[Update] 基本完成登录二次审核

2025-09-11 12:19:41 +00:00 · 2019-10-30 13:18:11 +08:00
parent 517c682201
commit d0ba67ed50
27 changed files with 972 additions and 205 deletions
--- a/apps/authentication/api/auth.py
+++ b/apps/authentication/api/auth.py
@@ -1,6 +1,5 @@
 # -*- coding: utf-8 -*-
 #
-
 import uuid
 import time

@@ -8,19 +7,17 @@ from django.core.cache import cache
 from django.urls import reverse
 from django.shortcuts import get_object_or_404
 from django.utils.translation import ugettext as _
-
 from rest_framework.permissions import AllowAny
 from rest_framework.response import Response
 from rest_framework.generics import CreateAPIView
 from rest_framework.views import APIView

-from common.utils import get_logger, get_request_ip
+from common.utils import get_logger, get_request_ip, get_object_or_none
 from common.permissions import IsOrgAdminOrAppUser, IsValidUser
 from orgs.mixins.api import RootOrgViewMixin
 from users.serializers import UserSerializer
 from users.models import User
 from assets.models import Asset, SystemUser
-from audits.models import UserLoginLog as LoginLog
 from users.utils import (
    check_otp_code, increase_login_failed_count,
    is_block_login, clean_failed_count
@@ -33,7 +30,7 @@ from ..signals import post_auth_success, post_auth_failed
 logger = get_logger(__name__)
 __all__ = [
    'UserAuthApi', 'UserConnectionTokenApi', 'UserOtpAuthApi',
-    'UserOtpVerifyApi',
+    'UserOtpVerifyApi', 'UserOrderAcceptAuthApi',
 ]


@@ -209,3 +206,26 @@ class UserOtpVerifyApi(CreateAPIView):
        else:
            return Response({"error": "Code not valid"}, status=400)

+
+class UserOrderAcceptAuthApi(APIView):
+    permission_classes = ()
+
+    def get(self, request, *args, **kwargs):
+        from orders.models import LoginConfirmOrder
+        order_id = self.request.session.get("auth_order_id")
+        logger.debug('Login confirm order id: {}'.format(order_id))
+        if not order_id:
+            order = None
+        else:
+            order = get_object_or_none(LoginConfirmOrder, pk=order_id)
+        if not order:
+            error = _("No order found or order expired")
+            return Response({"error": error, "status": "not found"}, status=404)
+        if order.status == order.STATUS_ACCEPTED:
+            self.request.session["auth_confirm"] = "1"
+            return Response({"msg": "ok"})
+        elif order.status == order.STATUS_REJECTED:
+            error = _("Order was rejected by {}").format(order.assignee_display)
+        else:
+            error = "Order status: {}".format(order.status)
+        return Response({"error": error, "status": order.status}, status=400)
--- a/apps/authentication/api/token.py
+++ b/apps/authentication/api/token.py
@@ -71,7 +71,8 @@ class TokenCreateApi(CreateAPIView):
                raise MFARequiredError()
            self.send_auth_signal(success=True, user=user)
            clean_failed_count(username, ip)
-            return super().create(request, *args, **kwargs)
+            resp = super().create(request, *args, **kwargs)
+            return resp
        except AuthFailedError as e:
            increase_login_failed_count(username, ip)
            self.send_auth_signal(success=False, user=user, username=username, reason=str(e))
@@ -80,8 +81,8 @@ class TokenCreateApi(CreateAPIView):
            msg = _("MFA required")
            seed = uuid.uuid4().hex
            cache.set(seed, user.username, 300)
-            resp = {'msg': msg, "choices": ["otp"], "req": seed}
-            return Response(resp, status=300)
+            data = {'msg': msg, "choices": ["otp"], "req": seed}
+            return Response(data, status=300)

    def send_auth_signal(self, success=True, user=None, username='', reason=''):
        if success: