paradizelost/paperless-ngx
1
0
Fork 0
mirror of https://github.com/paperless-ngx/paperless-ngx.git synced 2025-08-12 00:19:48 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix: disable API basic auth if MFA enabled (#8792)

Browse Source
This commit is contained in:
shamoon
2025-01-17 19:51:53 -08:00
committed by GitHub
parent 29726c3ce1
commit 5e3ee3a80d
3 changed files with 40 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
src/paperless/auth.py
View File

@@ -1,5 +1,6 @@
import logging
from allauth.mfa.adapter import get_adapter as get_mfa_adapter
from django.conf import settings
from django.contrib import auth
from django.contrib.auth.middleware import PersistentRemoteUserMiddleware
@@ -7,6 +8,7 @@ from django.contrib.auth.models import User
from django.http import HttpRequest
from django.utils.deprecation import MiddlewareMixin
from rest_framework import authentication
from rest_framework import exceptions
logger = logging.getLogger("paperless.auth")
@@ -70,3 +72,14 @@ class PaperlessRemoteUserAuthentication(authentication.RemoteUserAuthentication)
"""
header = settings.HTTP_REMOTE_USER_HEADER_NAME
class PaperlessBasicAuthentication(authentication.BasicAuthentication):
def authenticate(self, request):
user_tuple = super().authenticate(request)
user = user_tuple[0] if user_tuple else None
mfa_adapter = get_mfa_adapter()
if user and mfa_adapter.is_mfa_enabled(user):
raise exceptions.AuthenticationFailed("MFA required")
return user_tuple