return user
+        except Exception as e:
+            self.incr_mfa_failed_time(username, ip)
+            raise e
+
    def perform_create(self, serializer):
        username = serializer.validated_data.get('username', '')
        mfa_type = serializer.validated_data['type']

-        self.ip = self.get_request_ip()
-        self.check_mfa_is_block(username, self.ip)
        if not username:
            user = self.get_user_from_session()
        else:
--- a/apps/locale/zh/LC_MESSAGES/django.mo
+++ b/apps/locale/zh/LC_MESSAGES/django.mo
@ -1,3 +1,4 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:041711683ed0cfbf9ffd58f402f0acb98f77a1edde5f4582314a2568d539212c
-size 96641
+oid sha256:65ae747dcbddab2bbf9238b0ee589037805c9cf04a6c3a2e312d4c6c5e486b2d
+size 96320
+
--- a/apps/locale/zh/LC_MESSAGES/django.po
+++ b/apps/locale/zh/LC_MESSAGES/django.po
@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: JumpServer 0.3.3\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2022-01-15 22:47+0800\n"
+"POT-Creation-Date: 2022-01-13 16:57+0800\n"
 "PO-Revision-Date: 2021-05-20 10:54+0800\n"
 "Last-Translator: ibuler <ibuler@qq.com>\n"
 "Language-Team: JumpServer team<ibuler@qq.com>\n"
@ -1657,11 +1657,11 @@ msgstr "{ApplicationPermission} 移除 {SystemUser}"
 msgid "Invalid token"
 msgstr "无效的令牌"

-#: authentication/api/mfa.py:63
+#: authentication/api/mfa.py:50
 msgid "Current user not support mfa type: {}"
 msgstr "当前用户不支持 MFA 类型: {}"

-#: authentication/api/mfa.py:110
+#: authentication/api/mfa.py:97
 msgid "Code is invalid, {}"
 msgstr "验证码无效: {}"