CGM_Public/pretix_original
2
0
Fork 1
mirror of https://github.com/pretix/pretix.git synced 2026-05-05 15:14:04 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add check to force users to change password (#2284)

Browse Source
This commit is contained in:
ser8phin
2021-11-11 11:10:33 +01:00
committed by GitHub
parent 245ad644ff
commit 169a6c51b4
11 changed files with 137 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/pretix/control/middleware.py
View File

@@ -69,6 +69,11 @@ class PermissionMiddleware:
"user.settings.notifications.off",
)
EXCEPTIONS_FORCED_PW_CHANGE = (
"user.settings",
"auth.logout"
)
EXCEPTIONS_2FA = (
"user.settings.2fa",
"user.settings.2fa.add",
@@ -130,6 +135,9 @@ class PermissionMiddleware:
if url_name not in ('user.reauth', 'auth.logout'):
return redirect(reverse('control:user.reauth') + '?next=' + quote(request.get_full_path()))
if request.user.needs_password_change and url_name not in self.EXCEPTIONS_FORCED_PW_CHANGE:
return redirect(reverse('control:user.settings') + '?next=' + quote(request.get_full_path()))
if not request.user.require_2fa and settings.PRETIX_OBLIGATORY_2FA \
and url_name not in self.EXCEPTIONS_2FA:
return redirect(reverse('control:user.settings.2fa'))