Skip to content

Commit

Permalink
Merge pull request #65 from godswearhats/main
Browse files Browse the repository at this point in the history
Respects BYPASS setting in mixins
  • Loading branch information
oliwarner authored Nov 2, 2023
2 parents e0c4c72 + 6a1039a commit fcc7d48
Showing 1 changed file with 4 additions and 3 deletions.
7 changes: 4 additions & 3 deletions multifactor/mixins.py
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
from django.shortcuts import redirect

from .models import UserKey
from .common import active_factors
from .common import active_factors, is_bypassed


class MultiFactorMixin:
Expand All @@ -16,13 +16,14 @@ def setup(self, request, *args, **kwargs):
self.active_factors = active_factors(request)
self.factors = UserKey.objects.filter(user=request.user)
self.has_multifactor = self.factors.filter(enabled=True).exists()
self.bypass = is_bypassed(request)


class RequireMultiAuthMixin(MultiFactorMixin):
"""Require Multifactor, force user to add factors if none on account."""

def dispatch(self, request, *args, **kwargs):
if not self.active_factors:
if not self.active_factors and not self.bypass:
request.session['multifactor-next'] = request.get_full_path()
if self.has_multifactor:
return redirect('multifactor:authenticate')
Expand All @@ -36,7 +37,7 @@ class PreferMultiAuthMixin(MultiFactorMixin):
"""Use Multifactor if user has active factors."""

def dispatch(self, request, *args, **kwargs):
if not self.active_factors and self.has_multifactor:
if not self.active_factors and not self.bypass and self.has_multifactor:
request.session['multifactor-next'] = request.get_full_path()
return redirect('multifactor:authenticate')

Expand Down

0 comments on commit fcc7d48

Please sign in to comment.