From 30fe5214c781b1e2b59704af251ed1e8bd0de318 Mon Sep 17 00:00:00 2001 From: fit2bot <68588906+fit2bot@users.noreply.github.com> Date: Wed, 10 Aug 2022 11:03:51 +0800 Subject: [PATCH] =?UTF-8?q?fix:=20=E5=A2=9E=E5=8A=A0=E4=B8=8A=E4=BA=86?= =?UTF-8?q?=E7=AC=AC=E4=B8=89=E6=96=B9=E7=94=A8=E6=88=B7=E7=99=BB=E5=BD=95?= =?UTF-8?q?=E5=A4=B1=E8=B4=A5=E7=9A=84=E5=8E=9F=E5=9B=A0=20(#8714)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * feat: OAuth2.0登录方式加上用户登录规则校验 * fix: 修复第三方用户登录规则(复核)问题 * fix: 增加上了第三方用户登录失败的原因 * fix: 修改变量名称 Co-authored-by: huangzhiwen --- apps/authentication/api/login_confirm.py | 2 ++ apps/authentication/middleware.py | 9 ++++++++- apps/authentication/signal_handlers.py | 2 +- 3 files changed, 11 insertions(+), 2 deletions(-) diff --git a/apps/authentication/api/login_confirm.py b/apps/authentication/api/login_confirm.py index 22594b88e..71613348c 100644 --- a/apps/authentication/api/login_confirm.py +++ b/apps/authentication/api/login_confirm.py @@ -17,8 +17,10 @@ class TicketStatusApi(mixins.AuthMixin, APIView): def get(self, request, *args, **kwargs): try: self.check_user_login_confirm() + self.request.session['auth_third_party_done'] = 1 return Response({"msg": "ok"}) except errors.NeedMoreInfoError as e: + self.send_auth_signal(success=False, reason=e.as_data().get('msg')) return Response(e.as_data(), status=200) def delete(self, request, *args, **kwargs): diff --git a/apps/authentication/middleware.py b/apps/authentication/middleware.py index 9411b09a6..9a55bdfa2 100644 --- a/apps/authentication/middleware.py +++ b/apps/authentication/middleware.py @@ -10,6 +10,7 @@ from django.contrib.auth import logout as auth_logout from apps.authentication import mixins from common.utils import gen_key_pair from common.utils import get_request_ip +from .signals import post_auth_failed class MFAMiddleware: @@ -62,8 +63,13 @@ class ThirdPartyLoginMiddleware(mixins.AuthMixin): return response ip = get_request_ip(request) try: + self.request = request self._check_login_acl(request.user, ip) except Exception as e: + post_auth_failed.send( + sender=self.__class__, username=request.user.username, + request=self.request, reason=e.msg + ) auth_logout(request) context = { 'title': _('Authentication failed'), @@ -72,7 +78,8 @@ class ThirdPartyLoginMiddleware(mixins.AuthMixin): 'redirect_url': reverse('authentication:login'), 'auto_redirect': True, } - response = render(request, 'authentication/auth_fail_flash_message_standalone.html', context) + response = render( + request, 'authentication/auth_fail_flash_message_standalone.html', context) else: guard_url = reverse('authentication:login-guard') args = request.META.get('QUERY_STRING', '') diff --git a/apps/authentication/signal_handlers.py b/apps/authentication/signal_handlers.py index 68d8c0531..e7be3465c 100644 --- a/apps/authentication/signal_handlers.py +++ b/apps/authentication/signal_handlers.py @@ -29,7 +29,7 @@ def on_user_auth_login_success(sender, user, request, **kwargs): and user.mfa_enabled \ and not request.session.get('auth_mfa'): request.session['auth_mfa_required'] = 1 - if request.session.get('auth_backend') in AUTHENTICATION_BACKENDS_THIRD_PARTY: + if not request.session.get("auth_third_party_done") and request.session.get('auth_backend') in AUTHENTICATION_BACKENDS_THIRD_PARTY: request.session['auth_third_party_required'] = 1 # 单点登录,超过了自动退出 if settings.USER_LOGIN_SINGLE_MACHINE_ENABLED: