Skip to content

Commit

Permalink
Fix broken token auth when 2FA is enabled (1.16) (#3327)
Browse files Browse the repository at this point in the history
Co-authored-by: ammar92 <[email protected]>
Co-authored-by: Jan Klopper <[email protected]>
  • Loading branch information
3 people authored Aug 7, 2024
1 parent f76eee6 commit 15ef532
Show file tree
Hide file tree
Showing 3 changed files with 17 additions and 3 deletions.
4 changes: 2 additions & 2 deletions docs/source/manual/usermanual.rst
Original file line number Diff line number Diff line change
Expand Up @@ -246,8 +246,8 @@ After the CSV file has been uploaded the users receive a welcome email on their
The OpenKAT team


Token authentication
--------------------
API token authentication
------------------------

Authentication tokens can be created in the admin interface (/admin). The token is created for an user account and will have the same permissions as the user. After creating a token it will display the newly created token once. You need to copy the token immediately, because the token are stored hashed in the database and won't be visible anymore.

Expand Down
3 changes: 2 additions & 1 deletion rocky/rocky/middleware/auth_required.py
Original file line number Diff line number Diff line change
Expand Up @@ -57,14 +57,15 @@ def middleware(request):
# When 2fa is enabled, check if user is verified, otherwise redirect to 2fa setup page
if (
settings.TWOFACTOR_ENABLED
and not request.user.is_verified()
and not (
# check if path is not in excluded list
request.path in excluded
or request.path in excluded_2fa
# check if path starts with anything in excluded_prefix
or any([request.path.startswith(prefix) for prefix in excluded_prefix])
)
# This check should be after excluding /api because API users won't have `is_verified`
and not request.user.is_verified()
):
return redirect(two_factor_setup_path)

Expand Down
13 changes: 13 additions & 0 deletions rocky/tests/test_api.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
from account.models import AuthToken


# Regression test for https://github.com/minvws/nl-kat-coordination/issues/2872
def test_api_2fa_enabled(client, settings, admin_user):
settings.TWOFACTOR_ENABLED = True

token_object = AuthToken(name="Test", user=admin_user)
token = token_object.generate_new_token()
token_object.save()

response = client.get("/api/v1/organization/", headers={"Authorization": f"Token {token}"})
assert response.status_code == 200

0 comments on commit 15ef532

Please sign in to comment.