mirror of https://github.com/jumpserver/jumpserver
ibuler
Jiangjie.Bai
parent
12a0096963
commit
cb1c906db4
|
|
@ -66,7 +66,6 @@ mfa_error_msg = _(
|
||||||
)
|
)
|
||||||
mfa_required_msg = _("MFA required")
|
mfa_required_msg = _("MFA required")
|
||||||
mfa_unset_msg = _("MFA not set, please set it first")
|
mfa_unset_msg = _("MFA not set, please set it first")
|
||||||
otp_unset_msg = _("OTP not set, please set it first")
|
|
||||||
login_confirm_required_msg = _("Login confirm required")
|
login_confirm_required_msg = _("Login confirm required")
|
||||||
login_confirm_wait_msg = _("Wait login confirm ticket for accept")
|
login_confirm_wait_msg = _("Wait login confirm ticket for accept")
|
||||||
login_confirm_error_msg = _("Login confirm ticket was {}")
|
login_confirm_error_msg = _("Login confirm ticket was {}")
|
||||||
|
|
@ -162,13 +161,11 @@ class BlockMFAError(AuthFailedNeedLogMixin, AuthFailedError):
|
||||||
super().__init__(username=username, request=request, ip=ip)
|
super().__init__(username=username, request=request, ip=ip)
|
||||||
|
|
||||||
|
|
||||||
class MFAUnsetError(AuthFailedNeedLogMixin, AuthFailedError):
|
class MFAUnsetError(Exception):
|
||||||
error = reason_mfa_unset
|
error = reason_mfa_unset
|
||||||
msg = mfa_unset_msg
|
msg = mfa_unset_msg
|
||||||
|
|
||||||
def __init__(self, user, request, url):
|
def __init__(self, user, request, url):
|
||||||
super().__init__(username=user.username, request=request)
|
|
||||||
self.user = user
|
|
||||||
self.url = url
|
self.url = url
|
||||||
|
|
||||||
|
|
||||||
|
|
@ -354,21 +351,16 @@ class NotHaveUpDownLoadPerm(JMSException):
|
||||||
default_detail = _('No upload or download permission')
|
default_detail = _('No upload or download permission')
|
||||||
|
|
||||||
|
|
||||||
class OTPBindRequiredError(JMSException):
|
|
||||||
default_detail = otp_unset_msg
|
|
||||||
|
|
||||||
def __init__(self, url, *args, **kwargs):
|
|
||||||
super().__init__(*args, **kwargs)
|
|
||||||
self.url = url
|
|
||||||
|
|
||||||
|
|
||||||
class MFACodeRequiredError(AuthFailedError):
|
class MFACodeRequiredError(AuthFailedError):
|
||||||
|
error = 'mfa_code_required'
|
||||||
msg = _("Please enter MFA code")
|
msg = _("Please enter MFA code")
|
||||||
|
|
||||||
|
|
||||||
class SMSCodeRequiredError(AuthFailedError):
|
class SMSCodeRequiredError(AuthFailedError):
|
||||||
|
error = 'sms_code_required'
|
||||||
msg = _("Please enter SMS code")
|
msg = _("Please enter SMS code")
|
||||||
|
|
||||||
|
|
||||||
class UserPhoneNotSet(AuthFailedError):
|
class UserPhoneNotSet(AuthFailedError):
|
||||||
|
error = 'phone_not_set'
|
||||||
msg = _('Phone not set')
|
msg = _('Phone not set')
|
||||||
|
|
|
||||||
|
|
@ -248,16 +248,24 @@ class MFAMixin:
|
||||||
get_user_from_session: Callable
|
get_user_from_session: Callable
|
||||||
get_request_ip: Callable
|
get_request_ip: Callable
|
||||||
|
|
||||||
|
def _check_if_no_active_mfa(self, user):
|
||||||
|
active_mfa_mapper = user.active_mfa_backends_mapper
|
||||||
|
if not active_mfa_mapper:
|
||||||
|
url = reverse('authentication:user-otp-enable-start')
|
||||||
|
raise errors.MFAUnsetError(user, self.request, url)
|
||||||
|
|
||||||
def _check_login_page_mfa_if_need(self, user):
|
def _check_login_page_mfa_if_need(self, user):
|
||||||
if not settings.SECURITY_MFA_IN_LOGIN_PAGE:
|
if not settings.SECURITY_MFA_IN_LOGIN_PAGE:
|
||||||
return
|
return
|
||||||
|
self._check_if_no_active_mfa(user)
|
||||||
|
|
||||||
request = self.request
|
request = self.request
|
||||||
data = request.data if hasattr(request, 'data') else request.POST
|
data = request.data if hasattr(request, 'data') else request.POST
|
||||||
code = data.get('code')
|
code = data.get('code')
|
||||||
mfa_type = data.get('mfa_type', 'otp')
|
mfa_type = data.get('mfa_type', 'otp')
|
||||||
|
|
||||||
if not code:
|
if not code:
|
||||||
raise errors.MFACodeRequiredError
|
return
|
||||||
self._do_check_user_mfa(code, mfa_type, user=user)
|
self._do_check_user_mfa(code, mfa_type, user=user)
|
||||||
|
|
||||||
def check_user_mfa_if_need(self, user):
|
def check_user_mfa_if_need(self, user):
|
||||||
|
|
@ -266,10 +274,9 @@ class MFAMixin:
|
||||||
if not user.mfa_enabled:
|
if not user.mfa_enabled:
|
||||||
return
|
return
|
||||||
|
|
||||||
|
self._check_if_no_active_mfa(user)
|
||||||
|
|
||||||
active_mfa_mapper = user.active_mfa_backends_mapper
|
active_mfa_mapper = user.active_mfa_backends_mapper
|
||||||
if not active_mfa_mapper:
|
|
||||||
url = reverse('authentication:user-otp-enable-start')
|
|
||||||
raise errors.MFAUnsetError(user, self.request, url)
|
|
||||||
raise errors.MFARequiredError(mfa_types=tuple(active_mfa_mapper.keys()))
|
raise errors.MFARequiredError(mfa_types=tuple(active_mfa_mapper.keys()))
|
||||||
|
|
||||||
def mark_mfa_ok(self, mfa_type):
|
def mark_mfa_ok(self, mfa_type):
|
||||||
|
|
|
||||||
|
|
@ -122,10 +122,10 @@ class UserLoginView(mixins.AuthMixin, FormView):
|
||||||
self.request.session.set_test_cookie()
|
self.request.session.set_test_cookie()
|
||||||
return self.render_to_response(context)
|
return self.render_to_response(context)
|
||||||
except (
|
except (
|
||||||
|
errors.MFAUnsetError,
|
||||||
errors.PasswordTooSimple,
|
errors.PasswordTooSimple,
|
||||||
errors.PasswordRequireResetError,
|
errors.PasswordRequireResetError,
|
||||||
errors.PasswordNeedUpdate,
|
errors.PasswordNeedUpdate
|
||||||
errors.OTPBindRequiredError
|
|
||||||
) as e:
|
) as e:
|
||||||
return redirect(e.url)
|
return redirect(e.url)
|
||||||
except (
|
except (
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue