From 5b90b4aa65386f69f4ca3946202abf6ecc7c3804 Mon Sep 17 00:00:00 2001 From: Ee Durbin Date: Tue, 2 Apr 2024 11:02:34 -0400 Subject: [PATCH] record when a login used a remembered device --- warehouse/accounts/views.py | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/warehouse/accounts/views.py b/warehouse/accounts/views.py index 139976739111..910920e142c2 100644 --- a/warehouse/accounts/views.py +++ b/warehouse/accounts/views.py @@ -254,8 +254,9 @@ def login(request, redirect_field_name=REDIRECT_FIELD_NAME, _form_class=LoginFor # If the user has enabled two-factor authentication and they do not have # a valid saved device. + _two_factor_remembered = _check_remember_device_token(request, userid) two_factor_required = user_service.has_two_factor(userid) and ( - not _check_remember_device_token(request, userid) + not _two_factor_remembered ) if two_factor_required: two_factor_data = {"userid": userid} @@ -278,8 +279,19 @@ def login(request, redirect_field_name=REDIRECT_FIELD_NAME, _form_class=LoginFor ): redirect_to = request.route_path("manage.projects") + # Construct necessary two_factor information + two_factor_method = ( + "device_remembered" if _two_factor_remembered else None + ) + two_factor_label = two_factor_method + # Actually perform the login routine for our user. - headers = _login_user(request, userid) + headers = _login_user( + request, + userid, + two_factor_method, + two_factor_label=two_factor_label, + ) # Now that we're logged in we'll want to redirect the user to # either where they were trying to go originally, or to the default