def delete_totp(self):
if not self.request.user.two_factor_provisioning_allowed:
self.request.session.flash(
"Modifying 2FA requires a verified email.", queue="error")
return Response(status=403)
totp_secret = self.user_service.get_totp_secret(self.request.user.id)
if not totp_secret:
self.request.session.flash("No TOTP application to delete.",
queue="error")
return HTTPSeeOther(self.request.route_path("manage.account"))
form = DeleteTOTPForm(
**self.request.POST,
username=self.request.user.username,
user_service=self.user_service,
)
if form.validate():
self.user_service.update_user(self.request.user.id,
totp_secret=None)
self.request.session.flash("TOTP application deleted.",
queue="success")
else:
self.request.session.flash("Invalid credentials.", queue="error")
return HTTPSeeOther(self.request.route_path("manage.account"))
def delete_totp(self):
if not self.request.user.has_primary_verified_email:
self.request.session.flash(
"Verify your email to modify two factor authentication", queue="error"
)
return Response(status=403)
totp_secret = self.user_service.get_totp_secret(self.request.user.id)
if not totp_secret:
self.request.session.flash(
"There is no authentication application to delete", queue="error"
)
return HTTPSeeOther(self.request.route_path("manage.account"))
form = DeleteTOTPForm(
**self.request.POST,
username=self.request.user.username,
user_service=self.user_service,
)
if form.validate():
self.user_service.update_user(self.request.user.id, totp_secret=None)
self.request.session.flash(
"Authentication application removed from PyPI. "
"Remember to remove PyPI from your application.",
queue="success",
)
else:
self.request.session.flash("Invalid credentials", queue="error")
return HTTPSeeOther(self.request.route_path("manage.account"))
def delete_totp(self):
totp_secret = self.user_service.get_totp_secret(self.request.user.id)
if not totp_secret:
self.request.session.flash("No TOTP application to delete.", queue="error")
return HTTPSeeOther(self.request.route_path("manage.account"))
form = DeleteTOTPForm(
**self.request.POST,
username=self.request.user.username,
user_service=self.user_service,
)
if form.validate():
self.user_service.update_user(self.request.user.id, totp_secret=None)
self.request.session.flash("TOTP application deleted.", queue="success")
else:
self.request.session.flash("Invalid credentials.", queue="error")
return HTTPSeeOther(self.request.route_path("manage.account"))
def delete_totp(self):
if not self.request.user.has_primary_verified_email:
self.request.session.flash(
"Verify your email to modify two factor authentication",
queue="error")
return Response(status=403)
totp_secret = self.user_service.get_totp_secret(self.request.user.id)
if not totp_secret:
self.request.session.flash(
"There is no authentication application to delete",
queue="error")
return HTTPSeeOther(self.request.route_path("manage.account"))
form = DeleteTOTPForm(
password=self.request.POST["confirm_password"],
username=self.request.user.username,
user_service=self.user_service,
)
if form.validate():
self.user_service.update_user(self.request.user.id,
totp_secret=None)
self.user_service.record_event(
self.request.user.id,
tag="account:two_factor:method_removed",
ip_address=self.request.remote_addr,
additional={"method": "totp"},
)
self.request.session.flash(
"Authentication application removed from PyPI. "
"Remember to remove PyPI from your application.",
queue="success",
)
send_two_factor_removed_email(self.request,
self.request.user,
method="totp")
else:
self.request.session.flash("Invalid credentials. Try again",
queue="error")
return HTTPSeeOther(self.request.route_path("manage.account"))
def delete_totp(self):
totp_secret = self.user_service.get_totp_secret(self.request.user.id)
if not totp_secret:
self.request.session.flash("No TOTP application to delete.",
queue="error")
return HTTPSeeOther(self.request.route_path("manage.account"))
form = DeleteTOTPForm(
**self.request.POST,
username=self.request.user.username,
user_service=self.user_service,
)
if form.validate():
self.user_service.update_user(self.request.user.id,
totp_secret=None)
self.request.session.flash("TOTP application deleted.",
queue="success")
else:
self.request.session.flash("Invalid credentials.", queue="error")
return HTTPSeeOther(self.request.route_path("manage.account"))