Merge pull request #10001 from RJPvT/patch-7

feat: enable 2fa for ldap users

frappe/auth.py

@@ -219,7 +219,10 @@ class LoginManager:
 			user = frappe.db.get_value("User", filters={"username": user}, fieldname="name") or user
 
 		self.check_if_enabled(user)
-		self.user = self.check_password(user, pwd)
+		if not frappe.form_dict.get('tmp_id'):
+			self.user = self.check_password(user, pwd)
+		else:
+			self.user = user
 
 	def force_user_to_reset_password(self):
 		if not self.user:

frappe/integrations/doctype/ldap_settings/ldap_settings.py

@@ -6,7 +6,7 @@ from __future__ import unicode_literals
 import frappe
 from frappe import _, safe_encode
 from frappe.model.document import Document
-
+from frappe.twofactor import (should_run_2fa, authenticate_for_2factor,confirm_otp_token)
 
 class LDAPSettings(Document):
 	def validate(self):
@@ -237,6 +237,10 @@ def login():
 	user = ldap.authenticate(frappe.as_unicode(args.usr), frappe.as_unicode(args.pwd))
 
 	frappe.local.login_manager.user = user.name
+	if should_run_2fa(user.name):
+		authenticate_for_2factor(user.name)
+		if not confirm_otp_token(frappe.local.login_manager):
+			return False
 	frappe.local.login_manager.post_login()
 
 	# because of a GET request!

frappe/twofactor.py

@@ -374,11 +374,11 @@ def delete_qrimage(user, check_expiry=False):
 
 def delete_all_barcodes_for_users():
 	'''Task to delete all barcodes for user.'''
-	if not two_factor_is_enabled():
-		return
 
 	users = frappe.get_all('User', {'enabled':1})
 	for user in users:
+		if not two_factor_is_enabled(user=user.name):
+			continue
 		delete_qrimage(user.name, check_expiry=True)
 
 def should_remove_barcode_image(barcode):