[#2076] Upgrade mayin-2fa to 1.0.0

maykinmedia · Feb 5, 2024 · 113def7 · 113def7
1 parent cfb3236
commit 113def7
Show file tree

Hide file tree

Showing 17 changed files with 68 additions and 20 deletions.
diff --git a/requirements/base.txt b/requirements/base.txt
@@ -1,6 +1,6 @@
 #
-# This file is autogenerated by pip-compile with python 3.11
-# To update, run:
+# This file is autogenerated by pip-compile with Python 3.11
+# by the following command:
 #
 #    ./bin/compile_dependencies.sh
 #
@@ -307,7 +307,9 @@ face==20.1.1
 fontawesomefree==6.4.2
     # via -r requirements/base.in
 fonttools[woff]==4.29.1
-    # via weasyprint
+    # via
+    #   fonttools
+    #   weasyprint
 furl==2.1.3
     # via
     #   -r requirements/base.in
@@ -361,7 +363,7 @@ markdown==3.3.6
     # via -r requirements/base.in
 markuppy==1.14
     # via tablib
-maykin-2fa==0.2.0
+maykin-2fa==1.0.0
     # via -r requirements/base.in
 maykin-python3-saml==1.14.0.post0
     # via
@@ -497,7 +499,9 @@ sqlparse==0.4.4
 svglib==1.5.1
     # via easy-thumbnails
 tablib[html,ods,xls,xlsx,yaml]==3.1.0
-    # via django-import-export
+    # via
+    #   django-import-export
+    #   tablib
 tinycss2==1.1.1
     # via
     #   -r requirements/base.in

diff --git a/requirements/ci.txt b/requirements/ci.txt
@@ -1,6 +1,6 @@
 #
-# This file is autogenerated by pip-compile with python 3.11
-# To update, run:
+# This file is autogenerated by pip-compile with Python 3.11
+# by the following command:
 #
 #    ./bin/compile_dependencies.sh
 #
@@ -426,6 +426,7 @@ django-two-factor-auth[phonenumberslite,webauthn]==1.15.5
     # via
     #   -c requirements/base.txt
     #   -r requirements/base.txt
+    #   django-two-factor-auth
     #   maykin-2fa
 django-view-breadcrumbs==2.2.4
     # via
@@ -487,6 +488,7 @@ easy-thumbnails[svg]==2.8.5
     #   -r requirements/base.txt
     #   django-filer
     #   djangocms-picture
+    #   easy-thumbnails
 ecs-logging==2.1.0
     # via
     #   -c requirements/base.txt
@@ -528,6 +530,7 @@ fonttools[woff]==4.29.1
     # via
     #   -c requirements/base.txt
     #   -r requirements/base.txt
+    #   fonttools
     #   weasyprint
 freezegun==1.1.0
     # via -r requirements/test-tools.in
@@ -638,7 +641,7 @@ markuppy==1.14
     #   -c requirements/base.txt
     #   -r requirements/base.txt
     #   tablib
-maykin-2fa==0.2.0
+maykin-2fa==1.0.0
     # via
     #   -c requirements/base.txt
     #   -r requirements/base.txt
@@ -897,6 +900,7 @@ tablib[html,ods,xls,xlsx,yaml]==3.1.0
     #   -c requirements/base.txt
     #   -r requirements/base.txt
     #   django-import-export
+    #   tablib
 tblib==1.7.0
     # via -r requirements/test-tools.in
 text-unidecode==1.3

