1
0
mirror of https://github.com/dkmstr/openuds.git synced 2024-12-24 21:34:41 +03:00

Fixed auth mfaIdentifier to provide userName

This commit is contained in:
Adolfo Gómez García 2022-06-27 21:30:59 +02:00
parent 4db98684d3
commit 77e021a371
2 changed files with 5 additions and 2 deletions

View File

@ -290,13 +290,15 @@ class Authenticator(Module): # pylint: disable=too-many-public-methods
"""
return []
def mfaIdentifier(self) -> str:
def mfaIdentifier(self, username: str) -> str:
"""
If this method is provided by an authenticator, the user will be allowed to enter a MFA code
You must return the value used by a MFA provider to identify the user (i.e. email, phone number, etc)
If not provided, or the return value is '', the user will be allowed to access UDS without MFA
Note: Field capture will be responsible of provider. Put it on MFA tab of user form.
Take into consideration that mfaIdentifier will never be invoked if the user has not been
previously authenticated. (that is, authenticate method has already been called)
"""
return ''

View File

@ -139,7 +139,7 @@ def authCallback_stage2(
request.authorized = True
if authenticator.getType().providesMfa() and authenticator.mfa:
authInstance = authenticator.getInstance()
if authInstance.mfaIdentifier():
if authInstance.mfaIdentifier(user.name):
request.authorized = False # We can ask for MFA so first disauthorize user
response = HttpResponseRedirect(
reverse('page.mfa')
@ -256,6 +256,7 @@ def ticketAuth(
webLogin(request, None, usr, password)
request.user = usr # Temporarily store this user as "authenticated" user, next requests will be done using session
request.authorized = True # User is authorized
request.session['ticket'] = '1' # Store that user access is done using ticket
# Transport must always be automatic for ticket authentication