github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #3588 from jumpserver/dev_mfa 

Dev mfa
pull/3591/head
BaiJiangJie 2020-01-03 15:31:43 +08:00 committed by GitHub
parent 1d7bdd5f5f b072e98148
commit f62f750266
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
8 changed files with 37 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
apps/authentication/mixins.py
View File

@ -6,7 +6,7 @@ from django.conf import settings
from common.utils import get_object_or_none, get_request_ip, get_logger
from users.models import User
from users.utils import (
is_block_login, clean_failed_count, increase_login_failed_count
is_block_login, clean_failed_count, increase_login_failed_count,
)
from . import errors
from .utils import check_user_valid

9
apps/authentication/views/login.py
View File

@ -20,7 +20,7 @@ from django.urls import reverse_lazy
from common.utils import get_request_ip, get_object_or_none
from users.utils import (
redirect_user_first_login_or_index
redirect_user_first_login_or_index, set_tmp_user_to_cache
)
from .. import forms, mixins, errors
@ -128,13 +128,14 @@ class UserLoginGuardView(mixins.AuthMixin, RedirectView):
except errors.LoginConfirmBaseError:
return self.format_redirect_url(self.login_confirm_url)
else:
auth_login(self.request, user)
self.send_auth_signal(success=True, user=user)
self.clear_auth_mark()
# 启用但是没有设置otp, 排除radius
if user.mfa_enabled_but_not_set():
# 1,2,mfa_setting & F
set_tmp_user_to_cache(self.request, user)
return reverse('users:user-otp-enable-authentication')
auth_login(self.request, user)
self.send_auth_signal(success=True, user=user)
self.clear_auth_mark()
url = redirect_user_first_login_or_index(
self.request, self.redirect_field_name
)

1
apps/templates/_without_nav_base.html
View File

@ -10,6 +10,7 @@
{# <link rel="stylesheet" href="{% static 'fonts/font_otp/iconfont.css' %}" />#}
<link rel="stylesheet" href="{% static 'css/otp.css' %}" />
<script src="{% static 'js/jquery-3.1.1.min.js' %}"></script>
<script src="{% static "js/plugins/qrcode/qrcode.min.js" %}"></script>
<script type="text/javascript" src="{% url 'javascript-catalog' %}"></script>
</head>

1
apps/users/api/user.py
View File

@ -179,5 +179,4 @@ class UserResetOTPApi(UserQuerysetMixin, generics.RetrieveAPIView):
if user.mfa_enabled:
user.reset_mfa()
user.save()
logout(request)
return Response({"msg": "success"})

3
apps/users/templates/users/user_otp_enable_bind.html
View File

@ -15,8 +15,7 @@
</strong>
</p>
<div id="qr_code">
</div>
<div id="qr_code"></div>
<div style="display: block; margin: 0">Secret: {{ otp_secret_key }}</div>
<form class="" role="form" method="post" action="">

1
apps/users/templates/users/user_otp_enable_install_app.html
View File

@ -19,7 +19,6 @@
<p>{% trans 'iPhone downloads' %}</p>
</div>
<p style="margin: 20px auto;"></p>
<p style="margin: 20px auto;"><strong style="color: #000000">{% trans 'After installation, click the next step to enter the binding page (if installed, go to the next step directly).' %}</strong></p>
</div>

6
apps/users/utils.py
View File

@ -215,6 +215,12 @@ def set_tmp_user_to_cache(request, user, ttl=3600):
cache.set(request.session.session_key+'user', user, ttl)
def delete_tmp_user_for_cache(request):
if not request.session.session_key:
return None
cache.delete(request.session.session_key+'user')
def redirect_user_first_login_or_index(request, redirect_field_name):
if request.user.is_first_login:
return reverse('users:user-first-login')

37
apps/users/views/profile.py
View File

@ -24,8 +24,10 @@ from common.permissions import (
)
from .. import forms
from ..models import User
from ..utils import generate_otp_uri, check_otp_code, \
get_user_or_tmp_user, get_password_check_rules, check_password_rules
from ..utils import (
generate_otp_uri, check_otp_code, get_user_or_tmp_user,
delete_tmp_user_for_cache, check_password_rules, get_password_check_rules,
)
__all__ = [
'UserProfileView',
@ -163,6 +165,13 @@ class UserCheckPasswordView(FormView):
success_url = reverse('users:user-otp-enable-install-app')
return success_url
def get_context_data(self, **kwargs):
context = {
'user': get_user_or_tmp_user(self.request)
}
kwargs.update(context)
return super().get_context_data(**kwargs)
class UserOtpEnableInstallAppView(TemplateView):
template_name = 'users/user_otp_enable_install_app.html'
@ -181,17 +190,6 @@ class UserOtpEnableBindView(TemplateView, FormView):
form_class = forms.UserCheckOtpCodeForm
success_url = reverse_lazy('users:user-otp-settings-success')
def get_context_data(self, **kwargs):
user = get_user_or_tmp_user(self.request)
otp_uri, otp_secret_key = generate_otp_uri(self.request)
context = {
'otp_uri': otp_uri,
'otp_secret_key': otp_secret_key,
'user': user
}
kwargs.update(context)
return super().get_context_data(**kwargs)
def form_valid(self, form):
otp_code = form.cleaned_data.get('otp_code')
otp_secret_key = cache.get(self.request.session.session_key+'otp_key', '')
@ -210,6 +208,17 @@ class UserOtpEnableBindView(TemplateView, FormView):
user.otp_secret_key = otp_secret_key
user.save()
def get_context_data(self, **kwargs):
user = get_user_or_tmp_user(self.request)
otp_uri, otp_secret_key = generate_otp_uri(self.request)
context = {
'otp_uri': otp_uri,
'otp_secret_key': otp_secret_key,
'user': user
}
kwargs.update(context)
return super().get_context_data(**kwargs)
class UserDisableMFAView(FormView):
template_name = 'users/user_disable_mfa.html'
@ -258,6 +267,6 @@ class UserOtpSettingsSuccessView(TemplateView):
if not user.mfa_enabled:
title = _('MFA disable success')
describe = _('MFA disable success, return login page')
delete_tmp_user_for_cache(self.request)
return title, describe