From f762fe73ffaa963d5a5f843fd3945565effedc41 Mon Sep 17 00:00:00 2001
From: feng626 <1304903146@qq.com>
Date: Tue, 14 Sep 2021 18:50:27 +0800
Subject: [PATCH] =?UTF-8?q?fix:=20=E5=B7=A5=E5=8D=95=E6=8B=92=E7=BB=9D?=
 =?UTF-8?q?=E6=B8=85=E9=99=A4mfa?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 apps/authentication/mixins.py | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/apps/authentication/mixins.py b/apps/authentication/mixins.py
index 90785bb43..ef76c8b74 100644
--- a/apps/authentication/mixins.py
+++ b/apps/authentication/mixins.py
@@ -30,8 +30,8 @@ logger = get_logger(__name__)
 def check_backend_can_auth(username, backend_path, allowed_auth_backends):
     if allowed_auth_backends is not None and backend_path not in allowed_auth_backends:
         logger.debug('Skip user auth backend: {}, {} not in'.format(
-                username, backend_path, ','.join(allowed_auth_backends)
-            )
+            username, backend_path, ','.join(allowed_auth_backends)
+        )
         )
         return False
     return True
@@ -201,7 +201,7 @@ class AuthMixin(PasswordEncryptionViewMixin):
             data = request.POST
 
         items = ['username', 'password', 'challenge', 'public_key', 'auto_login']
-        username, password, challenge, public_key, auto_login = bulk_get(data, *items,  default='')
+        username, password, challenge, public_key, auto_login = bulk_get(data, *items, default='')
         ip = self.get_request_ip()
         self._set_partial_credential_error(username=username, ip=ip, request=request)
 
@@ -362,6 +362,12 @@ class AuthMixin(PasswordEncryptionViewMixin):
         self.request.session['auth_mfa_required'] = ''
         self.request.session['auth_mfa_type'] = mfa_type
 
+    def clean_mfa_mark(self):
+        self.request.session['auth_mfa'] = ''
+        self.request.session['auth_mfa_time'] = ''
+        self.request.session['auth_mfa_required'] = ''
+        self.request.session['auth_mfa_type'] = ''
+
     def check_mfa_is_block(self, username, ip, raise_exception=True):
         if MFABlockUtils(username, ip).is_block():
             logger.warn('Ip was blocked' + ': ' + username + ':' + ip)
@@ -413,10 +419,12 @@ class AuthMixin(PasswordEncryptionViewMixin):
             self.request.session["auth_confirm"] = "1"
             return
         elif ticket.state_reject:
+            self.clean_mfa_mark()
             raise errors.LoginConfirmOtherError(
                 ticket.id, ticket.get_state_display()
             )
         elif ticket.state_close:
+            self.clean_mfa_mark()
             raise errors.LoginConfirmOtherError(
                 ticket.id, ticket.get_state_display()
             )