def __init__(self, user, request=None, *args, **kwargs):
super(OTPTokenForm, self).__init__(*args, **kwargs)
self.user = user
# filter user OTP devices to keep only TOTP ones
self.fields["otp_device"].choices = [
d for d in self.device_choices(user)
if TOTPDevice.model_label() in d[0]
]
def _update_form(self, user):
super()._update_form(user)
if "otp_device" in self.fields:
# filter user OTP devices to keep only TOTP ones
self.fields["otp_device"].widget.choices = [
d for d in self.device_choices(user)
if TOTPDevice.model_label() in d[0]
]
def get(self, request, *args, **kwargs):
# Reduce session expiration to 10 minutes during 2FA check (in case user afk).
request.session.set_expiry(600)
devices = list(
(d.persistent_id, d.name) for d in devices_for_user(request.user))
_next = request.GET.get("next", None)
if _next:
request.session["next"] = _next
# Redirect to available device check page, from most secure to less secure one
if [d for d in devices if Fido2Device.model_label() in d[0]]:
return redirect("otp_fido2_check", *args, **kwargs)
if [d for d in devices if TOTPDevice.model_label() in d[0]]:
return redirect("otp_totp_check", *args, **kwargs)
if [d for d in devices if StaticDevice.model_label() in d[0]]:
return redirect("otp_static_check", *args, **kwargs)
