Mirror
/
app-MAIL-temp
mirror of https://github.com/simple-login/app.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Bypass 2FA if Login with Proton (#1142) 

* Bypass 2FA if Login with Proton

* Fix formatting of template
This commit is contained in:
Carlos Quintana 2022-07-04 16:24:49 +02:00 committed by GitHub
parent c2bb6488e4
commit 38d305da23
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 31 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
app/auth/views/login_utils.py
View File

@ -9,38 +9,40 @@ from app.log import LOG
from app.models import Referral from app.models import Referral
def after_login(user, next_url): def after_login(user, next_url, login_from_proton: bool = False):
""" """
Redirect to the correct page after login. Redirect to the correct page after login.
If the user is logged in with Proton, do not look at fido nor otp
If user enables MFA: redirect user to MFA page If user enables MFA: redirect user to MFA page
Otherwise redirect to dashboard page if no next_url Otherwise redirect to dashboard page if no next_url
""" """
if user.fido_enabled(): if not login_from_proton:
# Use the same session for FIDO so that we can easily if user.fido_enabled():
# switch between these two 2FA option # Use the same session for FIDO so that we can easily
session[MFA_USER_ID] = user.id # switch between these two 2FA option
if next_url: session[MFA_USER_ID] = user.id
return redirect(url_for("auth.fido", next=next_url)) if next_url:
else: return redirect(url_for("auth.fido", next=next_url))
return redirect(url_for("auth.fido")) else:
elif user.enable_otp: return redirect(url_for("auth.fido"))
session[MFA_USER_ID] = user.id elif user.enable_otp:
if next_url: session[MFA_USER_ID] = user.id
return redirect(url_for("auth.mfa", next=next_url)) if next_url:
else: return redirect(url_for("auth.mfa", next=next_url))
return redirect(url_for("auth.mfa")) else:
else: return redirect(url_for("auth.mfa"))
LOG.d("log user %s in", user)
login_user(user)
session["sudo_time"] = int(time())
# User comes to login page from another page LOG.d("log user %s in", user)
if next_url: login_user(user)
LOG.d("redirect user to %s", next_url) session["sudo_time"] = int(time())
return redirect(next_url)
else: # User comes to login page from another page
LOG.d("redirect user to dashboard") if next_url:
return redirect(url_for("dashboard.index")) LOG.d("redirect user to %s", next_url)
return redirect(next_url)
else:
LOG.d("redirect user to dashboard")
return redirect(url_for("dashboard.index"))
# name of the cookie that stores the referral code # name of the cookie that stores the referral code

4
app/auth/views/proton.py
View File

@ -137,7 +137,7 @@ def proton_callback():
return redirect(url_for("auth.login")) return redirect(url_for("auth.login"))
if res.redirect: if res.redirect:
return after_login(res.user, res.redirect) return after_login(res.user, res.redirect, login_from_proton=True)
next_url = session.get("oauth_next") next_url = session.get("oauth_next")
return after_login(res.user, next_url) return after_login(res.user, next_url, login_from_proton=True)

4
templates/dashboard/enter_sudo.html
View File

@ -19,9 +19,7 @@
{% if connect_with_proton %} {% if connect_with_proton %}
<div class="my-3"> <div class="my-3">
<p> <p>Alternatively you can use your Proton credentials to ensure it's you.</p>
Alternatively you can use your Proton credentials to ensure it's you.
</p>
</div> </div>
<a class="btn btn-primary btn-block mt-2 proton-button w-25" <a class="btn btn-primary btn-block mt-2 proton-button w-25"
href="{{ url_for("auth.proton_login", next=next) }}"> href="{{ url_for("auth.proton_login", next=next) }}">