infrastructure/blender-id
0
4
Fork 0
Code Issues 11 Pull Requests Projects Releases Wiki Activity

Initial mfa support (for internal users) #93591

Merged
Oleg-Komarov merged 46 commits from mfa into main 2024-08-29 11:44:06 +02:00
Conversation 0 Commits 46 Files Changed 45 +12 -4
3 changed files with 12 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit ee03f062a4 - Show all commits

8
bid_main/templates/bid_main/mfa/setup.html
View File

@ -10,9 +10,13 @@ Multi-factor Authentication Setup
{% if user_has_mfa_configured %} {% if user_has_mfa_configured %}
<p> <p>
You have configured MFA for your account. You have configured MFA for your account.
You can disable MFA at any time, but you have to sign-in using your authentication device or a recovery code. You can disable MFA at any time, but you have to pass the verification using your authentication device or a recovery code.
</p>
<p>
Every time you sign-in on a new device you will be asked to pass the MFA verification.
If you use the "remember this device" option, you won't be prompted for MFA verification for that device in the next {{ agent_trust_days }} days.
Verification also expires after {{ agent_inactivity_days }} days of inactivity.
</p> </p>
<p>TODO explain remember me and trusted days</p>
<div> <div>
<a class="btn btn-danger" href="{% url 'bid_main:mfa_disable' %}">Disable</a> <a class="btn btn-danger" href="{% url 'bid_main:mfa_disable' %}">Disable</a>
</div> </div>

3
bid_main/views/mfa.py
View File

@ -2,6 +2,7 @@ from base64 import b32encode, b64encode
from binascii import unhexlify from binascii import unhexlify
from io import BytesIO from io import BytesIO
from django.conf import settings
from django.db import transaction from django.db import transaction
from django.http import Http404, HttpResponseBadRequest from django.http import Http404, HttpResponseBadRequest
from django.shortcuts import redirect from django.shortcuts import redirect
@ -37,6 +38,8 @@ class MfaView(mixins.MfaRequiredIfConfiguredMixin, TemplateView):
if devices_per_category.keys() - {'recovery'}: if devices_per_category.keys() - {'recovery'}:
user_can_setup_recovery = True user_can_setup_recovery = True
return { return {
'agent_inactivity_days': settings.AGENT_INACTIVITY_DAYS,
'agent_trust_days': settings.AGENT_TRUST_DAYS,
'devices_per_category': devices_per_category, 'devices_per_category': devices_per_category,
'recovery_codes': recovery_codes, 'recovery_codes': recovery_codes,
'user_can_setup_recovery': user_can_setup_recovery, 'user_can_setup_recovery': user_can_setup_recovery,

5
mfa/forms.py
View File

@ -1,6 +1,7 @@
from binascii import unhexlify from binascii import unhexlify
from django import forms from django import forms
from django.conf import settings
from django.core.signing import BadSignature, TimestampSigner from django.core.signing import BadSignature, TimestampSigner
from django.core.validators import RegexValidator from django.core.validators import RegexValidator
from django.utils.translation import gettext_lazy as _ from django.utils.translation import gettext_lazy as _
@ -44,8 +45,8 @@ class MfaForm(OTPTokenForm):
otp_trust_agent = self.fields["otp_trust_agent"] otp_trust_agent = self.fields["otp_trust_agent"]
otp_trust_agent.help_text = _( otp_trust_agent.help_text = _(
"We won't ask for MFA next time you sign-in on this device. " f"We won't ask for MFA on this device in the next {settings.AGENT_TRUST_DAYS} days. "
"Use only on your private device." f"Use only on your private device."
) )
otp_trust_agent.initial = False otp_trust_agent.initial = False
otp_trust_agent.label = _("Remember this device") otp_trust_agent.label = _("Remember this device")