[Update] 修改确认用户认证成功和绑定MFA的前后逻辑（解决绕过绑定MFA的漏洞；解决管理员重置用户MFA后自动退出的问题）

2025-09-04 17:01:09 +00:00 · 2020-01-03 15:26:38 +08:00
parent 352bfeeb7a
commit b072e98148
5 changed files with 35 additions and 20 deletions
--- a/apps/users/utils.py
+++ b/apps/users/utils.py
@@ -215,6 +215,12 @@ def set_tmp_user_to_cache(request, user, ttl=3600):
    cache.set(request.session.session_key+'user', user, ttl)


+def delete_tmp_user_for_cache(request):
+    if not request.session.session_key:
+        return None
+    cache.delete(request.session.session_key+'user')
+
+
 def redirect_user_first_login_or_index(request, redirect_field_name):
    if request.user.is_first_login:
        return reverse('users:user-first-login')