Fixing TOTP login flow

2022-08-04 14:11:55 +02:00 · 2022-08-04 14:11:55 +02:00 · 2cb4900a55
parent 4e77e77296
commit 2cb4900a55
4 changed files with 10 additions and 3 deletions
--- a/authentication/forms/otp.py
+++ b/authentication/forms/otp.py
@ -13,6 +13,9 @@ class TOTPLoginForm(forms.Form):
        self.user_cache = None
        super().__init__(*args, **kwargs)

+    def get_user(self):
+        return self.user_cache
+
    def clean_token(self):
        token = str(self.cleaned_data.get('token')).zfill(6)

@ -20,7 +23,7 @@ class TOTPLoginForm(forms.Form):
            user = self.request.user
        else:
            sessionid = self.request.session["AuthSession"]
-            session = AuthSession.objects.get(sessionid)
+            session = AuthSession.objects.get(id=sessionid)
            user = session.user

        if user.totpsecret.verify(token):
--- a/authentication/views/login.py
+++ b/authentication/views/login.py
@ -17,7 +17,7 @@ class LoginView(OnlyLoggedOutMixin, TitleMixin, DjangoLoginView):
    def form_valid(self, form):
        if has_otp(user := form.get_user()):
            session = AuthSession.objects.create(user=user)
-            self.request.session["AuthSession"] = session.id
+            self.request.session["AuthSession"] = str(session.id)
            return HttpResponseRedirect(reverse_lazy("auth:totplogin"))

        self.request.session["LastActivity"] = timezone.now().timestamp()
--- a/authentication/views/otp.py
+++ b/authentication/views/otp.py
@ -9,6 +9,7 @@ from frontend.mixins.views import TitleMixin
 class TOTPLoginView(TitleMixin, AuthSessionRequiredMixin, LoginView):
    form_class = TOTPLoginForm
    title = "Verify"
+    template_name = "auth/totplogin.html"

    def form_valid(self, form):
        self.request.session["LastActivity"] = timezone.now().timestamp()
--- a/kumidc/urls.py
+++ b/kumidc/urls.py
@ -1,7 +1,10 @@
 from django.contrib import admin
-from django.urls import path, re_path, include
+from django.urls import path, re_path, include, reverse_lazy
+from django.views.generic import RedirectView
+

 urlpatterns = [
+    path('admin/login/', RedirectView.as_view(url=reverse_lazy("auth:login", query_string=True))),
    path('admin/', admin.site.urls),
    re_path(r'^openid/', include('oidc_provider.urls', namespace='oidc_provider')),
    path('auth/', include(("authentication.urls", "auth"))),