Fix api error when 2fa enabled

2025-09-18 00:00:00 +00:00 · 2016-08-08 15:59:19 +08:00
parent c53791f27a
commit c255735326
3 changed files with 28 additions and 5 deletions
--- a/seahub/api2/serializers.py
+++ b/seahub/api2/serializers.py
@@ -72,7 +72,7 @@ class AuthTokenSerializer(serializers.Serializer):
        else:
            raise serializers.ValidationError('Must include "username" and "password"')

-        self._two_factor_auth(self.context['request'], username)
+        self._two_factor_auth(self.context['request'], user)

        # Now user is authenticated
        if v2:
@@ -82,15 +82,15 @@ class AuthTokenSerializer(serializers.Serializer):
            token = get_token_v1(username)
        return token.key

-    def _two_factor_auth(self, request, username):
-        if not has_two_factor_auth() or not two_factor_auth_enabled(username):
+    def _two_factor_auth(self, request, user):
+        if not has_two_factor_auth() or not two_factor_auth_enabled(user):
            return
        token = request.META.get('HTTP_X_SEAFILE_OTP', '')
        if not token:
            self.two_factor_auth_failed = True
            msg = 'Two factor auth token is missing.'
            raise serializers.ValidationError(msg)
-        if not verify_two_factor_token(username, token):
+        if not verify_two_factor_token(user.username, token):
            self.two_factor_auth_failed = True
            msg = 'Two factor auth token is invalid.'
            raise serializers.ValidationError(msg)
--- a/seahub/api2/views_auth.py
+++ b/seahub/api2/views_auth.py
@@ -43,7 +43,7 @@ class ClientLoginTokenView(APIView):

    @json_response
    def post(self, request, format=None):
-        if has_two_factor_auth() and two_factor_auth_enabled(request.user.username):
+        if has_two_factor_auth() and two_factor_auth_enabled(request.user):
            return {}
        randstr = gen_token(max_length=32)
        token = ClientLoginToken(randstr, request.user.username)
--- a/tests/api/test_serializers.py
+++ b/tests/api/test_serializers.py
@@ -0,0 +1,23 @@
+from mock import patch
+
+from seahub.test_utils import BaseTestCase
+from seahub.api2.serializers import AuthTokenSerializer
+
+
+class AuthTokenSerializerTest(BaseTestCase):
+    def test_validate(self):
+        s = AuthTokenSerializer(data={
+            'username': self.user.username,
+            'password': self.user_password,
+        }, context={'request': self.fake_request})
+        assert s.is_valid() is True
+
+    @patch('seahub.api2.serializers.has_two_factor_auth')
+    def test_two_factor_auth(self, mock_has_two_factor_auth):
+        mock_has_two_factor_auth.return_value = True
+
+        s = AuthTokenSerializer(data={
+            'username': self.user.username,
+            'password': self.user_password,
+        }, context={'request': self.fake_request})
+        assert s.is_valid() is True