Show More
@@ -194,7 +194,7 b' class BaseAppView(object):' | |||
|
194 | 194 | if not user_obj: |
|
195 | 195 | return |
|
196 | 196 | |
|
197 |
if user_obj. |
|
|
197 | if user_obj.check_2fa_required and view_name != self.VERIFY_2FA_VIEW: | |
|
198 | 198 | raise HTTPFound(self.request.route_path(self.VERIFY_2FA_VIEW)) |
|
199 | 199 | |
|
200 | 200 | def _log_creation_exception(self, e, repo_name): |
@@ -188,7 +188,7 b' class LoginView(BaseAppView):' | |||
|
188 | 188 | # form checks for username/password, now we're authenticated |
|
189 | 189 | username = form_result['username'] |
|
190 | 190 | if (user := User.get_by_username_or_primary_email(username)).has_enabled_2fa: |
|
191 |
user. |
|
|
191 | user.check_2fa_required = True | |
|
192 | 192 | |
|
193 | 193 | headers = store_user_in_session( |
|
194 | 194 | self.session, |
@@ -495,7 +495,7 b' class LoginView(BaseAppView):' | |||
|
495 | 495 | secret = form_details['secret_totp'] |
|
496 | 496 | |
|
497 | 497 | user_instance.init_2fa_recovery_codes(persist=True, force=True) |
|
498 |
user_instance. |
|
|
498 | user_instance.2fa_secret = secret | |
|
499 | 499 | |
|
500 | 500 | Session().commit() |
|
501 | 501 | raise HTTPFound(self.request.route_path('my_account_configure_2fa', _query={'show-recovery-codes': 1})) |
@@ -538,10 +538,10 b' class LoginView(BaseAppView):' | |||
|
538 | 538 | if self.request.method == 'POST': |
|
539 | 539 | post_items = dict(self.request.POST) |
|
540 | 540 | # NOTE: inject secret, as it's a post configured saved item. |
|
541 |
post_items['secret_totp'] = user_instance. |
|
|
541 | post_items['secret_totp'] = user_instance.secret_2fa | |
|
542 | 542 | try: |
|
543 | 543 | totp_form.to_python(post_items) |
|
544 |
user_instance. |
|
|
544 | user_instance.check_2fa_required = False | |
|
545 | 545 | Session().commit() |
|
546 | 546 | raise HTTPFound(c.came_from) |
|
547 | 547 | except formencode.Invalid as errors: |
@@ -258,7 +258,7 b' class MyAccountView(BaseAppView, DataGri' | |||
|
258 | 258 | |
|
259 | 259 | post_items = dict(self.request.POST) |
|
260 | 260 | # NOTE: inject secret, as it's a post configured saved item. |
|
261 |
post_items['secret_totp'] = user_instance. |
|
|
261 | post_items['secret_totp'] = user_instance.secret_2fa | |
|
262 | 262 | try: |
|
263 | 263 | totp_form.to_python(post_items) |
|
264 | 264 | user_instance.regenerate_2fa_recovery_codes() |
@@ -839,15 +839,15 b' class User(Base, BaseModel):' | |||
|
839 | 839 | Session().commit() |
|
840 | 840 | |
|
841 | 841 | @hybrid_property |
|
842 |
def |
|
|
842 | def check_2fa_required(self): | |
|
843 | 843 | """ |
|
844 | 844 | Check if check 2fa flag is set for this user |
|
845 | 845 | """ |
|
846 | 846 | value = self.user_data.get('check_2fa', False) |
|
847 | 847 | return value |
|
848 | 848 | |
|
849 |
@ |
|
|
850 |
def |
|
|
849 | @check_2fa_required.setter | |
|
850 | def check_2fa_required(self, val): | |
|
851 | 851 | val = str2bool(val) |
|
852 | 852 | self.update_userdata(check_2fa=val) |
|
853 | 853 | Session().commit() |
@@ -918,7 +918,11 b' class User(Base, BaseModel):' | |||
|
918 | 918 | return secret |
|
919 | 919 | return '' |
|
920 | 920 | |
|
921 | def get_secret_2fa(self) -> str: | |
|
921 | @hybrid_property | |
|
922 | def secret_2fa(self) -> str: | |
|
923 | """ | |
|
924 | get stored secret for 2fa | |
|
925 | """ | |
|
922 | 926 | secret_2fa = self.user_data.get('secret_2fa') |
|
923 | 927 | if secret_2fa: |
|
924 | 928 | strict_mode = ConfigGet().get_bool('rhodecode.encrypted_values.strict', missing=True) |
@@ -926,7 +930,8 b' class User(Base, BaseModel):' | |||
|
926 | 930 | enc_utils.decrypt_value(secret_2fa, enc_key=ENCRYPTION_KEY, strict_mode=strict_mode)) |
|
927 | 931 | return '' |
|
928 | 932 | |
|
929 | def set_2fa_secret(self, value): | |
|
933 | @secret_2fa.setter | |
|
934 | def secret_2fa(self, value: str) -> None: | |
|
930 | 935 | encrypted_value = enc_utils.encrypt_value(safe_bytes(value), enc_key=ENCRYPTION_KEY) |
|
931 | 936 | self.update_userdata(secret_2fa=safe_str(encrypted_value)) |
|
932 | 937 |
General Comments 0
You need to be logged in to leave comments.
Login now