Show More
@@ -194,7 +194,7 b' class BaseAppView(object):' | |||||
194 | if not user_obj: |
|
194 | if not user_obj: | |
195 | return |
|
195 | return | |
196 |
|
196 | |||
197 |
if user_obj. |
|
197 | if user_obj.check_2fa_required and view_name != self.VERIFY_2FA_VIEW: | |
198 | raise HTTPFound(self.request.route_path(self.VERIFY_2FA_VIEW)) |
|
198 | raise HTTPFound(self.request.route_path(self.VERIFY_2FA_VIEW)) | |
199 |
|
199 | |||
200 | def _log_creation_exception(self, e, repo_name): |
|
200 | def _log_creation_exception(self, e, repo_name): |
@@ -188,7 +188,7 b' class LoginView(BaseAppView):' | |||||
188 | # form checks for username/password, now we're authenticated |
|
188 | # form checks for username/password, now we're authenticated | |
189 | username = form_result['username'] |
|
189 | username = form_result['username'] | |
190 | if (user := User.get_by_username_or_primary_email(username)).has_enabled_2fa: |
|
190 | if (user := User.get_by_username_or_primary_email(username)).has_enabled_2fa: | |
191 |
user. |
|
191 | user.check_2fa_required = True | |
192 |
|
192 | |||
193 | headers = store_user_in_session( |
|
193 | headers = store_user_in_session( | |
194 | self.session, |
|
194 | self.session, | |
@@ -495,7 +495,7 b' class LoginView(BaseAppView):' | |||||
495 | secret = form_details['secret_totp'] |
|
495 | secret = form_details['secret_totp'] | |
496 |
|
496 | |||
497 | user_instance.init_2fa_recovery_codes(persist=True, force=True) |
|
497 | user_instance.init_2fa_recovery_codes(persist=True, force=True) | |
498 |
user_instance. |
|
498 | user_instance.2fa_secret = secret | |
499 |
|
499 | |||
500 | Session().commit() |
|
500 | Session().commit() | |
501 | raise HTTPFound(self.request.route_path('my_account_configure_2fa', _query={'show-recovery-codes': 1})) |
|
501 | raise HTTPFound(self.request.route_path('my_account_configure_2fa', _query={'show-recovery-codes': 1})) | |
@@ -538,10 +538,10 b' class LoginView(BaseAppView):' | |||||
538 | if self.request.method == 'POST': |
|
538 | if self.request.method == 'POST': | |
539 | post_items = dict(self.request.POST) |
|
539 | post_items = dict(self.request.POST) | |
540 | # NOTE: inject secret, as it's a post configured saved item. |
|
540 | # NOTE: inject secret, as it's a post configured saved item. | |
541 |
post_items['secret_totp'] = user_instance. |
|
541 | post_items['secret_totp'] = user_instance.secret_2fa | |
542 | try: |
|
542 | try: | |
543 | totp_form.to_python(post_items) |
|
543 | totp_form.to_python(post_items) | |
544 |
user_instance. |
|
544 | user_instance.check_2fa_required = False | |
545 | Session().commit() |
|
545 | Session().commit() | |
546 | raise HTTPFound(c.came_from) |
|
546 | raise HTTPFound(c.came_from) | |
547 | except formencode.Invalid as errors: |
|
547 | except formencode.Invalid as errors: |
@@ -258,7 +258,7 b' class MyAccountView(BaseAppView, DataGri' | |||||
258 |
|
258 | |||
259 | post_items = dict(self.request.POST) |
|
259 | post_items = dict(self.request.POST) | |
260 | # NOTE: inject secret, as it's a post configured saved item. |
|
260 | # NOTE: inject secret, as it's a post configured saved item. | |
261 |
post_items['secret_totp'] = user_instance. |
|
261 | post_items['secret_totp'] = user_instance.secret_2fa | |
262 | try: |
|
262 | try: | |
263 | totp_form.to_python(post_items) |
|
263 | totp_form.to_python(post_items) | |
264 | user_instance.regenerate_2fa_recovery_codes() |
|
264 | user_instance.regenerate_2fa_recovery_codes() |
@@ -839,15 +839,15 b' class User(Base, BaseModel):' | |||||
839 | Session().commit() |
|
839 | Session().commit() | |
840 |
|
840 | |||
841 | @hybrid_property |
|
841 | @hybrid_property | |
842 |
def |
|
842 | def check_2fa_required(self): | |
843 | """ |
|
843 | """ | |
844 | Check if check 2fa flag is set for this user |
|
844 | Check if check 2fa flag is set for this user | |
845 | """ |
|
845 | """ | |
846 | value = self.user_data.get('check_2fa', False) |
|
846 | value = self.user_data.get('check_2fa', False) | |
847 | return value |
|
847 | return value | |
848 |
|
848 | |||
849 |
@ |
|
849 | @check_2fa_required.setter | |
850 |
def |
|
850 | def check_2fa_required(self, val): | |
851 | val = str2bool(val) |
|
851 | val = str2bool(val) | |
852 | self.update_userdata(check_2fa=val) |
|
852 | self.update_userdata(check_2fa=val) | |
853 | Session().commit() |
|
853 | Session().commit() | |
@@ -918,7 +918,11 b' class User(Base, BaseModel):' | |||||
918 | return secret |
|
918 | return secret | |
919 | return '' |
|
919 | return '' | |
920 |
|
920 | |||
921 | def get_secret_2fa(self) -> str: |
|
921 | @hybrid_property | |
|
922 | def secret_2fa(self) -> str: | |||
|
923 | """ | |||
|
924 | get stored secret for 2fa | |||
|
925 | """ | |||
922 | secret_2fa = self.user_data.get('secret_2fa') |
|
926 | secret_2fa = self.user_data.get('secret_2fa') | |
923 | if secret_2fa: |
|
927 | if secret_2fa: | |
924 | strict_mode = ConfigGet().get_bool('rhodecode.encrypted_values.strict', missing=True) |
|
928 | strict_mode = ConfigGet().get_bool('rhodecode.encrypted_values.strict', missing=True) | |
@@ -926,7 +930,8 b' class User(Base, BaseModel):' | |||||
926 | enc_utils.decrypt_value(secret_2fa, enc_key=ENCRYPTION_KEY, strict_mode=strict_mode)) |
|
930 | enc_utils.decrypt_value(secret_2fa, enc_key=ENCRYPTION_KEY, strict_mode=strict_mode)) | |
927 | return '' |
|
931 | return '' | |
928 |
|
932 | |||
929 | def set_2fa_secret(self, value): |
|
933 | @secret_2fa.setter | |
|
934 | def secret_2fa(self, value: str) -> None: | |||
930 | encrypted_value = enc_utils.encrypt_value(safe_bytes(value), enc_key=ENCRYPTION_KEY) |
|
935 | encrypted_value = enc_utils.encrypt_value(safe_bytes(value), enc_key=ENCRYPTION_KEY) | |
931 | self.update_userdata(secret_2fa=safe_str(encrypted_value)) |
|
936 | self.update_userdata(secret_2fa=safe_str(encrypted_value)) | |
932 |
|
937 |
General Comments 0
You need to be logged in to leave comments.
Login now