infrastructure/blender-id
0
4
Fork 0
Code Issues 11 Pull Requests Projects Releases Wiki Activity

Initial mfa support (for internal users) #93591

Merged
Oleg-Komarov merged 46 commits from mfa into main 2024-08-29 11:44:06 +02:00
Conversation 0 Commits 46 Files Changed 45 +6 -6
4 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit e90e875c1b - Show all commits

4
bid_main/email.py
View File

@ -284,13 +284,13 @@ def construct_password_changed(user):
return email_body_txt, subject return email_body_txt, subject
def construct_new_mfa_device(user, device_type): def construct_mfa_new_device(user, device_type):
context = { context = {
"device_type": device_type, "device_type": device_type,
"user": user, "user": user,
} }
email_body_txt = loader.render_to_string( email_body_txt = loader.render_to_string(
"bid_main/emails/new_mfa_device.txt", context "bid_main/emails/mfa_new_device.txt", context
) )
subject = "Security alert: a new multi-factor authentication device added" subject = "Security alert: a new multi-factor authentication device added"

4
bid_main/tasks.py
View File

@ -46,12 +46,12 @@ def send_password_changed_email(user_pk):
@background(schedule={'action': TaskSchedule.RESCHEDULE_EXISTING}) @background(schedule={'action': TaskSchedule.RESCHEDULE_EXISTING})
def send_new_mfa_device_email(user_pk, device_type): def send_mfa_new_device_email(user_pk, device_type):
user = User.objects.get(pk=user_pk) user = User.objects.get(pk=user_pk)
log.info("sending a new mfa device email for account %s", user.pk) log.info("sending a new mfa device email for account %s", user.pk)
# sending only a text/plain email to reduce the room for look-alike phishing emails # sending only a text/plain email to reduce the room for look-alike phishing emails
email_body_txt, subject = bid_main.email.construct_new_mfa_device(user, device_type) email_body_txt, subject = bid_main.email.construct_mfa_new_device(user, device_type)
email = user.email email = user.email
send_mail( send_mail(

0
bid_main/templates/bid_main/emails/new_mfa_device.txt → bid_main/templates/bid_main/emails/mfa_new_device.txt
View File

4
bid_main/views/mfa.py
View File

@ -132,7 +132,7 @@ class TotpRegisterView(mixins.MfaRequiredIfConfiguredMixin, FormView):
def form_valid(self, form): def form_valid(self, form):
form.save() form.save()
if self.request.user.confirmed_email_at: if self.request.user.confirmed_email_at:
bid_main.tasks.send_new_mfa_device_email(self.request.user.pk, 'totp') bid_main.tasks.send_mfa_new_device_email(self.request.user.pk, 'totp')
return super().form_valid(form) return super().form_valid(form)
@ -161,7 +161,7 @@ class U2fRegisterView(mixins.MfaRequiredIfConfiguredMixin, FormView):
def form_valid(self, form): def form_valid(self, form):
form.save() form.save()
if self.request.user.confirmed_email_at: if self.request.user.confirmed_email_at:
bid_main.tasks.send_new_mfa_device_email(self.request.user.pk, 'u2f') bid_main.tasks.send_mfa_new_device_email(self.request.user.pk, 'u2f')
return super().form_valid(form) return super().form_valid(form)