Conversation
Signed-off-by: Kevin <kevin@stealsyour.pw>
Signed-off-by: Kevin <kevin@stealsyour.pw>
Signed-off-by: Kevin <kevin@stealsyour.pw>
… into ft-enable_2_factor
Signed-off-by: Kevin <kevin@stealsyour.pw>
Signed-off-by: Kevin <kevin@stealsyour.pw>
Signed-off-by: Kevin <kevin@stealsyour.pw>
postmaster/apiv1/admins.py
Outdated
| return dict(enabled=admin.otp_active) | ||
| elif status.lower() == "true": | ||
| raise GenericError("Cannot enable 2 factor from this route - see docs") | ||
| raise GenericError("An Invalid parameter was supplied") |
postmaster/apiv1/admins.py
Outdated
| 'error', current_user.username, | ||
| 'The following error occurred in twofactor_disable: {0}'.format(str(e))) | ||
| raise GenericError('The administrator could not be updated') | ||
| return dict(enabled=admin.otp_active) |
There was a problem hiding this comment.
I don't think we should return anything in this case. Just an HTTP 200.
postmaster/apiv1/admins.py
Outdated
| 'error', current_user.username, | ||
| 'The following error occurred in verify_qrcode: {0}'.format(str(e))) | ||
| raise GenericError('The administrator could not be updated') | ||
| return dict(status="Success") |
There was a problem hiding this comment.
I don't think we should be returning this here. We don't anywhere else in the app. A simple HTTP 200 should do here with no JSON.
postmaster/forms.py
Outdated
|
|
||
| from flask_wtf import Form | ||
| from wtforms import StringField, PasswordField, SelectField | ||
| from wtforms import StringField, PasswordField, SelectField, IntegerField, validators |
There was a problem hiding this comment.
Instead of importing validators, import Optional from it on the next line. Alternatively, you can remove the line below and do validators.DataRequired() on line 17, 18, and 20.
postmaster/forms.py
Outdated
| """ | ||
| username = StringField(label='Username', validators=[DataRequired()]) | ||
| password = PasswordField(label='Password', validators=[DataRequired(), validate_wtforms_password]) | ||
| two_factor = IntegerField(label='2 Factor', validators=(validators.Optional(),)) |
There was a problem hiding this comment.
Can the label be "Two Factor Code"
There was a problem hiding this comment.
I'm also thinking that instead of this, we should pop up a modal if two factor authentication is enabled. This is fine for now though.
postmaster/apiv1/admins.py
Outdated
| return {}, 200 | ||
|
|
||
|
|
||
| @apiv1.route('/admins/<int:admin_id>/2factor', methods=['GET']) |
There was a problem hiding this comment.
Can we change the route to "twofactor"?
postmaster/apiv1/admins.py
Outdated
| return dict(enabled=admin.otp_active) | ||
|
|
||
|
|
||
| @apiv1.route('/admins/<int:admin_id>/2factor', methods=['PUT']) |
There was a problem hiding this comment.
Can we change the route to "twofactor"?
postmaster/apiv1/admins.py
Outdated
| raise GenericError("An Invalid parameter was supplied") | ||
|
|
||
|
|
||
| @apiv1.route('/admins/<int:admin_id>/2factor/qrcode', methods=['GET']) |
There was a problem hiding this comment.
Can we change the route to "twofactor"?
postmaster/apiv1/admins.py
Outdated
| 'Expires': '0'} | ||
|
|
||
|
|
||
| @apiv1.route('/admins/<int:admin_id>/2factor/verify', methods=['POST']) |
There was a problem hiding this comment.
Can we change the route to "twofactor"?
tests/api/test_api_functions.py
Outdated
| assert False, "Not json" | ||
| assert "Success" in rv.data | ||
| assert rv.status_code == 200 | ||
| assert "Success" in rv.data |
|
@thatarchguy nice work. I just have some simple comments you need to address and then we'll merge this. |
|
@thatarchguy also please add to the Change Log. |
Signed-off-by: Kevin <kevin@stealsyour.pw>
Signed-off-by: Kevin <kevin@stealsyour.pw>
Signed-off-by: Kevin <kevin@stealsyour.pw>
Signed-off-by: Kevin <kevin@stealsyour.pw>
Signed-off-by: Kevin <kevin@stealsyour.pw>
|
@thatarchguy LGTM! Next time, don't merge master into your branch, do: This stacks your new commits on top of the latest master. |
2 participants
Ripped from #165 because of decision to separate the merge into frontend and backend pieces #165 (comment)