diff --git a/apps/authentication/mixins.py b/apps/authentication/mixins.py index 6bd10c4c4..003027b0d 100644 --- a/apps/authentication/mixins.py +++ b/apps/authentication/mixins.py @@ -6,7 +6,7 @@ from django.conf import settings from common.utils import get_object_or_none, get_request_ip, get_logger from users.models import User from users.utils import ( - is_block_login, clean_failed_count, increase_login_failed_count + is_block_login, clean_failed_count, increase_login_failed_count, ) from . import errors from .utils import check_user_valid diff --git a/apps/authentication/views/login.py b/apps/authentication/views/login.py index 85244e85d..de3e0dd31 100644 --- a/apps/authentication/views/login.py +++ b/apps/authentication/views/login.py @@ -20,7 +20,7 @@ from django.urls import reverse_lazy from common.utils import get_request_ip, get_object_or_none from users.utils import ( - redirect_user_first_login_or_index + redirect_user_first_login_or_index, set_tmp_user_to_cache ) from .. import forms, mixins, errors @@ -128,13 +128,14 @@ class UserLoginGuardView(mixins.AuthMixin, RedirectView): except errors.LoginConfirmBaseError: return self.format_redirect_url(self.login_confirm_url) else: - auth_login(self.request, user) - self.send_auth_signal(success=True, user=user) - self.clear_auth_mark() # 启用但是没有设置otp, 排除radius if user.mfa_enabled_but_not_set(): # 1,2,mfa_setting & F + set_tmp_user_to_cache(self.request, user) return reverse('users:user-otp-enable-authentication') + auth_login(self.request, user) + self.send_auth_signal(success=True, user=user) + self.clear_auth_mark() url = redirect_user_first_login_or_index( self.request, self.redirect_field_name ) diff --git a/apps/templates/_without_nav_base.html b/apps/templates/_without_nav_base.html index f20324b5a..98bcb6189 100644 --- a/apps/templates/_without_nav_base.html +++ b/apps/templates/_without_nav_base.html @@ -10,6 +10,7 @@ {# #} + diff --git a/apps/users/api/user.py b/apps/users/api/user.py index f41ce152d..98dcbd91c 100644 --- a/apps/users/api/user.py +++ b/apps/users/api/user.py @@ -179,5 +179,4 @@ class UserResetOTPApi(UserQuerysetMixin, generics.RetrieveAPIView): if user.mfa_enabled: user.reset_mfa() user.save() - logout(request) return Response({"msg": "success"}) diff --git a/apps/users/templates/users/user_otp_enable_bind.html b/apps/users/templates/users/user_otp_enable_bind.html index fbb361595..7aaa25236 100644 --- a/apps/users/templates/users/user_otp_enable_bind.html +++ b/apps/users/templates/users/user_otp_enable_bind.html @@ -15,8 +15,7 @@

-
-
+
Secret: {{ otp_secret_key }}
diff --git a/apps/users/templates/users/user_otp_enable_install_app.html b/apps/users/templates/users/user_otp_enable_install_app.html index 47e55afbf..809296b2c 100644 --- a/apps/users/templates/users/user_otp_enable_install_app.html +++ b/apps/users/templates/users/user_otp_enable_install_app.html @@ -19,7 +19,6 @@

{% trans 'iPhone downloads' %}

-

{% trans 'After installation, click the next step to enter the binding page (if installed, go to the next step directly).' %}

diff --git a/apps/users/utils.py b/apps/users/utils.py index 6f6510622..5acb4df9a 100644 --- a/apps/users/utils.py +++ b/apps/users/utils.py @@ -215,6 +215,12 @@ def set_tmp_user_to_cache(request, user, ttl=3600): cache.set(request.session.session_key+'user', user, ttl) +def delete_tmp_user_for_cache(request): + if not request.session.session_key: + return None + cache.delete(request.session.session_key+'user') + + def redirect_user_first_login_or_index(request, redirect_field_name): if request.user.is_first_login: return reverse('users:user-first-login') diff --git a/apps/users/views/profile.py b/apps/users/views/profile.py index 200247792..dc0359fa9 100644 --- a/apps/users/views/profile.py +++ b/apps/users/views/profile.py @@ -24,8 +24,10 @@ from common.permissions import ( ) from .. import forms from ..models import User -from ..utils import generate_otp_uri, check_otp_code, \ - get_user_or_tmp_user, get_password_check_rules, check_password_rules +from ..utils import ( + generate_otp_uri, check_otp_code, get_user_or_tmp_user, + delete_tmp_user_for_cache, check_password_rules, get_password_check_rules, +) __all__ = [ 'UserProfileView', @@ -163,6 +165,13 @@ class UserCheckPasswordView(FormView): success_url = reverse('users:user-otp-enable-install-app') return success_url + def get_context_data(self, **kwargs): + context = { + 'user': get_user_or_tmp_user(self.request) + } + kwargs.update(context) + return super().get_context_data(**kwargs) + class UserOtpEnableInstallAppView(TemplateView): template_name = 'users/user_otp_enable_install_app.html' @@ -181,17 +190,6 @@ class UserOtpEnableBindView(TemplateView, FormView): form_class = forms.UserCheckOtpCodeForm success_url = reverse_lazy('users:user-otp-settings-success') - def get_context_data(self, **kwargs): - user = get_user_or_tmp_user(self.request) - otp_uri, otp_secret_key = generate_otp_uri(self.request) - context = { - 'otp_uri': otp_uri, - 'otp_secret_key': otp_secret_key, - 'user': user - } - kwargs.update(context) - return super().get_context_data(**kwargs) - def form_valid(self, form): otp_code = form.cleaned_data.get('otp_code') otp_secret_key = cache.get(self.request.session.session_key+'otp_key', '') @@ -210,6 +208,17 @@ class UserOtpEnableBindView(TemplateView, FormView): user.otp_secret_key = otp_secret_key user.save() + def get_context_data(self, **kwargs): + user = get_user_or_tmp_user(self.request) + otp_uri, otp_secret_key = generate_otp_uri(self.request) + context = { + 'otp_uri': otp_uri, + 'otp_secret_key': otp_secret_key, + 'user': user + } + kwargs.update(context) + return super().get_context_data(**kwargs) + class UserDisableMFAView(FormView): template_name = 'users/user_disable_mfa.html' @@ -258,6 +267,6 @@ class UserOtpSettingsSuccessView(TemplateView): if not user.mfa_enabled: title = _('MFA disable success') describe = _('MFA disable success, return login page') - + delete_tmp_user_for_cache(self.request) return title, describe