mirror of
https://github.com/simple-login/app.git
synced 2024-09-27 20:31:30 +02:00
Fix user could go to MFA page directly
This commit is contained in:
parent
35aa8f1438
commit
4208ba379f
@ -17,11 +17,18 @@ class OtpTokenForm(FlaskForm):
|
||||
@auth_bp.route("/mfa", methods=["GET", "POST"])
|
||||
def mfa():
|
||||
# passed from login page
|
||||
user_id = session[MFA_USER_ID]
|
||||
user_id = session.get(MFA_USER_ID)
|
||||
|
||||
# user access this page directly without passing by login page
|
||||
if not user_id:
|
||||
flash("Unknown error, redirect back to main page", "warning")
|
||||
return redirect(url_for("dashboard.index"))
|
||||
|
||||
user = User.get(user_id)
|
||||
|
||||
if not user.enable_otp:
|
||||
raise Exception("Only user with MFA enabled should go to this page. %s", user)
|
||||
if not (user and user.enable_otp):
|
||||
flash("Only user with MFA enabled should go to this page", "warning")
|
||||
return redirect(url_for("dashboard.index"))
|
||||
|
||||
otp_token_form = OtpTokenForm()
|
||||
next_url = request.args.get("next")
|
||||
|
Loading…
Reference in New Issue
Block a user