From 4c4f544f0d47cc2af0b5dcba8b05ebac4379e205 Mon Sep 17 00:00:00 2001 From: xinwen Date: Thu, 25 Feb 2021 07:44:06 +0800 Subject: [PATCH] =?UTF-8?q?fix:=20=E4=BF=AE=E5=A4=8D=E7=A6=81=E7=94=A8=20M?= =?UTF-8?q?FA=20=E5=90=8E=E8=BF=98=E5=8F=AF=E4=BB=A5=E7=94=A8=20MFA=20?= =?UTF-8?q?=E6=9F=A5=E7=9C=8B=E5=AF=86=E7=A0=81=E5=8C=A3=E5=AD=90?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- apps/users/exceptions.py | 10 ++++++++++ apps/users/models/user.py | 4 ++++ 2 files changed, 14 insertions(+) create mode 100644 apps/users/exceptions.py diff --git a/apps/users/exceptions.py b/apps/users/exceptions.py new file mode 100644 index 000000000..ff873d3dc --- /dev/null +++ b/apps/users/exceptions.py @@ -0,0 +1,10 @@ +from django.utils.translation import gettext_lazy as _ +from rest_framework import status + +from common.exceptions import JMSException + + +class MFANotEnabled(JMSException): + status_code = status.HTTP_403_FORBIDDEN + default_code = 'mfa_not_enabled' + default_detail = _('MFA not enabled') diff --git a/apps/users/models/user.py b/apps/users/models/user.py index 1d8590ed0..9cdd49ee7 100644 --- a/apps/users/models/user.py +++ b/apps/users/models/user.py @@ -22,6 +22,7 @@ from common.utils import date_expired_default, get_logger, lazyproperty from common import fields from common.const import choices from common.db.models import ChoiceSet +from users.exceptions import MFANotEnabled from ..signals import post_user_change_password @@ -489,6 +490,9 @@ class MFAMixin: return check_otp_code(self.otp_secret_key, code) def check_mfa(self, code): + if not self.mfa_enabled: + raise MFANotEnabled + if settings.OTP_IN_RADIUS: return self.check_radius(code) else: