mirror of
https://github.com/dkmstr/openuds.git
synced 2024-12-24 21:34:41 +03:00
merged 3.5-mfa till now
This commit is contained in:
parent
365e2c56d3
commit
0d281af982
@ -37,7 +37,7 @@ from django.utils import timezone
|
||||
|
||||
from uds.core.util import os_detector as OsDetector
|
||||
from uds.core.util.config import GlobalConfig
|
||||
from uds.core.auths.auth import EXPIRY_KEY, ROOT_ID, USER_KEY, getRootUser, webLogout
|
||||
from uds.core.auths.auth import AUTHORIZED_KEY, EXPIRY_KEY, ROOT_ID, USER_KEY, getRootUser, webLogout
|
||||
from uds.models import User
|
||||
|
||||
if typing.TYPE_CHECKING:
|
||||
@ -65,6 +65,7 @@ class GlobalRequestMiddleware:
|
||||
def __call__(self, request: 'ExtendedHttpRequest'):
|
||||
# Add IP to request
|
||||
GlobalRequestMiddleware.fillIps(request)
|
||||
request.authorized = request.session.get(AUTHORIZED_KEY, False)
|
||||
|
||||
# Ensures request contains os
|
||||
request.os = OsDetector.getOsFromUA(
|
||||
@ -96,6 +97,10 @@ class GlobalRequestMiddleware:
|
||||
|
||||
response = self._get_response(request)
|
||||
|
||||
# Update authorized on session
|
||||
if hasattr(request, 'session'):
|
||||
request.session[AUTHORIZED_KEY] = request.authorized
|
||||
|
||||
return self._process_response(request, response)
|
||||
|
||||
@staticmethod
|
||||
|
@ -57,6 +57,7 @@ from uds.web.util import configjs
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
CSRF_FIELD = 'csrfmiddlewaretoken'
|
||||
MFA_COOKIE_NAME = 'mfa_status'
|
||||
|
||||
if typing.TYPE_CHECKING:
|
||||
from uds import models
|
||||
@ -114,9 +115,9 @@ def login(
|
||||
|
||||
# If MFA is provided, we need to redirect to MFA page
|
||||
request.authorized = True
|
||||
if user.manager.getType().providesMfa() and user.manager.mfa:
|
||||
authInstance = user.manager.getInstance()
|
||||
if authInstance.mfaIdentifier():
|
||||
if loginResult.user.manager.getType().providesMfa() and loginResult.user.manager.mfa:
|
||||
authInstance = loginResult.user.manager.getInstance()
|
||||
if authInstance.mfaIdentifier(loginResult.user.name):
|
||||
request.authorized = (
|
||||
False # We can ask for MFA so first disauthorize user
|
||||
)
|
||||
|
Loading…
Reference in New Issue
Block a user