Allow team admins to require two-factor authentication (#4034)

* Allow team admins to require two-factor authentication * Add API tests * Improve logic * ADd button tooltip
2026-05-04 15:04:03 +00:00 · 2024-04-02 17:15:16 +02:00
parent 50838b9cea
commit 4ea4189e6d
18 changed files with 282 additions and 30 deletions
--- a/src/tests/api/test_auth.py
+++ b/src/tests/api/test_auth.py
@@ -23,7 +23,7 @@ import time

 import pytest
 from bs4 import BeautifulSoup
-from django.test import Client
+from django.test import Client, override_settings
 from tests.base import extract_form_fields

 from pretix.base.models import Organizer
@@ -66,6 +66,25 @@ def test_session_auth_relative_timeout(client, user, team):
    assert resp.status_code == 403


+@pytest.mark.django_db
+def test_session_auth_password_change_required(client, user, team):
+    client.login(email=user.email, password='dummy')
+    user.needs_password_change = True
+    user.save()
+
+    resp = client.get('/api/v1/organizers/')
+    assert resp.status_code == 403
+
+
+@pytest.mark.django_db
+@override_settings(PRETIX_OBLIGATORY_2FA=True)
+def test_session_auth_2fa_setup_required(client, user, team):
+    client.login(email=user.email, password='dummy')
+
+    resp = client.get('/api/v1/organizers/')
+    assert resp.status_code == 403
+
+
@pytest.mark.django_db
 def test_session_auth_csrf(user, team):
    team.members.add(user)