forked from shaba/openuds
Fixed auth mfaIdentifier to provide userName
This commit is contained in:
parent
4db98684d3
commit
77e021a371
@ -290,13 +290,15 @@ class Authenticator(Module): # pylint: disable=too-many-public-methods
|
||||
"""
|
||||
return []
|
||||
|
||||
def mfaIdentifier(self) -> str:
|
||||
def mfaIdentifier(self, username: str) -> str:
|
||||
"""
|
||||
If this method is provided by an authenticator, the user will be allowed to enter a MFA code
|
||||
You must return the value used by a MFA provider to identify the user (i.e. email, phone number, etc)
|
||||
If not provided, or the return value is '', the user will be allowed to access UDS without MFA
|
||||
|
||||
Note: Field capture will be responsible of provider. Put it on MFA tab of user form.
|
||||
Take into consideration that mfaIdentifier will never be invoked if the user has not been
|
||||
previously authenticated. (that is, authenticate method has already been called)
|
||||
"""
|
||||
return ''
|
||||
|
||||
|
@ -139,7 +139,7 @@ def authCallback_stage2(
|
||||
request.authorized = True
|
||||
if authenticator.getType().providesMfa() and authenticator.mfa:
|
||||
authInstance = authenticator.getInstance()
|
||||
if authInstance.mfaIdentifier():
|
||||
if authInstance.mfaIdentifier(user.name):
|
||||
request.authorized = False # We can ask for MFA so first disauthorize user
|
||||
response = HttpResponseRedirect(
|
||||
reverse('page.mfa')
|
||||
@ -256,6 +256,7 @@ def ticketAuth(
|
||||
webLogin(request, None, usr, password)
|
||||
|
||||
request.user = usr # Temporarily store this user as "authenticated" user, next requests will be done using session
|
||||
request.authorized = True # User is authorized
|
||||
request.session['ticket'] = '1' # Store that user access is done using ticket
|
||||
|
||||
# Transport must always be automatic for ticket authentication
|
||||
|
Loading…
Reference in New Issue
Block a user