diff --git a/passbook/core/auth/view.py b/passbook/core/auth/view.py index 6696f808f..672063cd1 100644 --- a/passbook/core/auth/view.py +++ b/passbook/core/auth/view.py @@ -8,6 +8,7 @@ from django.utils.http import urlencode from django.views.generic import View from passbook.core.models import Factor, User +from passbook.core.policies import PolicyEngine from passbook.core.views.utils import PermissionDeniedView from passbook.lib.utils.reflection import class_to_path, path_to_class from passbook.lib.utils.urls import is_url_absolute @@ -63,7 +64,9 @@ class AuthenticationView(UserPassesTestMixin, View): _all_factors = Factor.objects.filter(enabled=True).order_by('order').select_subclasses() self.pending_factors = [] for factor in _all_factors: - if factor.passes(self.pending_user): + policy_engine = PolicyEngine(factor.policies.all()) + policy_engine.for_user(self.pending_user) + if policy_engine.result[0]: self.pending_factors.append((factor.uuid.hex, factor.type)) # Read and instantiate factor from session factor_uuid, factor_class = None, None diff --git a/passbook/core/models.py b/passbook/core/models.py index d7f2a9c70..33e93d5b4 100644 --- a/passbook/core/models.py +++ b/passbook/core/models.py @@ -73,14 +73,6 @@ class PolicyModel(UUIDModel, CreatedUpdatedModel): policies = models.ManyToManyField('Policy', blank=True) - def passes(self, user: User) -> Union[bool, Tuple[bool, str]]: - """Return False, str if a user fails where str is a - reasons shown to the user. Return True if user succeeds.""" - for policy in self.policies.all(): - if not policy.passes(user): - return False - return True - class Factor(PolicyModel): """Authentication factor, multiple instances of the same Factor can be used""" diff --git a/passbook/core/signals.py b/passbook/core/signals.py index 4df1d0716..7a35f1418 100644 --- a/passbook/core/signals.py +++ b/passbook/core/signals.py @@ -19,9 +19,8 @@ def password_policy_checker(sender, password, **kwargs): setattr(sender, '__password__', password) _all_factors = PasswordFactor.objects.filter(enabled=True).order_by('order') for factor in _all_factors: - if factor.passes(sender): - policy_engine = PolicyEngine(factor.password_policies.all().select_subclasses()) - policy_engine.for_user(sender) - passing, messages = policy_engine.result - if not passing: - raise PasswordPolicyInvalid(*messages) + policy_engine = PolicyEngine(factor.password_policies.all().select_subclasses()) + policy_engine.for_user(sender) + passing, messages = policy_engine.result + if not passing: + raise PasswordPolicyInvalid(*messages) diff --git a/passbook/core/templatetags/passbook_user_settings.py b/passbook/core/templatetags/passbook_user_settings.py index 9b5ac5372..137cd000f 100644 --- a/passbook/core/templatetags/passbook_user_settings.py +++ b/passbook/core/templatetags/passbook_user_settings.py @@ -3,6 +3,7 @@ from django import template from passbook.core.models import Factor +from passbook.core.policies import PolicyEngine register = template.Library() @@ -14,6 +15,8 @@ def user_factors(context): matching_factors = [] for factor in _all_factors: _link = factor.has_user_settings() - if factor.passes(user) and _link: + policy_engine = PolicyEngine(factor.policies.all()) + policy_engine.for_user(user) + if policy_engine.result[0] and _link: matching_factors.append(_link) return matching_factors