diff --git a/InvenTree/InvenTree/middleware.py b/InvenTree/InvenTree/middleware.py index ea0d6ddc2a..0d7a4f46f7 100644 --- a/InvenTree/InvenTree/middleware.py +++ b/InvenTree/InvenTree/middleware.py @@ -11,6 +11,7 @@ from rest_framework.authtoken.models import Token from allauth_2fa.middleware import BaseRequire2FAMiddleware, AllauthTwoFactorMiddleware from InvenTree.urls import frontendpatterns +from common.models import InvenTreeSetting logger = logging.getLogger("inventree") @@ -162,7 +163,7 @@ class Check2FAMiddleware(BaseRequire2FAMiddleware): # Superusers are require to have 2FA. try: if url_matcher.resolve(request.path[1:]): - return True + return InvenTreeSetting.get_setting('LOGIN_ENFORCE_MFA') except Resolver404: pass return False diff --git a/InvenTree/common/models.py b/InvenTree/common/models.py index 3dae13c3e0..631e2f5686 100644 --- a/InvenTree/common/models.py +++ b/InvenTree/common/models.py @@ -853,6 +853,12 @@ class InvenTreeSetting(BaseInvenTreeSetting): 'default': '', 'choices': settings_group_options }, + 'LOGIN_ENFORCE_MFA': { + 'name': _('Enforce MFA'), + 'description': _('Users must use multifaktor security.'), + 'default': False, + 'validator': bool, + }, } class Meta: diff --git a/InvenTree/templates/InvenTree/settings/login.html b/InvenTree/templates/InvenTree/settings/login.html index d3cba1180f..4ce4cd2408 100644 --- a/InvenTree/templates/InvenTree/settings/login.html +++ b/InvenTree/templates/InvenTree/settings/login.html @@ -16,6 +16,7 @@ {% include "InvenTree/settings/setting.html" with key="LOGIN_ENABLE_SSO" icon="fa-info-circle" %} {% include "InvenTree/settings/setting.html" with key="LOGIN_ENABLE_PWD_FORGOT" icon="fa-info-circle" %} {% include "InvenTree/settings/setting.html" with key="LOGIN_MAIL_REQUIRED" icon="fa-info-circle" %} + {% include "InvenTree/settings/setting.html" with key="LOGIN_ENFORCE_MFA" %} {% trans 'Signup' %}