mirror of
https://github.com/inventree/InvenTree
synced 2024-08-30 18:33:04 +00:00
Remove custom 2FA code (#3300)
* Update django-allauth-2fa to latest version * Remove custom view / form for removing token * Revert "2FA disable" view to custom view - Allows specification of custom redirect URL
This commit is contained in:
parent
7376e34505
commit
67732f8f81
@ -15,7 +15,6 @@ from allauth.account.forms import SignupForm, set_form_field_order
|
||||
from allauth.exceptions import ImmediateHttpResponse
|
||||
from allauth.socialaccount.adapter import DefaultSocialAccountAdapter
|
||||
from allauth_2fa.adapter import OTPAdapter
|
||||
from allauth_2fa.forms import TOTPDeviceRemoveForm
|
||||
from allauth_2fa.utils import user_has_valid_totp_device
|
||||
from crispy_forms.bootstrap import (AppendedText, PrependedAppendedText,
|
||||
PrependedText)
|
||||
@ -270,36 +269,3 @@ class CustomSocialAccountAdapter(RegistratonMixin, DefaultSocialAccountAdapter):
|
||||
|
||||
# Otherwise defer to the original allauth adapter.
|
||||
return super().login(request, user)
|
||||
|
||||
|
||||
# Temporary fix for django-allauth-2fa # TODO remove
|
||||
# See https://github.com/inventree/InvenTree/security/advisories/GHSA-8j76-mm54-52xq
|
||||
|
||||
class CustomTOTPDeviceRemoveForm(TOTPDeviceRemoveForm):
|
||||
"""Custom Form to ensure a token is provided before removing MFA"""
|
||||
# User must input a valid token so 2FA can be removed
|
||||
token = forms.CharField(
|
||||
label=_('Token'),
|
||||
)
|
||||
|
||||
def __init__(self, user, **kwargs):
|
||||
"""Add token field."""
|
||||
super().__init__(user, **kwargs)
|
||||
self.fields['token'].widget.attrs.update(
|
||||
{
|
||||
'autofocus': 'autofocus',
|
||||
'autocomplete': 'off',
|
||||
}
|
||||
)
|
||||
|
||||
def clean_token(self):
|
||||
"""Ensure at least one valid token is provided."""
|
||||
# Ensure that the user has provided a valid token
|
||||
token = self.cleaned_data.get('token')
|
||||
|
||||
# Verify that the user has provided a valid token
|
||||
for device in self.user.totpdevice_set.filter(confirmed=True):
|
||||
if device.verify_token(token):
|
||||
return token
|
||||
|
||||
raise forms.ValidationError(_("The entered token is not valid"))
|
||||
|
@ -37,7 +37,7 @@ from common.settings import currency_code_default, currency_codes
|
||||
from part.models import PartCategory
|
||||
from users.models import RuleSet, check_user_role
|
||||
|
||||
from .forms import CustomTOTPDeviceRemoveForm, EditUserForm, SetPasswordForm
|
||||
from .forms import EditUserForm, SetPasswordForm
|
||||
|
||||
|
||||
def auth_request(request):
|
||||
@ -764,10 +764,8 @@ class NotificationsView(TemplateView):
|
||||
template_name = "InvenTree/notifications/notifications.html"
|
||||
|
||||
|
||||
# Temporary fix for django-allauth-2fa # TODO remove
|
||||
# See https://github.com/inventree/InvenTree/security/advisories/GHSA-8j76-mm54-52xq
|
||||
# Custom 2FA removal form to allow custom redirect URL
|
||||
|
||||
class CustomTwoFactorRemove(TwoFactorRemove):
|
||||
"""Use custom form."""
|
||||
form_class = CustomTOTPDeviceRemoveForm
|
||||
"""Specify custom URL redirect."""
|
||||
success_url = reverse_lazy("settings")
|
||||
|
@ -71,7 +71,7 @@ django-allauth==0.51.0
|
||||
# via
|
||||
# -r requirements.in
|
||||
# django-allauth-2fa
|
||||
django-allauth-2fa==0.9
|
||||
django-allauth-2fa==0.10.0
|
||||
# via -r requirements.in
|
||||
django-cleanup==6.0.0
|
||||
# via -r requirements.in
|
||||
|
Loading…
Reference in New Issue
Block a user