From e821d95a01139cc6ef5be844a3f1503340d30ef7 Mon Sep 17 00:00:00 2001 From: RJPvT <48353029+RJPvT@users.noreply.github.com> Date: Sun, 19 Apr 2020 15:51:47 +0200 Subject: [PATCH 1/3] fix: two_factor_is_enabled needs username --- frappe/twofactor.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/frappe/twofactor.py b/frappe/twofactor.py index e60113215b..b44092d6a1 100644 --- a/frappe/twofactor.py +++ b/frappe/twofactor.py @@ -374,11 +374,11 @@ def delete_qrimage(user, check_expiry=False): def delete_all_barcodes_for_users(): '''Task to delete all barcodes for user.''' - if not two_factor_is_enabled(): - return users = frappe.get_all('User', {'enabled':1}) for user in users: + if not two_factor_is_enabled(user=user.name): + continue delete_qrimage(user.name, check_expiry=True) def should_remove_barcode_image(barcode): From be14e59d4aab9fdd4848f3dd123cdac2ccf43c01 Mon Sep 17 00:00:00 2001 From: RJPvT <48353029+RJPvT@users.noreply.github.com> Date: Sun, 19 Apr 2020 15:58:29 +0200 Subject: [PATCH 2/3] fix: no need for password check --- frappe/auth.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/frappe/auth.py b/frappe/auth.py index dba8b05a62..1353acf10f 100644 --- a/frappe/auth.py +++ b/frappe/auth.py @@ -219,7 +219,10 @@ class LoginManager: user = frappe.db.get_value("User", filters={"username": user}, fieldname="name") or user self.check_if_enabled(user) - self.user = self.check_password(user, pwd) + if not frappe.form_dict.get('tmp_id'): + self.user = self.check_password(user, pwd) + else: + self.user = user def force_user_to_reset_password(self): if not self.user: From 2fd199650678213a43fb2751e084f75306dc0873 Mon Sep 17 00:00:00 2001 From: RJPvT <48353029+RJPvT@users.noreply.github.com> Date: Sun, 19 Apr 2020 16:02:19 +0200 Subject: [PATCH 3/3] fix: check if ldap user requires 2fa on login --- frappe/integrations/doctype/ldap_settings/ldap_settings.py | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/frappe/integrations/doctype/ldap_settings/ldap_settings.py b/frappe/integrations/doctype/ldap_settings/ldap_settings.py index 558f7117c0..80dfef2693 100644 --- a/frappe/integrations/doctype/ldap_settings/ldap_settings.py +++ b/frappe/integrations/doctype/ldap_settings/ldap_settings.py @@ -6,7 +6,7 @@ from __future__ import unicode_literals import frappe from frappe import _, safe_encode from frappe.model.document import Document - +from frappe.twofactor import (should_run_2fa, authenticate_for_2factor,confirm_otp_token) class LDAPSettings(Document): def validate(self): @@ -237,6 +237,10 @@ def login(): user = ldap.authenticate(frappe.as_unicode(args.usr), frappe.as_unicode(args.pwd)) frappe.local.login_manager.user = user.name + if should_run_2fa(user.name): + authenticate_for_2factor(user.name) + if not confirm_otp_token(frappe.local.login_manager): + return False frappe.local.login_manager.post_login() # because of a GET request!