Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

🎨 Two-factor-auth per user (🗃️ ) #5061

Merged
merged 5 commits into from
Nov 21, 2023
Merged

🎨 Two-factor-auth per user (🗃️ ) #5061

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
107832d
2fa for all
pcrespov Nov 21, 2023
49518cc
adds 2fa column in user
pcrespov Nov 21, 2023
df32bae
migration script
pcrespov Nov 21, 2023
4cbfb59
typo
pcrespov Nov 21, 2023
49206df
Merge branch 'master' into enh/enable-2fa-to-all
pcrespov Nov 21, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
35 changes: 35 additions & 0 deletions ...e_postgres_database/migration/versions/215b2cac1dbc_new_two_factor_enabled_user_column.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
"""new two_factor_enabled user column

Revision ID: 215b2cac1dbc
Revises: 22404057a50c
Create Date: 2023-11-21 14:42:42.170235+00:00

"""
import sqlalchemy as sa
from alembic import op

# revision identifiers, used by Alembic.
revision = "215b2cac1dbc"
down_revision = "22404057a50c"
branch_labels = None
depends_on = None


def upgrade():
# ### commands auto generated by Alembic - please adjust! ###
op.add_column(
"users",
sa.Column(
"two_factor_enabled",
sa.Boolean(),
server_default=sa.text("true"),
nullable=False,
),
)
# ### end Alembic commands ###


def downgrade():
# ### commands auto generated by Alembic - please adjust! ###
op.drop_column("users", "two_factor_enabled")
# ### end Alembic commands ###
8 changes: 8 additions & 0 deletions packages/postgres-database/src/simcore_postgres_database/models/users.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -100,6 +100,14 @@ class UserStatus(Enum):
nullable=True, # since 2FA can be configured optional
doc="Confirmed user phone used e.g. to send a code for a two-factor-authentication",
),
sa.Column(
"two_factor_enabled",
sa.Boolean,
server_default=sa.sql.expression.true(),
nullable=False,
doc="Wheter 2FA is enabled at login by this user."
"NOTE that this is checked ONLY if application activates 2FA",
sanderegg marked this conversation as resolved.
Show resolved Hide resolved
),
sa.Column("password_hash", sa.String, nullable=False),
sa.Column(
"primary_gid",
Expand Down
6 changes: 2 additions & 4 deletions services/web/server/src/simcore_service_webserver/login/handlers_auth.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,4 @@
import logging
from typing import Final

from aiohttp import web
from aiohttp.web import RouteTableDef
Expand Down Expand Up @@ -99,9 +98,8 @@ async def login(request: web.Request):
product=product,
)

# Some roles have login privileges
has_privileges: Final[bool] = UserRole(user["role"]) > UserRole.USER
if has_privileges or not settings.LOGIN_2FA_REQUIRED:
skip_2fa = not user.get("two_factor_enabled", True)
if skip_2fa or not settings.LOGIN_2FA_REQUIRED:
return await login_granted_response(request, user=user)

# no phone
Expand Down
Loading