diff --git a/requirements/dev.txt b/requirements/dev.txt
@@ -1,6 +1,6 @@
 #
-# This file is autogenerated by pip-compile with python 3.11
-# To update, run:
+# This file is autogenerated by pip-compile with Python 3.11
+# by the following command:
 #
 #    ./bin/compile_dependencies.sh
 #
@@ -465,6 +465,7 @@ django-two-factor-auth[phonenumberslite,webauthn]==1.15.5
     # via
     #   -c requirements/ci.txt
     #   -r requirements/ci.txt
+    #   django-two-factor-auth
     #   maykin-2fa
 django-view-breadcrumbs==2.2.4
     # via
@@ -532,6 +533,7 @@ easy-thumbnails[svg]==2.8.5
     #   -r requirements/ci.txt
     #   django-filer
     #   djangocms-picture
+    #   easy-thumbnails
 ecs-logging==2.1.0
     # via
     #   -c requirements/ci.txt
@@ -589,6 +591,7 @@ fonttools[woff]==4.29.1
     # via
     #   -c requirements/ci.txt
     #   -r requirements/ci.txt
+    #   fonttools
     #   weasyprint
 freezegun==1.1.0
     # via
@@ -733,7 +736,7 @@ markupsafe==2.1.3
     # via
     #   jinja2
     #   werkzeug
-maykin-2fa==0.2.0
+maykin-2fa==1.0.0
     # via
     #   -c requirements/ci.txt
     #   -r requirements/ci.txt
@@ -1065,6 +1068,7 @@ tablib[html,ods,xls,xlsx,yaml]==3.1.0
     #   -c requirements/ci.txt
     #   -r requirements/ci.txt
     #   django-import-export
+    #   tablib
 tblib==1.7.0
     # via
     #   -c requirements/ci.txt

diff --git a/src/open_inwoner/accounts/tests/test_admin.py b/src/open_inwoner/accounts/tests/test_admin.py
@@ -2,6 +2,7 @@
 from django.utils.translation import ugettext as _
 
 from django_webtest import WebTest
+from maykin_2fa.test import disable_admin_mfa
 from webtest import Upload
 
 from open_inwoner.utils.tests.helpers import create_image_bytes
@@ -11,14 +12,15 @@
 from .factories import UserFactory
 
 
+@disable_admin_mfa()
 class TestAdminUser(WebTest):
     def setUp(self):
         self.user = UserFactory(
             is_superuser=True, is_staff=True, email="john@example.com"
         )
         self.assertEqual(User.objects.count(), 1)
 
-    def test_user_is_created_without_case_sensitive_email(self):
+    def test_user_is_created_without_case_sensitive_email(self, m):
         response = self.app.get(reverse("admin:accounts_user_add"), user=self.user)
         form = response.forms["user_form"]
         form["email"] = "john2@example.com"
@@ -28,7 +30,7 @@ def test_user_is_created_without_case_sensitive_email(self):
 
         self.assertEqual(User.objects.count(), 2)
 
-    def test_user_is_updated_without_case_sensitive_email(self):
+    def test_user_is_updated_without_case_sensitive_email(self, m):
         response = self.app.get(
             reverse("admin:accounts_user_change", kwargs={"object_id": self.user.pk}),
             user=self.user,
@@ -41,7 +43,7 @@ def test_user_is_updated_without_case_sensitive_email(self):
 
         self.assertEqual(existing_user.email, "john2@example.com")
 
-    def test_user_is_updated_without_modifying_email(self):
+    def test_user_is_updated_without_modifying_email(self, m):
         response = self.app.get(
             reverse("admin:accounts_user_change", kwargs={"object_id": self.user.pk}),
             user=self.user,
@@ -55,7 +57,7 @@ def test_user_is_updated_without_modifying_email(self):
         self.assertEqual(existing_user.first_name, "Updated")
         self.assertEqual(existing_user.email, self.user.email)
 
-    def test_user_not_created_with_case_sensitive_email(self):
+    def test_user_not_created_with_case_sensitive_email(self, m):
         response = self.app.get(reverse("admin:accounts_user_add"), user=self.user)
         form = response.forms["user_form"]
         form["email"] = "John@example.com"
@@ -66,7 +68,7 @@ def test_user_not_created_with_case_sensitive_email(self):
         self.assertContains(response, _("The user with this email already exists."))
         self.assertEqual(User.objects.count(), 1)
 
