def handle_mfa_response(self, user, mfa_method, *args, **kwargs):
data = {
'ephemeral_token':
user_token_generator.make_token(user),
'method':
mfa_method.name,
'other_methods':
serializers.UserMFAMethodSerializer(
user.mfa_methods.filter(is_active=True, is_primary=False),
many=True,
).data,
}
return Response(data)
def clean(self):
cleaned_data = super().clean()
# `super().clean()` initialize the object `self.user_cache` with
# the user object retrieved from authentication (if any)
auth_method = get_mfa_model().objects.filter(
is_active=True, user=self.user_cache).first()
# Because we only support one 2FA method, we do not filter on
# `is_primary` too (as django_trench does).
# ToDo Figure out why `is_primary` is False sometimes after reactivating
# 2FA
if auth_method:
self.ephemeral_token_cache = (user_token_generator.make_token(
self.user_cache))
return cleaned_data
def handle_mfa_response(self, user, mfa_method, *args, **kwargs):
data = {
'ephemeral_token':
user_token_generator.make_token(user),
'method':
mfa_method.name,
'other_methods':
UserMFAMethodSerializer(
user.mfa_methods.filter(is_active=True, is_primary=False),
many=True,
).data,
}
if mfa_method.name == 'sms':
data['censored_phone_number'] = user.censored_phone_number
return Response(data)
def post(self, request: Request) -> Response:
serializer = LoginSerializer(data=request.data)
serializer.is_valid(raise_exception=True)
try:
user = authenticate_user_command(
request=request,
username=serializer.validated_data[User.USERNAME_FIELD],
password=serializer.validated_data["password"],
)
except MFAValidationError as cause:
return ErrorResponse(error=cause)
try:
mfa_model = get_mfa_model()
mfa_method = mfa_model.objects.get_primary_active(user_id=user.id)
get_mfa_handler(mfa_method=mfa_method).dispatch_message()
return Response(
data={
"ephemeral_token": user_token_generator.make_token(user),
"method": mfa_method.name,
})
except MFAMethodDoesNotExistError:
return self._successful_authentication_response(user=user)