Merge pull request #5323 from akvo/enforce-2fa

2FA Enforcement Adjustment
akvo · Feb 27, 2024 · 014a911 · 014a911
2 parents 858194b + 43a582f
commit 014a911
Show file tree

Hide file tree

Showing 4 changed files with 48 additions and 8 deletions.
diff --git a/akvo/rsr/views/account.py b/akvo/rsr/views/account.py
@@ -37,7 +37,7 @@
 
 from two_factor.utils import get_otpauth_url, totp_digits
 from two_factor.forms import AuthenticationTokenForm, BackupTokenForm
-from two_factor.views.core import LoginView
+from two_factor.views.core import LoginView, SetupView
 from two_factor.views.profile import DisableView
 
 
@@ -408,6 +408,25 @@ def done(self, form_list, **kwargs):
         return super().done(form_list, **kwargs)
 
 
+def get_enforce_2fa(user):
+    if not user.is_authenticated:
+        return False
+    return user.enforce_2fa
+
+
 class DisableTwoFactorView(DisableView):
     # override the redirect url
     success_url = '/my-rsr/my-details/'
+
+    def get_context_data(self, **kwargs):
+        if 'enforce_2fa' not in kwargs and self.request.user:
+            kwargs['enforce_2fa'] = get_enforce_2fa(self.request.user)
+        return super().get_context_data(**kwargs)
+
+
+class SetupTwoFactorView(SetupView):
+
+    def get_context_data(self, form, **kwargs):
+        if 'enforce_2fa' not in kwargs and self.request.user:
+            kwargs['enforce_2fa'] = get_enforce_2fa(self.request.user)
+        return super().get_context_data(form, **kwargs)
diff --git a/akvo/templates/two_factor/core/setup.html b/akvo/templates/two_factor/core/setup.html
@@ -8,6 +8,10 @@
       <h2 class="text-center verticalPadding">{% block title %}{% trans "Enable Two-Factor Authentication" %}{% endblock %}</h1>
 
       {% if wizard.steps.current == 'welcome' %}
+        {% if enforce_2fa %}
+          <p>{% blocktrans trimmed %}An organization or project your are associated with
+            requires Two-Factor Authentication (2FA). Please configure it{% endblocktrans %}</p>
+        {% endif %}
       <p>{% blocktrans trimmed %}You are about to take your account security to the
         next level. Follow the steps in this wizard to enable two-factor
         authentication.{% endblocktrans %}</p>
@@ -33,7 +37,9 @@ <h2 class="text-center verticalPadding">{% block title %}{% trans "Enable Two-Fa
         {# hidden submit button to enable [enter] key #}
         <input type="submit" value="" hidden />
 
+        {% if not enforce_2fa %}
         <a href="/my-rsr/my-details/" class="pull-right btn btn-link">{% trans "Cancel" %}</a>
+        {% endif %}
         {% if wizard.steps.prev %}
         <button name="wizard_goto_step" type="submit"
           value="{{ wizard.steps.prev }}"

diff --git a/akvo/templates/two_factor/profile/disable.html b/akvo/templates/two_factor/profile/disable.html
@@ -7,15 +7,27 @@
     <div class="col-md-6 col-md-offset-3">
       <h2 class="text-center verticalPadding">{% block title %}{% trans "Disable Two-factor Authentication" %}{% endblock %}</h1>
 
-      <p>{% blocktrans trimmed %}You are about to disable two-factor authentication. This
+      {% if enforce_2fa %}
+
+        <p>{% blocktrans trimmed %}An organization or project your are associated with requires Two-Factor Authentication (2FA).
+        You cannot disable it.{% endblocktrans %}</p>
+        <p>
+          <a href="/my-rsr/my-details/" class="pull-right btn btn-link">{% trans "Cancel" %}</a>
+        </p>
+
+      {% else %}
+
+        <p>{% blocktrans trimmed %}You are about to disable two-factor authentication. This
         weakens your account security, are you sure?{% endblocktrans %}</p>
 
-      <form method="post">
-        {% csrf_token %}
-        {% bootstrap_form form %}
-        <a href="/my-rsr/my-details/" class="pull-right btn btn-link">{% trans "Cancel" %}</a>
-        <button class="btn btn-danger" type="submit">{% trans "Disable" %}</button>
-      </form>
+        <form method="post">
+          {% csrf_token %}
+          {% bootstrap_form form %}
+          <a href="/my-rsr/my-details/" class="pull-right btn btn-link">{% trans "Cancel" %}</a>
+          <button class="btn btn-danger" type="submit">{% trans "Disable" %}</button>
+        </form>
+
+      {% endif %}
 
     </div>
   </div>

diff --git a/akvo/urls.py b/akvo/urls.py
@@ -104,6 +104,9 @@
     url(r'^sign_in/$',
         account.SignInView.as_view(), name='sign_in'),
 
+    url('^account/two_factor/setup/$',
+        account.SetupTwoFactorView.as_view(), name='two_factor_setup'),
+
     url('^account/two_factor/disable/$',
         account.DisableTwoFactorView.as_view(), name='two_factor_disable'),