def _redirect_for_two_factor_authentication(user_id: UserId) -> None: if requested_file_name(request) in ( "user_login_two_factor", "user_webauthn_login_begin", "user_webauthn_login_complete", ): return if userdb.is_two_factor_login_enabled( user_id) and not userdb.is_two_factor_completed(): raise HTTPRedirect("user_login_two_factor.py?_origtarget=%s" % urlencode(makeuri(request, [])))
if not userdb.is_customer_user_allowed_to_login(user_id): raise MKAuthException(f"{user_id} may not log in here.") if userdb.user_locked(user_id): raise MKAuthException(f"{user_id} not authorized.") if change_reason := userdb.need_to_change_pw(user_id, now): raise MKAuthException( f"{user_id} needs to change the password ({change_reason}).") if userdb.is_two_factor_login_enabled(user_id): if final_candidate["scope"] != "cookie": raise MKAuthException( f"{user_id} has two-factor authentication enabled, which can only be used in " "interactive GUI sessions.") if not userdb.is_two_factor_completed(): raise MKAuthException( "The two-factor authentication needs to be passed first.") return final_candidate def user_from_basic_header(auth_header: str) -> Tuple[UserId, str]: """Decode a Basic Authorization header Examples: >>> user_from_basic_header("Basic Zm9vYmF6YmFyOmZvb2JhemJhcg==") ('foobazbar', 'foobazbar') >>> import pytest