-    def test_user_not_updated_with_case_sensitive_email(self):
+    def test_user_not_updated_with_case_sensitive_email(self, m):
         response = self.app.get(
             reverse("admin:accounts_user_change", kwargs={"object_id": self.user.pk}),
             user=self.user,
@@ -80,7 +82,7 @@ def test_user_not_updated_with_case_sensitive_email(self):
         self.assertContains(response, _("The user with this email already exists."))
         self.assertEqual(self.user.email, updated_user.email)
 
-    def test_validation_error_is_raised_when_wrong_format_email(self):
+    def test_validation_error_is_raised_when_wrong_format_email(self, m):
         response = self.app.get(
             reverse("admin:accounts_user_change", kwargs={"object_id": self.user.pk}),
             user=self.user,
@@ -91,7 +93,7 @@ def test_validation_error_is_raised_when_wrong_format_email(self):
 
         self.assertContains(response, _("Voer een geldig e-mailadres in."))
 
-    def test_begeleider_can_add_an_image(self):
+    def test_begeleider_can_add_an_image(self, m):
         self.user.contact_type = ContactTypeChoices.begeleider
         self.user.save()
 
@@ -114,7 +116,7 @@ def test_begeleider_can_add_an_image(self):
 
         self.assertIsNotNone(self.user.image.file)
 
-    def test_non_begeleider_cannot_add_an_image(self):
+    def test_non_begeleider_cannot_add_an_image(self, m):
         img_bytes = create_image_bytes()
 
         response = self.app.get(

diff --git a/src/open_inwoner/accounts/tests/test_logging.py b/src/open_inwoner/accounts/tests/test_logging.py
@@ -11,6 +11,7 @@
 
 from django_webtest import WebTest
 from freezegun import freeze_time
+from maykin_2fa.test import disable_admin_mfa
 from privates.test import temp_private_root
 from timeline_logger.models import TimelineLog
 
@@ -30,6 +31,7 @@
 )
 
 
+@disable_admin_mfa()
 @freeze_time("2021-10-18 13:00:00")
 @override_settings(ROOT_URLCONF="open_inwoner.cms.tests.urls")
 class TestProfile(WebTest):
@@ -115,7 +117,11 @@ def test_user_notifications_update_is_logged(self, mock_cms_page_display):
         )
 
     def test_login_via_admin_is_logged(self):
-        self.app.post(reverse("admin:login"), user=self.user)
+        login_page = self.app.get(reverse("admin:login"))
+        login_page.form["auth-username"] = self.user.email
+        login_page.form["auth-password"] = "secret"
+        login_page.form.submit()
+
         log_entry = TimelineLog.objects.get()
 
         self.assertEqual(

diff --git a/src/open_inwoner/cms/tests/test_middleware.py b/src/open_inwoner/cms/tests/test_middleware.py
@@ -2,13 +2,15 @@
 from django.test import TestCase, override_settings
 from django.urls import reverse
 
+from maykin_2fa.test import disable_admin_mfa
 from pyquery import PyQuery as pq
 
 from open_inwoner.cms.tests import cms_tools
 from open_inwoner.cms.utils.middleware import DropToolbarMiddleware
 from open_inwoner.utils.tests.helpers import TwoFactorUserTestMixin
 
 
+@disable_admin_mfa()
 @override_settings(TWO_FACTOR_FORCE_OTP_ADMIN=False)
 class TestDropToolbarMiddleware(TwoFactorUserTestMixin, TestCase):
     @classmethod

diff --git a/src/open_inwoner/conf/dev.py b/src/open_inwoner/conf/dev.py
@@ -144,6 +144,10 @@
 
