def test_it_returns_false_if_verification_expired(self, authreq, settings):
with freeze_time('2018-01-01') as time:
util.verify_request_user(authreq)
assert util.is_request_user_verified(authreq) is True
time.tick(delta=datetime.timedelta(
seconds=settings.TWOFACTOR_VERIFY_DURATION + 1))
assert util.is_request_user_verified(authreq) is False
def is_request_verified_staff_user(request) -> bool:
user = request.user
if not user.is_authenticated:
logger.info("User must be authenticated!")
return False
if not user.is_staff:
logger.info("User must be staff!")
return False
if not is_request_user_verified(request):
logger.info("User must be verified via two-factor authentication!")
return False
return True
def wrapper(parent, info: ResolveInfo, *args, **kwargs):
request = info.context
user = request.user
if not user.is_authenticated:
raise GraphQLError("User must be authenticated!")
if not user.is_staff:
raise GraphQLError("User must be staff!")
if not is_request_user_verified(request):
raise GraphQLError(
"User must be verified via two-factor authentication!")
if not user.has_perm(VIEW_TEXT_MESSAGE_PERMISSION):
raise GraphQLError(
"User does not have permission to view text messages!")
return fn(parent, info, *args, **kwargs)
def my_2fa_view(request):
assert is_request_user_verified(request)
return HttpResponse("hello verified user")
def test_it_returns_true_if_user_is_verified(self, authreq):
util.verify_request_user(authreq)
assert util.is_request_user_verified(authreq) is True
def test_it_returns_false_if_user_is_not_verified(self, authreq):
assert util.is_request_user_verified(authreq) is False
def test_it_returns_true_if_twofactor_is_disabled(self, authreq, settings):
settings.TWOFACTOR_VERIFY_DURATION = 0
assert util.is_request_user_verified(authreq) is True
def test_it_returns_false_if_user_is_not_authenticated(self, http_request):
assert util.is_request_user_verified(http_request) is False