Initial mfa support (for internal users) #93591
@ -12,6 +12,13 @@ Multi-factor Authentication Setup
|
|||||||
You have configured MFA for your account.
|
You have configured MFA for your account.
|
||||||
You can disable MFA at any time, but you have to pass the verification using your authentication device or a recovery code.
|
You can disable MFA at any time, but you have to pass the verification using your authentication device or a recovery code.
|
||||||
</p>
|
</p>
|
||||||
|
{% if devices_per_category.totp and not devices_per_category.recovery %}
|
||||||
|
<p class="text-danger">
|
||||||
|
Please make sure that you do not lock yourself out:
|
||||||
|
generate and store <a href="#recovery-codes">recovery codes</a> as a backup verification method.
|
||||||
|
If you lose your authenticator device you can use a recovery code to login and reconfigure your MFA methods.
|
||||||
|
</p>
|
||||||
|
{% endif %}
|
||||||
<p>
|
<p>
|
||||||
Every time you sign-in on a new device you will be asked to pass the MFA verification.
|
Every time you sign-in on a new device you will be asked to pass the MFA verification.
|
||||||
If you use the "remember this device" option, you won't be prompted for MFA verification for that device in the next {{ agent_trust_days }} days.
|
If you use the "remember this device" option, you won't be prompted for MFA verification for that device in the next {{ agent_trust_days }} days.
|
||||||
@ -39,13 +46,6 @@ Multi-factor Authentication Setup
|
|||||||
<p>
|
<p>
|
||||||
If you don't have an authenticator application, you can choose one from a list of <a href="https://en.wikipedia.org/wiki/Comparison_of_OTP_applications">TOTP applications</a>.
|
If you don't have an authenticator application, you can choose one from a list of <a href="https://en.wikipedia.org/wiki/Comparison_of_OTP_applications">TOTP applications</a>.
|
||||||
</p>
|
</p>
|
||||||
{% if devices_per_category.totp and not devices_per_category.recovery %}
|
|
||||||
<p class="text-danger">
|
|
||||||
Please make sure that you do not lock yourself out:
|
|
||||||
generate and store <a href="#recovery-codes">recovery codes</a> as a backup verification method.
|
|
||||||
If you lose your authenticator device you can use a recovery code to login and reconfigure your MFA methods.
|
|
||||||
</p>
|
|
||||||
{% endif %}
|
|
||||||
<ul>
|
<ul>
|
||||||
{% for d in devices_per_category.totp %}
|
{% for d in devices_per_category.totp %}
|
||||||
<li>
|
<li>
|
||||||
@ -70,7 +70,7 @@ Multi-factor Authentication Setup
|
|||||||
<div class="mb-3">
|
<div class="mb-3">
|
||||||
{% with code_count=recovery_codes|length %}
|
{% with code_count=recovery_codes|length %}
|
||||||
{{ code_count }} recovery code{{ code_count|pluralize }} remaining
|
{{ code_count }} recovery code{{ code_count|pluralize }} remaining
|
||||||
{% if recovery_codes %}
|
{% if display_recovery_codes %}
|
||||||
<a href="?display_recovery_codes=" class="btn">Hide</a>
|
<a href="?display_recovery_codes=" class="btn">Hide</a>
|
||||||
{% else %}
|
{% else %}
|
||||||
<a href="?display_recovery_codes=1#recovery-codes" class="btn">Display</a>
|
<a href="?display_recovery_codes=1#recovery-codes" class="btn">Display</a>
|
||||||
@ -78,8 +78,7 @@ Multi-factor Authentication Setup
|
|||||||
<form action="{% url 'bid_main:mfa_invalidate_recovery' %}" method="post" class="d-inline-flex">{% csrf_token %}
|
<form action="{% url 'bid_main:mfa_invalidate_recovery' %}" method="post" class="d-inline-flex">{% csrf_token %}
|
||||||
<button class="btn-danger" type="submit">Invalidate</button>
|
<button class="btn-danger" type="submit">Invalidate</button>
|
||||||
</form>
|
</form>
|
||||||
{# populated on display_recovery_codes=1 #}
|
{% if display_recovery_codes %}
|
||||||
{% if recovery_codes %}
|
|
||||||
<ul>
|
<ul>
|
||||||
Oleg-Komarov marked this conversation as resolved
|
|||||||
{% for code in recovery_codes %}
|
{% for code in recovery_codes %}
|
||||||
<li><code>{{ code }}</code></li>
|
<li><code>{{ code }}</code></li>
|
||||||
|
@ -33,7 +33,7 @@ class MfaView(mixins.MfaRequiredIfConfiguredMixin, TemplateView):
|
|||||||
recovery_codes = []
|
recovery_codes = []
|
||||||
user_can_setup_recovery = False
|
user_can_setup_recovery = False
|
||||||
devices_per_category = user.mfa_devices_per_category()
|
devices_per_category = user.mfa_devices_per_category()
|
||||||
if self.request.GET.get('display_recovery_codes') and 'recovery' in devices_per_category:
|
if 'recovery' in devices_per_category:
|
||||||
recovery_device = devices_per_category['recovery'][0]
|
recovery_device = devices_per_category['recovery'][0]
|
||||||
recovery_codes = [t.encrypted_token for t in recovery_device.encryptedtoken_set.all()]
|
recovery_codes = [t.encrypted_token for t in recovery_device.encryptedtoken_set.all()]
|
||||||
if devices_per_category.keys() - {'recovery'}:
|
if devices_per_category.keys() - {'recovery'}:
|
||||||
@ -42,6 +42,7 @@ class MfaView(mixins.MfaRequiredIfConfiguredMixin, TemplateView):
|
|||||||
'agent_inactivity_days': settings.AGENT_INACTIVITY_DAYS,
|
'agent_inactivity_days': settings.AGENT_INACTIVITY_DAYS,
|
||||||
'agent_trust_days': settings.AGENT_TRUST_DAYS,
|
'agent_trust_days': settings.AGENT_TRUST_DAYS,
|
||||||
'devices_per_category': devices_per_category,
|
'devices_per_category': devices_per_category,
|
||||||
|
'display_recovery_codes': self.request.GET.get('display_recovery_codes'),
|
||||||
'recovery_codes': recovery_codes,
|
'recovery_codes': recovery_codes,
|
||||||
'user_can_setup_recovery': user_can_setup_recovery,
|
'user_can_setup_recovery': user_can_setup_recovery,
|
||||||
'user_has_mfa_configured': bool(devices_per_category),
|
'user_has_mfa_configured': bool(devices_per_category),
|
||||||
|
Loading…
Reference in New Issue
Block a user
"will be invalided" or "will become invalid"