bid_main/views/mixins.py

@@ -47,3 +47,13 @@ class MfaRequiredIfConfiguredMixin(AccessMixin):
             return self.handle_no_permission()
         decorator = otp_required(accept_trusted_agent=True, if_configured=True)
         return decorator(super().dispatch)(request, *args, **kwargs)
+
+
+class MfaRequiredMixin(AccessMixin):
+    """This mixin ensures an mfa check within the session."""
+
+    def dispatch(self, request, *args, **kwargs):
+        if not request.user.is_authenticated:
+            return self.handle_no_permission()
+        decorator = otp_required(accept_trusted_agent=False, if_configured=False)
+        return decorator(super().dispatch)(request, *args, **kwargs)