github/jumpserver
1
0
Fork 0
mirror of https://github.com/jumpserver/jumpserver.git synced 2025-09-04 08:55:40 +00:00
Code Issues Projects Releases Wiki Activity

[Update] 修改确认用户认证成功和绑定MFA的前后逻辑(解决绕过绑定MFA的漏洞;解决管理员重置用户MFA后自动退出的问题)

Browse Source
This commit is contained in:
BaiJiangJie
2020-01-03 15:26:38 +08:00
parent 352bfeeb7a
commit b072e98148
5 changed files with 35 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
apps/users/api/user.py
View File

@@ -179,5 +179,4 @@ class UserResetOTPApi(UserQuerysetMixin, generics.RetrieveAPIView):
if user.mfa_enabled:
user.reset_mfa()
user.save()
logout(request)
return Response({"msg": "success"})