Allowing admins to disable the diable key

2019-05-19 16:08:32 +03:00
parent 7c2958bebf
commit 1f3fca0f48
5 changed files with 17 additions and 5 deletions
--- a/README.md
+++ b/README.md
@@ -47,6 +47,7 @@ Depends on
   MFA_RECHECK_MIN=10         # Minimum interval in seconds
   MFA_RECHECK_MAX=30         # Maximum in seconds
   MFA_QUICKLOGIN=True        # Allow quick login for returning users by provide only their 2FA
+   MFA_HIDE_DISABLE=('FIDO2',)     # Can the user disable his key (Added in 1.2.0).   

   TOKEN_ISSUER_NAME="PROJECT_NAME"      #TOTP Issuer name

--- a/mfa/CHANGELOG.md
+++ b/mfa/CHANGELOG.md
@@ -0,0 +1,4 @@
+# Change Log
+
+## v1.2.0
+ * Added:  MFA_HIDE_DISABLE setting option to disable users from deactivating their keys.
--- a/mfa/templates/MFA.html
+++ b/mfa/templates/MFA.html
@@ -20,6 +20,7 @@
        $("#modal-footer").prepend("<button id='actionBtn' class='btn btn-danger' onclick='confirmDel("+id+")'>Confirm Deletion</button>")
        $("#popUpModal").modal()
    }
+    {% if not HIDE_DISABLE %}
    function toggleKey(id) {
        $.ajax({
            url:"{% url 'toggle_key' %}?id="+id,
@@ -33,6 +34,7 @@
            }
        })
    }
+    {% endif %}
    </script>
    <link href="{% static  'mfa/css/bootstrap-toggle.min.css' %}" rel="stylesheet">
    <script src="{% static 'mfa/js/bootstrap-toggle.min.js'%}"></script>
@@ -87,7 +89,11 @@
               <td>{{ key.expires }}</td>
               <td>{% if key.device %}{{ key.device }}{% endif %}</td>
               <td>{{ key.last_used }}</td>
-               <td><input type="checkbox" id="toggle_{{ key.id }}" {% if key.enabled %}checked{% endif %} data-onstyle="success" data-offstyle="danger"  onchange="toggleKey({{ key.id }})" data-toggle="toggle"></td>
+                {% if key.key_type in HIDE_DISABLE %}
+                    <td>{% if key.enabled %}On{% else %} Off{% endif %}</td>
+                {% else %}
+                    <td><input type="checkbox" id="toggle_{{ key.id }}" {% if key.enabled %}checked{% endif %} data-onstyle="success" data-offstyle="danger"  onchange="toggleKey({{ key.id }})" data-toggle="toggle" class="status_chk"></td>
+                {% endif %}
               <td><a href="javascript:void(0)" onclick="deleteKey({{ key.id }},'{{ key.key_type }}')"> <span class="fa fa-trash"></span></a></td>
           </tr>
       {% empty %}
--- a/mfa/views.py
+++ b/mfa/views.py
@@ -12,14 +12,15 @@ from . import TrustedDevice
 from user_agents import parse
 def index(request):
    keys=[]
-    context={"keys":User_Keys.objects.filter(username=request.user.username),"UNALLOWED_AUTHEN_METHODS":settings.MFA_UNALLOWED_METHODS}
+    context={"keys":User_Keys.objects.filter(username=request.user.username),"UNALLOWED_AUTHEN_METHODS":settings.MFA_UNALLOWED_METHODS
+             ,"HIDE_DISABLE":getattr(settings,"MFA_HIDE_DISABLE",[])}
    for k in context["keys"]:
        if k.key_type =="Trusted Device" :
            setattr(k,"device",parse(k.properties.get("user_agent","-----")))
        elif k.key_type == "FIDO2":
            setattr(k,"device",k.properties.get("type","----"))
        keys.append(k)
-        context["keys"]=keys
+    context["keys"]=keys
    return render_to_response("MFA.html",context,context_instance=RequestContext(request))

 def verify(request,username):
--- a/setup.py
+++ b/setup.py
@@ -4,7 +4,7 @@ from setuptools import find_packages, setup

 setup(
    name='django-mfa2',
-    version='1.1.8',
+    version='1.2.0',
    description='Allows user to add 2FA to their accounts',
    long_description=open("README.md").read(),
    long_description_content_type="text/markdown",