CGM_Public/pretix_original
2
0
Fork 1
mirror of https://github.com/pretix/pretix.git synced 2026-05-03 14:54:04 +00:00
Code Issues Packages Projects Releases Wiki Activity

2FA: Allow to delete devices

Browse Source
This commit is contained in:
Raphael Michel
2016-10-08 14:19:20 +02:00
parent 2f24af824e
commit 9407fc0bca
4 changed files with 58 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
src/pretix/control/templates/pretixcontrol/user/2fa_delete.html Normal file
View File

@@ -0,0 +1,25 @@
{% extends "pretixcontrol/base.html" %}
{% load i18n %}
{% load bootstrap3 %}
{% block title %}{% trans "Delete a two-factor authentication device" %}{% endblock %}
{% block content %}
<h1>{% trans "Delete a two-factor authentication device" %}</h1>
<form action="" method="post" class="form-horizontal">
{% csrf_token %}
<p>{% blocktrans trimmed with device=device.name %}
Are you sure you want to delete the authentication device "{{ device }}"?
{% endblocktrans %}</p>
<p>{% trans "You will no longer be able to use this device to log in to pretix." %}</p>
<p>
{% trans "If this is the only device connected to your account, we will disable two-factor authentication." %}
</p>
<div class="form-group submit-group">
<a href="{% url "control:user.settings.2fa" %}" class="btn btn-default btn-cancel">
{% trans "Cancel" %}
</a>
<button type="submit" class="btn btn-danger btn-save">
{% trans "Delete" %}
</button>
</div>
</form>
{% endblock %}

6
src/pretix/control/templates/pretixcontrol/user/2fa_main.html
View File

@@ -48,7 +48,11 @@
<ul class="list-group">
{% for d in devices %}
<li class="list-group-item">
{% if d.devicetype == "totp" %}
<a class="btn btn-danger btn-xs pull-right"
href="{% url "control:user.settings.2fa.delete" devicetype=d.devicetype device=d.pk %}">
Delete
</a>
{% if d.devicetype == "totp" %}
<span class="fa fa-mobile"></span>
{% endif %}
{{ d.name }}

2
src/pretix/control/urls.py
View File

@@ -17,6 +17,8 @@ urlpatterns = [
url(r'^settings/2fa/add$', user.User2FADeviceAddView.as_view(), name='user.settings.2fa.add'),
url(r'^settings/2fa/totp/(?P<device>[0-9]+)/confirm', user.User2FADeviceConfirmTOTPView.as_view(),
name='user.settings.2fa.confirm.totp'),
url(r'^settings/2fa/(?P<devicetype>[^/]+)/(?P<device>[0-9]+)/delete', user.User2FADeviceDeleteView.as_view(),
name='user.settings.2fa.delete'),
url(r'^organizers/$', organizer.OrganizerList.as_view(), name='organizers'),
url(r'^organizers/add$', organizer.OrganizerCreate.as_view(), name='organizers.add'),
url(r'^organizer/(?P<organizer>[^/]+)/edit$', organizer.OrganizerUpdate.as_view(), name='organizer.edit'),

27
src/pretix/control/views/user.py
View File

@@ -15,6 +15,9 @@ from pretix.base.forms.user import User2FADeviceAddForm, UserSettingsForm
from pretix.base.models import User
REAL_DEVICE_TYPES = (TOTPDevice,)
class UserSettings(UpdateView):
model = User
form_class = UserSettingsForm
@@ -49,7 +52,7 @@ class User2FAMainView(TemplateView):
ctx = super().get_context_data()
ctx['devices'] = []
for dt in (TOTPDevice,):
for dt in REAL_DEVICE_TYPES:
objs = list(dt.objects.filter(user=self.request.user, confirmed=True))
for obj in objs:
if dt == TOTPDevice:
@@ -74,6 +77,28 @@ class User2FADeviceAddView(FormView):
}))
class User2FADeviceDeleteView(TemplateView):
template_name = 'pretixcontrol/user/2fa_delete.html'
@cached_property
def device(self):
if self.kwargs['devicetype'] == 'totp':
return get_object_or_404(TOTPDevice, user=self.request.user, pk=self.kwargs['device'], confirmed=True)
def get_context_data(self, **kwargs):
ctx = super().get_context_data()
ctx['device'] = self.device
return ctx
def post(self, request, *args, **kwargs):
self.device.delete()
if not any(dt.objects.filter(user=self.request.user, confirmed=True) for dt in REAL_DEVICE_TYPES):
self.request.user.require_2fa = False
self.request.user.save()
messages.success(request, _('The device has been removed.'))
return redirect(reverse('control:user.settings.2fa'))
class User2FADeviceConfirmTOTPView(TemplateView):
template_name = 'pretixcontrol/user/2fa_confirm_totp.html'