merged 3.5-mfa till now

2022-06-28 16:38:25 +02:00 · 2022-06-28 16:38:25 +02:00 · 0d281af982
commit 0d281af982
parent 365e2c56d3
2 changed files with 10 additions and 4 deletions
--- a/server/src/uds/core/util/middleware/request.py
+++ b/server/src/uds/core/util/middleware/request.py
@ -37,7 +37,7 @@ from django.utils import timezone

 from uds.core.util import os_detector as OsDetector
 from uds.core.util.config import GlobalConfig
-from uds.core.auths.auth import EXPIRY_KEY, ROOT_ID, USER_KEY, getRootUser, webLogout
+from uds.core.auths.auth import AUTHORIZED_KEY, EXPIRY_KEY, ROOT_ID, USER_KEY, getRootUser, webLogout
 from uds.models import User

 if typing.TYPE_CHECKING:
@ -65,6 +65,7 @@ class GlobalRequestMiddleware:
    def __call__(self, request: 'ExtendedHttpRequest'):
        # Add IP to request
        GlobalRequestMiddleware.fillIps(request)
+        request.authorized = request.session.get(AUTHORIZED_KEY, False)

        # Ensures request contains os
        request.os = OsDetector.getOsFromUA(
@ -96,6 +97,10 @@ class GlobalRequestMiddleware:

        response = self._get_response(request)

+        # Update authorized on session
+        if hasattr(request, 'session'):
+            request.session[AUTHORIZED_KEY] = request.authorized
+
        return self._process_response(request, response)

    @staticmethod
--- a/server/src/uds/web/views/modern.py
+++ b/server/src/uds/web/views/modern.py
@ -57,6 +57,7 @@ from uds.web.util import configjs
 logger = logging.getLogger(__name__)

 CSRF_FIELD = 'csrfmiddlewaretoken'
+MFA_COOKIE_NAME = 'mfa_status'

 if typing.TYPE_CHECKING:
    from uds import models
@ -114,9 +115,9 @@ def login(

            # If MFA is provided, we need to redirect to MFA page
            request.authorized = True
-            if user.manager.getType().providesMfa() and user.manager.mfa:
-                authInstance = user.manager.getInstance()
-                if authInstance.mfaIdentifier():
+            if loginResult.user.manager.getType().providesMfa() and loginResult.user.manager.mfa:
+                authInstance = loginResult.user.manager.getInstance()
+                if authInstance.mfaIdentifier(loginResult.user.name):
                    request.authorized = (
                        False  # We can ask for MFA so first disauthorize user
                    )