Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix send_codes for alt auth methods #319

Merged
merged 1 commit into from
Oct 10, 2023
Merged

Fix send_codes for alt auth methods #319

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion iam/authmethods/m_email_otp.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -833,7 +833,7 @@ def authenticate(self, auth_event, request):
# if otp_field_code is not None then post_verify_fields_on_auth already
# disabled the user code
if otp_field_code is None:
disable_previous_user_codes(user)
disable_previous_user_codes(user, auth_event)

if not constant_time_compare(req.get('code').upper(), code.code):
msg += f"code mismatch for user `{user.userdata}`: [dbcode = `{code.code}`] != [requested code = `{req.get('code').upper()}`]\n"
Expand Down
2 changes: 1 addition & 1 deletion iam/authmethods/m_sms_otp.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -820,7 +820,7 @@ def authenticate(self, auth_event, request):
# if otp_field_code is not None then post_verify_fields_on_auth already
# disabled the user code
if otp_field_code is None:
disable_previous_user_codes(user)
disable_previous_user_codes(user, auth_event)

if not constant_time_compare(req.get('code').upper(), code.code):
msg += f"code mismatch for user `{user.userdata}`: [dbcode = `{code.code}`] != [requested code = `{req.get('code').upper()}`]\n"
Expand Down
15 changes: 12 additions & 3 deletions iam/authmethods/utils.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -936,7 +936,10 @@ def get_user_code(user, timeout_seconds=None):
.order_by('-created')\
.first()

def disable_previous_user_codes(user):
def disable_previous_user_codes(user, auth_event):
# do not disable previous codes if using fixed codes
if auth_event.auth_method_config.get('config', {}).get('fixed-code', False):
return
Code\
.objects\
.filter(
Expand Down Expand Up @@ -1140,7 +1143,7 @@ def post_verify_fields_on_auth(user, req, auth_event, mode="auth"):

# disable the user code if any
if otp_field_code is not None:
disable_previous_user_codes(user)
disable_previous_user_codes(user, auth_event)

return otp_field_code

Expand Down Expand Up @@ -1435,7 +1438,13 @@ def ret_error(log_error_message, error_message, error_codename):
args=[
[user.id,],
get_client_ip(request)
]
],
# since the auth_event might have been patched, we need to pass the
# potentially patched auth_method and config
kwargs={
"auth_method": auth_event.auth_method,
"config": auth_event.auth_method_config.get('config')
}
)
LOGGER.info(
f"{logger_name}.resend_auth_code.\n"\
Expand Down
2 changes: 1 addition & 1 deletion iam/utils.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -345,7 +345,7 @@ def verify_admin_generated_auth_code(
)
return False, None

disable_previous_user_codes(user)
disable_previous_user_codes(user, auth_event)

if not constant_time_compare(req_data['code'], code.code):
LOGGER.error(
Expand Down
Loading