##// END OF EJS Templates
chore(2fa): refactor some attributes for users
super-admin -
r5374:ced3d33b default
parent child Browse files
Show More
@@ -194,7 +194,7 b' class BaseAppView(object):'
194 if not user_obj:
194 if not user_obj:
195 return
195 return
196
196
197 if user_obj.has_check_2fa_flag and view_name != self.VERIFY_2FA_VIEW:
197 if user_obj.check_2fa_required and view_name != self.VERIFY_2FA_VIEW:
198 raise HTTPFound(self.request.route_path(self.VERIFY_2FA_VIEW))
198 raise HTTPFound(self.request.route_path(self.VERIFY_2FA_VIEW))
199
199
200 def _log_creation_exception(self, e, repo_name):
200 def _log_creation_exception(self, e, repo_name):
@@ -188,7 +188,7 b' class LoginView(BaseAppView):'
188 # form checks for username/password, now we're authenticated
188 # form checks for username/password, now we're authenticated
189 username = form_result['username']
189 username = form_result['username']
190 if (user := User.get_by_username_or_primary_email(username)).has_enabled_2fa:
190 if (user := User.get_by_username_or_primary_email(username)).has_enabled_2fa:
191 user.has_check_2fa_flag = True
191 user.check_2fa_required = True
192
192
193 headers = store_user_in_session(
193 headers = store_user_in_session(
194 self.session,
194 self.session,
@@ -495,7 +495,7 b' class LoginView(BaseAppView):'
495 secret = form_details['secret_totp']
495 secret = form_details['secret_totp']
496
496
497 user_instance.init_2fa_recovery_codes(persist=True, force=True)
497 user_instance.init_2fa_recovery_codes(persist=True, force=True)
498 user_instance.set_2fa_secret(secret)
498 user_instance.2fa_secret = secret
499
499
500 Session().commit()
500 Session().commit()
501 raise HTTPFound(self.request.route_path('my_account_configure_2fa', _query={'show-recovery-codes': 1}))
501 raise HTTPFound(self.request.route_path('my_account_configure_2fa', _query={'show-recovery-codes': 1}))
@@ -538,10 +538,10 b' class LoginView(BaseAppView):'
538 if self.request.method == 'POST':
538 if self.request.method == 'POST':
539 post_items = dict(self.request.POST)
539 post_items = dict(self.request.POST)
540 # NOTE: inject secret, as it's a post configured saved item.
540 # NOTE: inject secret, as it's a post configured saved item.
541 post_items['secret_totp'] = user_instance.get_secret_2fa()
541 post_items['secret_totp'] = user_instance.secret_2fa
542 try:
542 try:
543 totp_form.to_python(post_items)
543 totp_form.to_python(post_items)
544 user_instance.has_check_2fa_flag = False
544 user_instance.check_2fa_required = False
545 Session().commit()
545 Session().commit()
546 raise HTTPFound(c.came_from)
546 raise HTTPFound(c.came_from)
547 except formencode.Invalid as errors:
547 except formencode.Invalid as errors:
@@ -258,7 +258,7 b' class MyAccountView(BaseAppView, DataGri'
258
258
259 post_items = dict(self.request.POST)
259 post_items = dict(self.request.POST)
260 # NOTE: inject secret, as it's a post configured saved item.
260 # NOTE: inject secret, as it's a post configured saved item.
261 post_items['secret_totp'] = user_instance.get_secret_2fa()
261 post_items['secret_totp'] = user_instance.secret_2fa
262 try:
262 try:
263 totp_form.to_python(post_items)
263 totp_form.to_python(post_items)
264 user_instance.regenerate_2fa_recovery_codes()
264 user_instance.regenerate_2fa_recovery_codes()
@@ -839,15 +839,15 b' class User(Base, BaseModel):'
839 Session().commit()
839 Session().commit()
840
840
841 @hybrid_property
841 @hybrid_property
842 def has_check_2fa_flag(self):
842 def check_2fa_required(self):
843 """
843 """
844 Check if check 2fa flag is set for this user
844 Check if check 2fa flag is set for this user
845 """
845 """
846 value = self.user_data.get('check_2fa', False)
846 value = self.user_data.get('check_2fa', False)
847 return value
847 return value
848
848
849 @has_check_2fa_flag.setter
849 @check_2fa_required.setter
850 def has_check_2fa_flag(self, val):
850 def check_2fa_required(self, val):
851 val = str2bool(val)
851 val = str2bool(val)
852 self.update_userdata(check_2fa=val)
852 self.update_userdata(check_2fa=val)
853 Session().commit()
853 Session().commit()
@@ -918,7 +918,11 b' class User(Base, BaseModel):'
918 return secret
918 return secret
919 return ''
919 return ''
920
920
921 def get_secret_2fa(self) -> str:
921 @hybrid_property
922 def secret_2fa(self) -> str:
923 """
924 get stored secret for 2fa
925 """
922 secret_2fa = self.user_data.get('secret_2fa')
926 secret_2fa = self.user_data.get('secret_2fa')
923 if secret_2fa:
927 if secret_2fa:
924 strict_mode = ConfigGet().get_bool('rhodecode.encrypted_values.strict', missing=True)
928 strict_mode = ConfigGet().get_bool('rhodecode.encrypted_values.strict', missing=True)
@@ -926,7 +930,8 b' class User(Base, BaseModel):'
926 enc_utils.decrypt_value(secret_2fa, enc_key=ENCRYPTION_KEY, strict_mode=strict_mode))
930 enc_utils.decrypt_value(secret_2fa, enc_key=ENCRYPTION_KEY, strict_mode=strict_mode))
927 return ''
931 return ''
928
932
929 def set_2fa_secret(self, value):
933 @secret_2fa.setter
934 def secret_2fa(self, value: str) -> None:
930 encrypted_value = enc_utils.encrypt_value(safe_bytes(value), enc_key=ENCRYPTION_KEY)
935 encrypted_value = enc_utils.encrypt_value(safe_bytes(value), enc_key=ENCRYPTION_KEY)
931 self.update_userdata(secret_2fa=safe_str(encrypted_value))
936 self.update_userdata(secret_2fa=safe_str(encrypted_value))
932
937
General Comments 0
You need to be logged in to leave comments. Login now