From 352bfeeb7a15189da787e1f0302a183f7db1a896 Mon Sep 17 00:00:00 2001
From: BaiJiangJie <bugatti_it@163.com>
Date: Fri, 3 Jan 2020 11:41:07 +0800
Subject: [PATCH 1/2] =?UTF-8?q?[Update]=20=E7=BB=91=E5=AE=9AMFA=E9=A1=B5?=
 =?UTF-8?q?=E9=9D=A2=EF=BC=88=E4=BA=8C=E7=BB=B4=E7=A0=81=E6=98=BE=E7=A4=BA?=
 =?UTF-8?q?=EF=BC=89?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 apps/templates/_without_nav_base.html                       | 1 +
 apps/users/templates/users/user_otp_enable_bind.html        | 3 +--
 apps/users/templates/users/user_otp_enable_install_app.html | 1 -
 3 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/apps/templates/_without_nav_base.html b/apps/templates/_without_nav_base.html
index f20324b5a..98bcb6189 100644
--- a/apps/templates/_without_nav_base.html
+++ b/apps/templates/_without_nav_base.html
@@ -10,6 +10,7 @@
 {#        <link rel="stylesheet" href="{% static 'fonts/font_otp/iconfont.css' %}" />#}
         <link rel="stylesheet" href="{% static 'css/otp.css' %}" />
         <script src="{% static 'js/jquery-3.1.1.min.js' %}"></script>
+        <script src="{% static "js/plugins/qrcode/qrcode.min.js" %}"></script>
         <script type="text/javascript" src="{% url 'javascript-catalog' %}"></script>
 	</head>
 
diff --git a/apps/users/templates/users/user_otp_enable_bind.html b/apps/users/templates/users/user_otp_enable_bind.html
index fbb361595..7aaa25236 100644
--- a/apps/users/templates/users/user_otp_enable_bind.html
+++ b/apps/users/templates/users/user_otp_enable_bind.html
@@ -15,8 +15,7 @@
             </strong>
         </p>
 
-        <div id="qr_code">
-        </div>
+        <div id="qr_code"></div>
         <div style="display: block; margin: 0">Secret: {{ otp_secret_key }}</div>
 
         <form class="" role="form" method="post" action="">
diff --git a/apps/users/templates/users/user_otp_enable_install_app.html b/apps/users/templates/users/user_otp_enable_install_app.html
index 47e55afbf..809296b2c 100644
--- a/apps/users/templates/users/user_otp_enable_install_app.html
+++ b/apps/users/templates/users/user_otp_enable_install_app.html
@@ -19,7 +19,6 @@
             <p>{% trans 'iPhone downloads' %}</p>
         </div>
 
-        <p style="margin: 20px auto;"></p>
         <p style="margin: 20px auto;"><strong style="color: #000000">{% trans 'After installation, click the next step to enter the binding page (if installed, go to the next step directly).' %}</strong></p>
     </div>
 

From b072e9814802c631dad0a4880ad0abe433affd2d Mon Sep 17 00:00:00 2001
From: BaiJiangJie <bugatti_it@163.com>
Date: Fri, 3 Jan 2020 15:26:38 +0800
Subject: [PATCH 2/2] =?UTF-8?q?[Update]=20=E4=BF=AE=E6=94=B9=E7=A1=AE?=
 =?UTF-8?q?=E8=AE=A4=E7=94=A8=E6=88=B7=E8=AE=A4=E8=AF=81=E6=88=90=E5=8A=9F?=
 =?UTF-8?q?=E5=92=8C=E7=BB=91=E5=AE=9AMFA=E7=9A=84=E5=89=8D=E5=90=8E?=
 =?UTF-8?q?=E9=80=BB=E8=BE=91=EF=BC=88=E8=A7=A3=E5=86=B3=E7=BB=95=E8=BF=87?=
 =?UTF-8?q?=E7=BB=91=E5=AE=9AMFA=E7=9A=84=E6=BC=8F=E6=B4=9E=EF=BC=9B?=
 =?UTF-8?q?=E8=A7=A3=E5=86=B3=E7=AE=A1=E7=90=86=E5=91=98=E9=87=8D=E7=BD=AE?=
 =?UTF-8?q?=E7=94=A8=E6=88=B7MFA=E5=90=8E=E8=87=AA=E5=8A=A8=E9=80=80?=
 =?UTF-8?q?=E5=87=BA=E7=9A=84=E9=97=AE=E9=A2=98=EF=BC=89?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 apps/authentication/mixins.py      |  2 +-
 apps/authentication/views/login.py |  9 ++++----
 apps/users/api/user.py             |  1 -
 apps/users/utils.py                |  6 +++++
 apps/users/views/profile.py        | 37 +++++++++++++++++++-----------
 5 files changed, 35 insertions(+), 20 deletions(-)

diff --git a/apps/authentication/mixins.py b/apps/authentication/mixins.py
index 6bd10c4c4..003027b0d 100644
--- a/apps/authentication/mixins.py
+++ b/apps/authentication/mixins.py
@@ -6,7 +6,7 @@ from django.conf import settings
 from common.utils import get_object_or_none, get_request_ip, get_logger
 from users.models import User
 from users.utils import (
-    is_block_login, clean_failed_count, increase_login_failed_count
+    is_block_login, clean_failed_count, increase_login_failed_count,
 )
 from . import errors
 from .utils import check_user_valid
diff --git a/apps/authentication/views/login.py b/apps/authentication/views/login.py
index 85244e85d..de3e0dd31 100644
--- a/apps/authentication/views/login.py
+++ b/apps/authentication/views/login.py
@@ -20,7 +20,7 @@ from django.urls import reverse_lazy
 
 from common.utils import get_request_ip, get_object_or_none
 from users.utils import (
-    redirect_user_first_login_or_index
+    redirect_user_first_login_or_index, set_tmp_user_to_cache
 )
 from .. import forms, mixins, errors
 
