##// END OF EJS Templates
chore(2fa): refactor some attributes for users
super-admin -
r5374:ced3d33b default
parent child Browse files
Show More
@@ -194,7 +194,7 b' class BaseAppView(object):'
194 194 if not user_obj:
195 195 return
196 196
197 if user_obj.has_check_2fa_flag and view_name != self.VERIFY_2FA_VIEW:
197 if user_obj.check_2fa_required and view_name != self.VERIFY_2FA_VIEW:
198 198 raise HTTPFound(self.request.route_path(self.VERIFY_2FA_VIEW))
199 199
200 200 def _log_creation_exception(self, e, repo_name):
@@ -188,7 +188,7 b' class LoginView(BaseAppView):'
188 188 # form checks for username/password, now we're authenticated
189 189 username = form_result['username']
190 190 if (user := User.get_by_username_or_primary_email(username)).has_enabled_2fa:
191 user.has_check_2fa_flag = True
191 user.check_2fa_required = True
192 192
193 193 headers = store_user_in_session(
194 194 self.session,
@@ -495,7 +495,7 b' class LoginView(BaseAppView):'
495 495 secret = form_details['secret_totp']
496 496
497 497 user_instance.init_2fa_recovery_codes(persist=True, force=True)
498 user_instance.set_2fa_secret(secret)
498 user_instance.2fa_secret = secret
499 499
500 500 Session().commit()
501 501 raise HTTPFound(self.request.route_path('my_account_configure_2fa', _query={'show-recovery-codes': 1}))
@@ -538,10 +538,10 b' class LoginView(BaseAppView):'
538 538 if self.request.method == 'POST':
539 539 post_items = dict(self.request.POST)
540 540 # NOTE: inject secret, as it's a post configured saved item.
541 post_items['secret_totp'] = user_instance.get_secret_2fa()
541 post_items['secret_totp'] = user_instance.secret_2fa
542 542 try:
543 543 totp_form.to_python(post_items)
544 user_instance.has_check_2fa_flag = False
544 user_instance.check_2fa_required = False
545 545 Session().commit()
546 546 raise HTTPFound(c.came_from)
547 547 except formencode.Invalid as errors:
@@ -258,7 +258,7 b' class MyAccountView(BaseAppView, DataGri'
258 258
259 259 post_items = dict(self.request.POST)
260 260 # NOTE: inject secret, as it's a post configured saved item.
261 post_items['secret_totp'] = user_instance.get_secret_2fa()
261 post_items['secret_totp'] = user_instance.secret_2fa
262 262 try:
263 263 totp_form.to_python(post_items)
264 264 user_instance.regenerate_2fa_recovery_codes()
@@ -839,15 +839,15 b' class User(Base, BaseModel):'
839 839 Session().commit()
840 840
841 841 @hybrid_property
842 def has_check_2fa_flag(self):
842 def check_2fa_required(self):
843 843 """
844 844 Check if check 2fa flag is set for this user
845 845 """
846 846 value = self.user_data.get('check_2fa', False)
847 847 return value
848 848
849 @has_check_2fa_flag.setter
850 def has_check_2fa_flag(self, val):
849 @check_2fa_required.setter
850 def check_2fa_required(self, val):
851 851 val = str2bool(val)
852 852 self.update_userdata(check_2fa=val)
853 853 Session().commit()
@@ -918,7 +918,11 b' class User(Base, BaseModel):'
918 918 return secret
919 919 return ''
920 920
921 def get_secret_2fa(self) -> str:
921 @hybrid_property
922 def secret_2fa(self) -> str:
923 """
924 get stored secret for 2fa
925 """
922 926 secret_2fa = self.user_data.get('secret_2fa')
923 927 if secret_2fa:
924 928 strict_mode = ConfigGet().get_bool('rhodecode.encrypted_values.strict', missing=True)
@@ -926,7 +930,8 b' class User(Base, BaseModel):'
926 930 enc_utils.decrypt_value(secret_2fa, enc_key=ENCRYPTION_KEY, strict_mode=strict_mode))
927 931 return ''
928 932
929 def set_2fa_secret(self, value):
933 @secret_2fa.setter
934 def secret_2fa(self, value: str) -> None:
930 935 encrypted_value = enc_utils.encrypt_value(safe_bytes(value), enc_key=ENCRYPTION_KEY)
931 936 self.update_userdata(secret_2fa=safe_str(encrypted_value))
932 937
General Comments 0
You need to be logged in to leave comments. Login now