infrastructure/blender-id
0
4
Fork 0
Code Issues 11 Pull Requests Projects Releases Wiki Activity

Initial mfa support (for internal users) #93591

Merged
Oleg-Komarov merged 46 commits from mfa into main 2024-08-29 11:44:06 +02:00
Conversation 0 Commits 46 Files Changed 45 +7 -2
2 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit 1377fcfc47 - Show all commits

4
bid_main/templates/bid_main/mfa/setup.html
View File

@ -12,11 +12,11 @@ Multi-factor Authentication Setup
You have configured MFA for your account. You have configured MFA for your account.
You can disable MFA at any time, but you have to pass the verification using your authentication device or a recovery code. You can disable MFA at any time, but you have to pass the verification using your authentication device or a recovery code.
</p> </p>
{% if devices_per_category.totp and not devices_per_category.recovery %} {% if show_missing_recovery_codes_warning %}
<p class="text-danger"> <p class="text-danger">
Please make sure that you do not lock yourself out: Please make sure that you do not lock yourself out:
generate and store <a href="#recovery-codes">recovery codes</a> as a backup verification method. generate and store <a href="#recovery-codes">recovery codes</a> as a backup verification method.
If you lose your authenticator device you can use a recovery code to login and reconfigure your MFA methods. If you lose your authenticator device or a security key you can use a recovery code to login and reconfigure your MFA methods.
</p> </p>
{% endif %} {% endif %}
<p> <p>

5
bid_main/views/mfa.py
View File

@ -34,6 +34,7 @@ class MfaView(mixins.MfaRequiredIfConfiguredMixin, TemplateView):
def get_context_data(self, **kwargs): def get_context_data(self, **kwargs):
user = self.request.user user = self.request.user
recovery_codes = [] recovery_codes = []
show_missing_recovery_codes_warning = False
user_can_setup_recovery = False user_can_setup_recovery = False
devices_per_category = user.mfa_devices_per_category() devices_per_category = user.mfa_devices_per_category()
if 'recovery' in devices_per_category: if 'recovery' in devices_per_category:
@ -41,12 +42,16 @@ class MfaView(mixins.MfaRequiredIfConfiguredMixin, TemplateView):
recovery_codes = [t.encrypted_token for t in recovery_device.encryptedtoken_set.all()] recovery_codes = [t.encrypted_token for t in recovery_device.encryptedtoken_set.all()]
if devices_per_category.keys() - {'recovery'}: if devices_per_category.keys() - {'recovery'}:
user_can_setup_recovery = True user_can_setup_recovery = True
if user_can_setup_recovery and 'recovery' not in devices_per_category:
show_missing_recovery_codes_warning = True
return { return {
'agent_inactivity_days': settings.AGENT_INACTIVITY_DAYS, 'agent_inactivity_days': settings.AGENT_INACTIVITY_DAYS,
'agent_trust_days': settings.AGENT_TRUST_DAYS, 'agent_trust_days': settings.AGENT_TRUST_DAYS,
'devices_per_category': devices_per_category, 'devices_per_category': devices_per_category,
'display_recovery_codes': self.request.GET.get('display_recovery_codes'), 'display_recovery_codes': self.request.GET.get('display_recovery_codes'),
'recovery_codes': recovery_codes, 'recovery_codes': recovery_codes,
'show_missing_recovery_codes_warning': show_missing_recovery_codes_warning,
'user_can_setup_recovery': user_can_setup_recovery, 'user_can_setup_recovery': user_can_setup_recovery,
'user_has_mfa_configured': bool(devices_per_category), 'user_has_mfa_configured': bool(devices_per_category),
} }