This repository has been archived on 2024-05-31. You can view files and clone it, but cannot push or open issues or pull requests.
authentik/passbook/totp/middleware.py

33 lines
1.3 KiB
Python
Raw Normal View History

2018-12-14 09:09:57 +00:00
"""passbook TOTP Middleware to force users with TOTP set up to verify"""
2018-11-16 08:10:35 +00:00
from django.shortcuts import redirect
from django.urls import reverse
from django.utils.http import urlencode
from django_otp import user_has_device
2018-12-14 09:09:57 +00:00
def totp_force_verify(get_response):
"""Middleware to force TOTP Verification"""
2018-11-16 08:10:35 +00:00
def middleware(request):
2018-12-14 09:09:57 +00:00
"""Middleware to force TOTP Verification"""
2018-11-16 08:10:35 +00:00
# pylint: disable=too-many-boolean-expressions
if request.user.is_authenticated and \
user_has_device(request.user) and \
not request.user.is_verified() and \
2018-12-14 09:09:57 +00:00
request.path != reverse('passbook_totp:totp-verify') and \
request.path != reverse('passbook_core:auth-logout') and \
2018-11-16 08:10:35 +00:00
not request.META.get('HTTP_AUTHORIZATION', '').startswith('Bearer'):
2018-12-14 09:09:57 +00:00
# User has TOTP set up but is not verified
2018-11-16 08:10:35 +00:00
# At this point the request is already forwarded to the target destination
# So we just add the current request's path as next parameter
args = '?%s' % urlencode({'next': request.get_full_path()})
2018-12-14 09:09:57 +00:00
return redirect(reverse('passbook_totp:totp-verify') + args)
2018-11-16 08:10:35 +00:00
response = get_response(request)
return response
return middleware