From cb1c906db4ce58055422e737724bd1b46845a512 Mon Sep 17 00:00:00 2001 From: ibuler Date: Mon, 15 Nov 2021 14:00:52 +0800 Subject: [PATCH] =?UTF-8?q?fix:=20=E4=BF=AE=E5=A4=8D=E7=99=BB=E5=BD=95?= =?UTF-8?q?=E6=97=B6=E6=B2=A1=E6=9C=89=E7=BB=91=E5=AE=9Amfa=EF=BC=8C?= =?UTF-8?q?=E6=B2=A1=E6=9C=89=E8=B7=B3=E8=BD=AC=E7=9A=84=E9=97=AE=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit fix: 首页登录如果没有则后续登录 --- apps/authentication/errors.py | 16 ++++------------ apps/authentication/mixins.py | 15 +++++++++++---- apps/authentication/views/login.py | 4 ++-- 3 files changed, 17 insertions(+), 18 deletions(-) diff --git a/apps/authentication/errors.py b/apps/authentication/errors.py index 1e9000e67..f8bf7f32d 100644 --- a/apps/authentication/errors.py +++ b/apps/authentication/errors.py @@ -66,7 +66,6 @@ mfa_error_msg = _( ) mfa_required_msg = _("MFA required") mfa_unset_msg = _("MFA not set, please set it first") -otp_unset_msg = _("OTP not set, please set it first") login_confirm_required_msg = _("Login confirm required") login_confirm_wait_msg = _("Wait login confirm ticket for accept") login_confirm_error_msg = _("Login confirm ticket was {}") @@ -162,13 +161,11 @@ class BlockMFAError(AuthFailedNeedLogMixin, AuthFailedError): super().__init__(username=username, request=request, ip=ip) -class MFAUnsetError(AuthFailedNeedLogMixin, AuthFailedError): +class MFAUnsetError(Exception): error = reason_mfa_unset msg = mfa_unset_msg def __init__(self, user, request, url): - super().__init__(username=user.username, request=request) - self.user = user self.url = url @@ -354,21 +351,16 @@ class NotHaveUpDownLoadPerm(JMSException): default_detail = _('No upload or download permission') -class OTPBindRequiredError(JMSException): - default_detail = otp_unset_msg - - def __init__(self, url, *args, **kwargs): - super().__init__(*args, **kwargs) - self.url = url - - class MFACodeRequiredError(AuthFailedError): + error = 'mfa_code_required' msg = _("Please enter MFA code") class SMSCodeRequiredError(AuthFailedError): + error = 'sms_code_required' msg = _("Please enter SMS code") class UserPhoneNotSet(AuthFailedError): + error = 'phone_not_set' msg = _('Phone not set') diff --git a/apps/authentication/mixins.py b/apps/authentication/mixins.py index 69daf6330..8ec2fc391 100644 --- a/apps/authentication/mixins.py +++ b/apps/authentication/mixins.py @@ -248,16 +248,24 @@ class MFAMixin: get_user_from_session: Callable get_request_ip: Callable + def _check_if_no_active_mfa(self, user): + active_mfa_mapper = user.active_mfa_backends_mapper + if not active_mfa_mapper: + url = reverse('authentication:user-otp-enable-start') + raise errors.MFAUnsetError(user, self.request, url) + def _check_login_page_mfa_if_need(self, user): if not settings.SECURITY_MFA_IN_LOGIN_PAGE: return + self._check_if_no_active_mfa(user) request = self.request data = request.data if hasattr(request, 'data') else request.POST code = data.get('code') mfa_type = data.get('mfa_type', 'otp') + if not code: - raise errors.MFACodeRequiredError + return self._do_check_user_mfa(code, mfa_type, user=user) def check_user_mfa_if_need(self, user): @@ -266,10 +274,9 @@ class MFAMixin: if not user.mfa_enabled: return + self._check_if_no_active_mfa(user) + active_mfa_mapper = user.active_mfa_backends_mapper - if not active_mfa_mapper: - url = reverse('authentication:user-otp-enable-start') - raise errors.MFAUnsetError(user, self.request, url) raise errors.MFARequiredError(mfa_types=tuple(active_mfa_mapper.keys())) def mark_mfa_ok(self, mfa_type): diff --git a/apps/authentication/views/login.py b/apps/authentication/views/login.py index 79b6839b4..f8c760b43 100644 --- a/apps/authentication/views/login.py +++ b/apps/authentication/views/login.py @@ -122,10 +122,10 @@ class UserLoginView(mixins.AuthMixin, FormView): self.request.session.set_test_cookie() return self.render_to_response(context) except ( + errors.MFAUnsetError, errors.PasswordTooSimple, errors.PasswordRequireResetError, - errors.PasswordNeedUpdate, - errors.OTPBindRequiredError + errors.PasswordNeedUpdate ) as e: return redirect(e.url) except (