@@ -128,13 +128,14 @@ class UserLoginGuardView(mixins.AuthMixin, RedirectView):
         except errors.LoginConfirmBaseError:
             return self.format_redirect_url(self.login_confirm_url)
         else:
-            auth_login(self.request, user)
-            self.send_auth_signal(success=True, user=user)
-            self.clear_auth_mark()
             # 启用但是没有设置otp, 排除radius
             if user.mfa_enabled_but_not_set():
                 # 1,2,mfa_setting & F
+                set_tmp_user_to_cache(self.request, user)
                 return reverse('users:user-otp-enable-authentication')
+            auth_login(self.request, user)
+            self.send_auth_signal(success=True, user=user)
+            self.clear_auth_mark()
             url = redirect_user_first_login_or_index(
                 self.request, self.redirect_field_name
             )
diff --git a/apps/users/api/user.py b/apps/users/api/user.py
index f41ce152d..98dcbd91c 100644
--- a/apps/users/api/user.py
+++ b/apps/users/api/user.py
@@ -179,5 +179,4 @@ class UserResetOTPApi(UserQuerysetMixin, generics.RetrieveAPIView):
         if user.mfa_enabled:
             user.reset_mfa()
             user.save()
-            logout(request)
         return Response({"msg": "success"})
diff --git a/apps/users/utils.py b/apps/users/utils.py
index 6f6510622..5acb4df9a 100644
--- a/apps/users/utils.py
+++ b/apps/users/utils.py
@@ -215,6 +215,12 @@ def set_tmp_user_to_cache(request, user, ttl=3600):
     cache.set(request.session.session_key+'user', user, ttl)
 
 
+def delete_tmp_user_for_cache(request):
+    if not request.session.session_key:
+        return None
+    cache.delete(request.session.session_key+'user')
+
+
 def redirect_user_first_login_or_index(request, redirect_field_name):
     if request.user.is_first_login:
         return reverse('users:user-first-login')
diff --git a/apps/users/views/profile.py b/apps/users/views/profile.py
index 200247792..dc0359fa9 100644
--- a/apps/users/views/profile.py
+++ b/apps/users/views/profile.py
@@ -24,8 +24,10 @@ from common.permissions import (
 )
 from .. import forms
 from ..models import User
-from ..utils import generate_otp_uri, check_otp_code, \
-    get_user_or_tmp_user, get_password_check_rules, check_password_rules
+from ..utils import (
+    generate_otp_uri, check_otp_code, get_user_or_tmp_user,
+    delete_tmp_user_for_cache, check_password_rules, get_password_check_rules,
+)
 
 __all__ = [
     'UserProfileView',
@@ -163,6 +165,13 @@ class UserCheckPasswordView(FormView):
             success_url = reverse('users:user-otp-enable-install-app')
         return success_url
 
+    def get_context_data(self, **kwargs):
+        context = {
+            'user': get_user_or_tmp_user(self.request)
+        }
+        kwargs.update(context)
+        return super().get_context_data(**kwargs)
+
 
 class UserOtpEnableInstallAppView(TemplateView):
     template_name = 'users/user_otp_enable_install_app.html'
@@ -181,17 +190,6 @@ class UserOtpEnableBindView(TemplateView, FormView):
     form_class = forms.UserCheckOtpCodeForm
     success_url = reverse_lazy('users:user-otp-settings-success')
 
-    def get_context_data(self, **kwargs):
-        user = get_user_or_tmp_user(self.request)
-        otp_uri, otp_secret_key = generate_otp_uri(self.request)
-        context = {
-            'otp_uri': otp_uri,
-            'otp_secret_key': otp_secret_key,
-            'user': user
-        }
-        kwargs.update(context)
-        return super().get_context_data(**kwargs)
-
     def form_valid(self, form):
         otp_code = form.cleaned_data.get('otp_code')
         otp_secret_key = cache.get(self.request.session.session_key+'otp_key', '')
@@ -210,6 +208,17 @@ class UserOtpEnableBindView(TemplateView, FormView):
         user.otp_secret_key = otp_secret_key
         user.save()
 
+    def get_context_data(self, **kwargs):
+        user = get_user_or_tmp_user(self.request)
+        otp_uri, otp_secret_key = generate_otp_uri(self.request)
+        context = {
+            'otp_uri': otp_uri,
+            'otp_secret_key': otp_secret_key,
+            'user': user
+        }
+        kwargs.update(context)
+        return super().get_context_data(**kwargs)
+
 
 class UserDisableMFAView(FormView):
     template_name = 'users/user_disable_mfa.html'
@@ -258,6 +267,6 @@ class UserOtpSettingsSuccessView(TemplateView):
         if not user.mfa_enabled:
             title = _('MFA disable success')
             describe = _('MFA disable success, return login page')
-
+        delete_tmp_user_for_cache(self.request)
         return title, describe