managment and invoke commands to remove mfa

2024-08-30 18:33:04 +00:00 · 2021-12-11 23:07:37 +01:00 · 2021-12-11 23:07:37 +01:00 · 41302398e9
commit 41302398e9
parent 67b3c339b9
2 changed files with 48 additions and 0 deletions
--- a/InvenTree/InvenTree/management/commands/remove_mfa.py
+++ b/InvenTree/InvenTree/management/commands/remove_mfa.py
@ -0,0 +1,36 @@
+"""
+Custom management command to remove MFA for a user
+"""
+
+from django.core.management.base import BaseCommand
+from django.contrib.auth import get_user_model
+
+
+class Command(BaseCommand):
+    """
+    Remove MFA for a user
+    """
+
+    def add_arguments(self, parser):
+        parser.add_argument('mail', type=str)
+
+    def handle(self, *args, **kwargs):
+
+        # general settings
+        mail = kwargs.get('mail')
+        if not mail:
+            raise KeyError('A mail is required')
+        user = get_user_model()
+        mfa_user = [*set(user.objects.filter(email=mail) | user.objects.filter(emailaddress__email=mail))]
+
+        if len(mfa_user) == 0:
+            print('No user with this mail associated')
+        elif len(mfa_user) > 1:
+            print('More than one user found with this mail')
+        else:
+            # and clean out all MFA methods
+            # backup codes
+            mfa_user[0].staticdevice_set.all().delete()
+            # TOTP tokens
+            mfa_user[0].totpdevice_set.all().delete()
+            print(f'Removed all MFA methods for user {str(mfa_user[0])}')
--- a/tasks.py
+++ b/tasks.py
@ -154,6 +154,18 @@ def clean_settings(c):
    manage(c, "clean_settings")


+@task(help={'mail': 'mail of the user whos MFA should be disabled'})
+def remove_mfa(c, mail=''):
+    """
+    Remove MFA for a user
+    """
+
+    if not mail:
+        print('You must provide a users mail')
+
+    manage(c, f"remove_mfa {mail}")
+
+
@task(post=[rebuild_models, rebuild_thumbnails])
 def migrate(c):
    """