From 2cb4900a55f389c8095c3a8cd66375edd0e53300 Mon Sep 17 00:00:00 2001
From: Kumi <git@kumi.email>
Date: Thu, 4 Aug 2022 14:11:55 +0200
Subject: [PATCH] Fixing TOTP login flow

---
 authentication/forms/otp.py   | 5 ++++-
 authentication/views/login.py | 2 +-
 authentication/views/otp.py   | 1 +
 kumidc/urls.py                | 5 ++++-
 4 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/authentication/forms/otp.py b/authentication/forms/otp.py
index 31c6842..46b2df6 100644
--- a/authentication/forms/otp.py
+++ b/authentication/forms/otp.py
@@ -13,6 +13,9 @@ class TOTPLoginForm(forms.Form):
         self.user_cache = None
         super().__init__(*args, **kwargs)
 
+    def get_user(self):
+        return self.user_cache
+
     def clean_token(self):
         token = str(self.cleaned_data.get('token')).zfill(6)
 
@@ -20,7 +23,7 @@ class TOTPLoginForm(forms.Form):
             user = self.request.user
         else:
             sessionid = self.request.session["AuthSession"]
-            session = AuthSession.objects.get(sessionid)
+            session = AuthSession.objects.get(id=sessionid)
             user = session.user
 
         if user.totpsecret.verify(token):
diff --git a/authentication/views/login.py b/authentication/views/login.py
index 4845cbf..81be39e 100644
--- a/authentication/views/login.py
+++ b/authentication/views/login.py
@@ -17,7 +17,7 @@ class LoginView(OnlyLoggedOutMixin, TitleMixin, DjangoLoginView):
     def form_valid(self, form):
         if has_otp(user := form.get_user()):
             session = AuthSession.objects.create(user=user)
-            self.request.session["AuthSession"] = session.id
+            self.request.session["AuthSession"] = str(session.id)
             return HttpResponseRedirect(reverse_lazy("auth:totplogin"))
 
         self.request.session["LastActivity"] = timezone.now().timestamp()
diff --git a/authentication/views/otp.py b/authentication/views/otp.py
index 3e093aa..709c0aa 100644
--- a/authentication/views/otp.py
+++ b/authentication/views/otp.py
@@ -9,6 +9,7 @@ from frontend.mixins.views import TitleMixin
 class TOTPLoginView(TitleMixin, AuthSessionRequiredMixin, LoginView):
     form_class = TOTPLoginForm
     title = "Verify"
+    template_name = "auth/totplogin.html"
 
     def form_valid(self, form):
         self.request.session["LastActivity"] = timezone.now().timestamp()
diff --git a/kumidc/urls.py b/kumidc/urls.py
index 1f2bd59..8e1b9f6 100644
--- a/kumidc/urls.py
+++ b/kumidc/urls.py
@@ -1,7 +1,10 @@
 from django.contrib import admin
-from django.urls import path, re_path, include
+from django.urls import path, re_path, include, reverse_lazy
+from django.views.generic import RedirectView
+
 
 urlpatterns = [
+    path('admin/login/', RedirectView.as_view(url=reverse_lazy("auth:login", query_string=True))),
     path('admin/', admin.site.urls),
     re_path(r'^openid/', include('oidc_provider.urls', namespace='oidc_provider')),
     path('auth/', include(("authentication.urls", "auth"))),