infrastructure/blender-id
0
4
Fork 0
Code Issues 11 Pull Requests Projects Releases Wiki Activity

Initial mfa support (for internal users) #93591

Merged
Oleg-Komarov merged 46 commits from mfa into main 2024-08-29 11:44:06 +02:00
Conversation 0 Commits 46 Files Changed 45 +7 -2
2 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit 1377fcfc47 - Show all commits

4
bid_main/templates/bid_main/mfa/setup.html
View File

@ -12,11 +12,11 @@ Multi-factor Authentication Setup
You have configured MFA for your account.
You can disable MFA at any time, but you have to pass the verification using your authentication device or a recovery code.
</p>
{% if devices_per_category.totp and not devices_per_category.recovery %}
{% if show_missing_recovery_codes_warning %}
<p class="text-danger">
Please make sure that you do not lock yourself out:
generate and store <a href="#recovery-codes">recovery codes</a> as a backup verification method.
If you lose your authenticator device you can use a recovery code to login and reconfigure your MFA methods.
If you lose your authenticator device or a security key you can use a recovery code to login and reconfigure your MFA methods.
</p>
{% endif %}
<p>

5
bid_main/views/mfa.py
View File

@ -34,6 +34,7 @@ class MfaView(mixins.MfaRequiredIfConfiguredMixin, TemplateView):
def get_context_data(self, **kwargs):
user = self.request.user
recovery_codes = []
show_missing_recovery_codes_warning = False
user_can_setup_recovery = False
devices_per_category = user.mfa_devices_per_category()
if 'recovery' in devices_per_category:
@ -41,12 +42,16 @@ class MfaView(mixins.MfaRequiredIfConfiguredMixin, TemplateView):
recovery_codes = [t.encrypted_token for t in recovery_device.encryptedtoken_set.all()]
if devices_per_category.keys() - {'recovery'}:
user_can_setup_recovery = True
if user_can_setup_recovery and 'recovery' not in devices_per_category:
show_missing_recovery_codes_warning = True
return {
'agent_inactivity_days': settings.AGENT_INACTIVITY_DAYS,
'agent_trust_days': settings.AGENT_TRUST_DAYS,
'devices_per_category': devices_per_category,
'display_recovery_codes': self.request.GET.get('display_recovery_codes'),
'recovery_codes': recovery_codes,
'show_missing_recovery_codes_warning': show_missing_recovery_codes_warning,
'user_can_setup_recovery': user_can_setup_recovery,
'user_has_mfa_configured': bool(devices_per_category),
}