[Update] 修改判断MFA是否全局启用的逻辑，放到User.otp_force_enabled中

2025-09-11 20:29:40 +00:00 · 2018-06-06 15:35:26 +08:00
parent fcd17460d7
commit b026e86741
4 changed files with 17 additions and 21 deletions
--- a/apps/users/models/user.py
+++ b/apps/users/models/user.py
@@ -14,6 +14,7 @@ from django.utils import timezone
 from django.shortcuts import reverse

 from common.utils import get_signer, date_expired_default
+from common.models import Setting


 __all__ = ['User']
@@ -248,10 +249,13 @@ class User(AbstractUser):

    @property
    def otp_enabled(self):
-        return self.otp_level > 0
+        return self.otp_force_enabled or self.otp_level > 0

    @property
    def otp_force_enabled(self):
+        mfa_setting = Setting.objects.filter(name='SECURITY_MFA_AUTH').first()
+        if mfa_setting and mfa_setting.cleaned_value:
+            return True
        return self.otp_level == 2

    def enable_otp(self):