From bb0d17d4954efb2c253d3bd97bf708c45448803f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Kopyd=C5=82owski?= Date: Mon, 6 Jun 2022 12:08:36 +0200 Subject: [PATCH 1/3] WIP. --- trench/decorators.py | 27 +++++++++++++++++++++++++++ trench/views/base.py | 3 +++ 2 files changed, 30 insertions(+) create mode 100644 trench/decorators.py diff --git a/trench/decorators.py b/trench/decorators.py new file mode 100644 index 00000000..6979e9a3 --- /dev/null +++ b/trench/decorators.py @@ -0,0 +1,27 @@ +from django.contrib.auth import REDIRECT_FIELD_NAME +from django.contrib.auth.decorators import user_passes_test + +from trench.command.authenticate_second_factor import authenticate_second_step_command + + +def mfa_login_required( + function=None, redirect_field_name=REDIRECT_FIELD_NAME, login_url=None +): + """ + Decorator for views that checks that the user is logged in, redirecting + to the log-in page if necessary. + """ + + def test(user): + # return user.is_verified() or (user.is_authenticated and not user_has_device(user)) + return authenticate_second_step_command + + actual_decorator = user_passes_test( + lambda u: u.is_authenticated, + # test, + login_url=login_url, + redirect_field_name=redirect_field_name, + ) + if function: + return actual_decorator(function) + return actual_decorator diff --git a/trench/views/base.py b/trench/views/base.py index c013cc5a..dd384b58 100644 --- a/trench/views/base.py +++ b/trench/views/base.py @@ -1,3 +1,4 @@ +from django.contrib.auth.decorators import login_required from django.contrib.auth.models import User from django.db.models import QuerySet from django.utils.translation import gettext_lazy as _ @@ -24,6 +25,7 @@ regenerate_backup_codes_for_mfa_method_command, ) from trench.command.set_primary_mfa_method import set_primary_mfa_method_command +from trench.decorators import mfa_login_required from trench.exceptions import MFAMethodDoesNotExistError, MFAValidationError from trench.query.get_mfa_config_by_name import get_mfa_config_by_name_query from trench.responses import ErrorResponse @@ -210,6 +212,7 @@ class MFAMethodRequestCodeView(APIView): permission_classes = (IsAuthenticated,) @staticmethod + @login_required def post(request: Request) -> Response: serializer = MFAMethodCodeSerializer(data=request.data) serializer.is_valid(raise_exception=True) From d3b010e625e166cba067eb78622c459937d7c2f6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Kopyd=C5=82owski?= Date: Tue, 28 Jun 2022 11:59:46 +0200 Subject: [PATCH 2/3] Add method_decorator to use custom decorator on a view. --- trench/decorators.py | 10 +++------- trench/views/base.py | 7 +++++-- 2 files changed, 8 insertions(+), 9 deletions(-) diff --git a/trench/decorators.py b/trench/decorators.py index 6979e9a3..92781f6d 100644 --- a/trench/decorators.py +++ b/trench/decorators.py @@ -1,8 +1,6 @@ from django.contrib.auth import REDIRECT_FIELD_NAME from django.contrib.auth.decorators import user_passes_test -from trench.command.authenticate_second_factor import authenticate_second_step_command - def mfa_login_required( function=None, redirect_field_name=REDIRECT_FIELD_NAME, login_url=None @@ -12,13 +10,11 @@ def mfa_login_required( to the log-in page if necessary. """ - def test(user): - # return user.is_verified() or (user.is_authenticated and not user_has_device(user)) - return authenticate_second_step_command + def is_user_authenticated(user): + return user.is_authenticated actual_decorator = user_passes_test( - lambda u: u.is_authenticated, - # test, + is_user_authenticated, login_url=login_url, redirect_field_name=redirect_field_name, ) diff --git a/trench/views/base.py b/trench/views/base.py index dd384b58..4eb59cb0 100644 --- a/trench/views/base.py +++ b/trench/views/base.py @@ -1,6 +1,6 @@ -from django.contrib.auth.decorators import login_required from django.contrib.auth.models import User from django.db.models import QuerySet +from django.utils.decorators import method_decorator from django.utils.translation import gettext_lazy as _ from abc import ABC, abstractmethod @@ -212,7 +212,6 @@ class MFAMethodRequestCodeView(APIView): permission_classes = (IsAuthenticated,) @staticmethod - @login_required def post(request: Request) -> Response: serializer = MFAMethodCodeSerializer(data=request.data) serializer.is_valid(raise_exception=True) @@ -228,6 +227,10 @@ def post(request: Request) -> Response: except MFAValidationError as cause: return ErrorResponse(error=cause) + @method_decorator(mfa_login_required) + def dispatch(self, *args, **kwargs): + return super().dispatch(*args, **kwargs) + class MFAPrimaryMethodChangeView(APIView): permission_classes = (IsAuthenticated,) From df062000f9a8443f607c2f569e25922dc42ed29d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Kopyd=C5=82owski?= Date: Wed, 29 Jun 2022 10:31:15 +0200 Subject: [PATCH 3/3] Commented out decorator application. --- trench/views/base.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/trench/views/base.py b/trench/views/base.py index 4eb59cb0..07d93c1c 100644 --- a/trench/views/base.py +++ b/trench/views/base.py @@ -227,9 +227,9 @@ def post(request: Request) -> Response: except MFAValidationError as cause: return ErrorResponse(error=cause) - @method_decorator(mfa_login_required) - def dispatch(self, *args, **kwargs): - return super().dispatch(*args, **kwargs) + # @method_decorator(mfa_login_required) + # def dispatch(self, *args, **kwargs): + # return super().dispatch(*args, **kwargs) class MFAPrimaryMethodChangeView(APIView):