def disable(request):
for x in devices_for_user(request.user):
x.delete()
messages.success(request, "Two factor authentication disabled.")
return redirect('account:two-factor-auth:view')
def teacher_disable_2FA(request, pk):
teacher = get_object_or_404(Teacher, id=pk)
user = request.user.userprofile.teacher
# check user has authority to change
if teacher.school != user.school or not user.is_admin:
raise Http404
for device in devices_for_user(teacher.user.user):
device.delete()
return HttpResponseRedirect(reverse_lazy('organisation_manage'))
def teacher_disable_2FA(request, pk):
teacher = get_object_or_404(Teacher, id=pk)
user = request.user.new_teacher
# check user has authority to change
if teacher.school != user.school or not user.is_admin:
raise Http404
for device in devices_for_user(teacher.new_user):
device.delete()
return HttpResponseRedirect(reverse_lazy('organisation_manage'))
def teacher_disable_2FA(request, pk):
teacher = get_object_or_404(Teacher, id=pk)
user = request.user.new_teacher
# check user has authority to change
if teacher.school != user.school or not user.is_admin:
raise Http404
for device in devices_for_user(teacher.new_user):
device.delete()
return HttpResponseRedirect(reverse_lazy("dashboard"))
def process_request(self, request):
"""
Five possible outcomes
1. The view is not login required.
- just return, nothing to see here
2. The user is authenticated and verified,
- great you're good to go
3. The user is authenticated but does not have two factor
auth set up
- log out the user and redirect them requesting them to
contact us
4. The user is authenticated and is not verified
- redirect to do 2 step auth
5. The user is not authenticated
- redirect to log in
We don't use the the two factor auth inital log in, to put them
through the standard opal authentication first.
"""
resolved_match = resolve(request.path_info)
for url_name in settings.LOGIN_NOT_REQUIRED:
name_space = None
if isinstance(url_name, tuple):
url_name, name_space = url_name
if resolved_match.url_name == url_name:
if name_space:
if name_space in resolved_match.namespaces:
return
else:
return
if request.user.is_authenticated:
if not settings.TWO_FACTOR_FOR_SUPERUSERS:
if request.user.is_superuser:
return
if request.user.is_verified():
return
elif [i for i in two_factor_utils.devices_for_user(request.user)]:
return redirect("two-factor-login")
else:
logging.error(
"user {} has not had two factor auth set up".format(
request.user.username))
logout(request)
return redirect("two-factor-required")
return redirect(reverse("two_factor:login"))