 TWO_FACTOR_PATCH_ADMIN = False
 
+# Disable two-factor authentication by default for development
+if config("DISABLE_2FA", default=True):
+    MAYKIN_2FA_ALLOW_MFA_BYPASS_BACKENDS = AUTHENTICATION_BACKENDS
+
 # playwright multi browser
 PLAYWRIGHT_MULTI_ONLY_DEFAULT = True
 

diff --git a/src/open_inwoner/configurations/tests/test_admin.py b/src/open_inwoner/configurations/tests/test_admin.py
@@ -3,13 +3,15 @@
 from django.utils.translation import ugettext_lazy as _
 
 from django_webtest import WebTest
+from maykin_2fa.test import disable_admin_mfa
 from pyquery import PyQuery
 
 from open_inwoner.accounts.tests.factories import UserFactory
 
 from ..models import SiteConfiguration
 
 
+@disable_admin_mfa()
 class TestAdminSite(WebTest):
     csrf_checks = False
 
@@ -102,6 +104,7 @@ def test_bulk_delete_fail(self):
         )
 
 
+@disable_admin_mfa()
 class TestAdminForm(WebTest):
     def setUp(self):
         self.user = UserFactory(is_superuser=True, is_staff=True)

diff --git a/src/open_inwoner/configurations/tests/test_colors.py b/src/open_inwoner/configurations/tests/test_colors.py
@@ -2,10 +2,12 @@
 from django.utils.translation import gettext as _
 
 from django_webtest import WebTest
+from maykin_2fa.test import disable_admin_mfa
 
 from open_inwoner.accounts.tests.factories import UserFactory
 
 
+@disable_admin_mfa()
 class TestConfigurationColors(WebTest):
     def setUp(self):
         super().setUp()

diff --git a/src/open_inwoner/configurations/tests/test_oidc.py b/src/open_inwoner/configurations/tests/test_oidc.py
@@ -2,6 +2,7 @@
 from django.utils.translation import gettext_lazy as _
 
 from django_webtest import WebTest
+from maykin_2fa.test import disable_admin_mfa
 from mozilla_django_oidc_db.models import OpenIDConnectConfig
 
 from open_inwoner.accounts.tests.factories import UserFactory
@@ -11,6 +12,7 @@
 from ..choices import OpenIDDisplayChoices
 
 
+@disable_admin_mfa()
 class OIDCConfigTest(ClearCachesMixin, WebTest):
     csrf_checks = False
 

diff --git a/src/open_inwoner/media/tests/test_admin.py b/src/open_inwoner/media/tests/test_admin.py
@@ -2,12 +2,14 @@
 
 from cms.utils.permissions import set_current_user
 from django_webtest import WebTest
+from maykin_2fa.test import disable_admin_mfa
 
 from open_inwoner.accounts.tests.factories import UserFactory
 
 from .factories import VideoFactory
 
 
+@disable_admin_mfa()
 class VideoAdminTests(WebTest):
     def setUp(self):
         set_current_user(

diff --git a/src/open_inwoner/openzaak/tests/test_admin.py b/src/open_inwoner/openzaak/tests/test_admin.py
@@ -2,12 +2,14 @@
 from django.utils.translation import gettext_lazy as _
 
 from django_webtest import WebTest
+from maykin_2fa.test import disable_admin_mfa
 
 from open_inwoner.accounts.tests.factories import UserFactory
 
 from .factories import ZaakTypeConfigFactory, ZaakTypeInformatieObjectTypeConfigFactory
 
 
+@disable_admin_mfa()
 class TestZaakTypeConfigAdmin(WebTest):
     def setUp(self):
         self.user = UserFactory(is_superuser=True, is_staff=True)

diff --git a/src/open_inwoner/pdc/tests/test_category_admin.py b/src/open_inwoner/pdc/tests/test_category_admin.py
@@ -5,6 +5,7 @@
 from django.utils.translation import gettext as _
 
 from django_webtest import WebTest
+from maykin_2fa.test import disable_admin_mfa
 
 from open_inwoner.accounts.tests.factories import GroupFactory, UserFactory
 from open_inwoner.openzaak.tests.factories import ZaakTypeConfigFactory
@@ -13,6 +14,7 @@
 from .factories import CategoryFactory
 
 
+@disable_admin_mfa()
 class TestAdminCategoryForm(WebTest):
     def setUp(self):
         self.user = UserFactory(is_superuser=True, is_staff=True)