# HG changeset patch # User RhodeCode Admin # Date 2024-04-24 16:06:20 # Node ID ced3d33bd7a2b163b10a90538943aa5ac3780223 # Parent 834643be1fad2bc50d7c600120e0496c28b570fe chore(2fa): refactor some attributes for users diff --git a/rhodecode/apps/_base/__init__.py b/rhodecode/apps/_base/__init__.py --- a/rhodecode/apps/_base/__init__.py +++ b/rhodecode/apps/_base/__init__.py @@ -194,7 +194,7 @@ class BaseAppView(object): if not user_obj: return - if user_obj.has_check_2fa_flag and view_name != self.VERIFY_2FA_VIEW: + if user_obj.check_2fa_required and view_name != self.VERIFY_2FA_VIEW: raise HTTPFound(self.request.route_path(self.VERIFY_2FA_VIEW)) def _log_creation_exception(self, e, repo_name): diff --git a/rhodecode/apps/login/views.py b/rhodecode/apps/login/views.py --- a/rhodecode/apps/login/views.py +++ b/rhodecode/apps/login/views.py @@ -188,7 +188,7 @@ class LoginView(BaseAppView): # form checks for username/password, now we're authenticated username = form_result['username'] if (user := User.get_by_username_or_primary_email(username)).has_enabled_2fa: - user.has_check_2fa_flag = True + user.check_2fa_required = True headers = store_user_in_session( self.session, @@ -495,7 +495,7 @@ class LoginView(BaseAppView): secret = form_details['secret_totp'] user_instance.init_2fa_recovery_codes(persist=True, force=True) - user_instance.set_2fa_secret(secret) + user_instance.2fa_secret = secret Session().commit() raise HTTPFound(self.request.route_path('my_account_configure_2fa', _query={'show-recovery-codes': 1})) @@ -538,10 +538,10 @@ class LoginView(BaseAppView): if self.request.method == 'POST': post_items = dict(self.request.POST) # NOTE: inject secret, as it's a post configured saved item. - post_items['secret_totp'] = user_instance.get_secret_2fa() + post_items['secret_totp'] = user_instance.secret_2fa try: totp_form.to_python(post_items) - user_instance.has_check_2fa_flag = False + user_instance.check_2fa_required = False Session().commit() raise HTTPFound(c.came_from) except formencode.Invalid as errors: diff --git a/rhodecode/apps/my_account/views/my_account.py b/rhodecode/apps/my_account/views/my_account.py --- a/rhodecode/apps/my_account/views/my_account.py +++ b/rhodecode/apps/my_account/views/my_account.py @@ -258,7 +258,7 @@ class MyAccountView(BaseAppView, DataGri post_items = dict(self.request.POST) # NOTE: inject secret, as it's a post configured saved item. - post_items['secret_totp'] = user_instance.get_secret_2fa() + post_items['secret_totp'] = user_instance.secret_2fa try: totp_form.to_python(post_items) user_instance.regenerate_2fa_recovery_codes() diff --git a/rhodecode/model/db.py b/rhodecode/model/db.py --- a/rhodecode/model/db.py +++ b/rhodecode/model/db.py @@ -839,15 +839,15 @@ class User(Base, BaseModel): Session().commit() @hybrid_property - def has_check_2fa_flag(self): + def check_2fa_required(self): """ Check if check 2fa flag is set for this user """ value = self.user_data.get('check_2fa', False) return value - @has_check_2fa_flag.setter - def has_check_2fa_flag(self, val): + @check_2fa_required.setter + def check_2fa_required(self, val): val = str2bool(val) self.update_userdata(check_2fa=val) Session().commit() @@ -918,7 +918,11 @@ class User(Base, BaseModel): return secret return '' - def get_secret_2fa(self) -> str: + @hybrid_property + def secret_2fa(self) -> str: + """ + get stored secret for 2fa + """ secret_2fa = self.user_data.get('secret_2fa') if secret_2fa: strict_mode = ConfigGet().get_bool('rhodecode.encrypted_values.strict', missing=True) @@ -926,7 +930,8 @@ class User(Base, BaseModel): enc_utils.decrypt_value(secret_2fa, enc_key=ENCRYPTION_KEY, strict_mode=strict_mode)) return '' - def set_2fa_secret(self, value): + @secret_2fa.setter + def secret_2fa(self, value: str) -> None: encrypted_value = enc_utils.encrypt_value(safe_bytes(value), enc_key=ENCRYPTION_KEY) self.update_userdata(secret_2fa=safe_str(encrypted_value))