Merge pull request #65 from godswearhats/main

Respects BYPASS setting in mixins
oliwarner · Nov 2, 2023 · fcc7d48 · fcc7d48
2 parents e0c4c72 + 6a1039a
commit fcc7d48
Showing 1 changed file with 4 additions and 3 deletions.
diff --git a/multifactor/mixins.py b/multifactor/mixins.py
@@ -1,7 +1,7 @@
 from django.shortcuts import redirect
 
 from .models import UserKey
-from .common import active_factors
+from .common import active_factors, is_bypassed
 
 
 class MultiFactorMixin:
@@ -16,13 +16,14 @@ def setup(self, request, *args, **kwargs):
         self.active_factors = active_factors(request)
         self.factors = UserKey.objects.filter(user=request.user)
         self.has_multifactor = self.factors.filter(enabled=True).exists()
+        self.bypass = is_bypassed(request)
 
 
 class RequireMultiAuthMixin(MultiFactorMixin):
     """Require Multifactor, force user to add factors if none on account."""
 
     def dispatch(self, request, *args, **kwargs):
-        if not self.active_factors:
+        if not self.active_factors and not self.bypass:
             request.session['multifactor-next'] = request.get_full_path()
             if self.has_multifactor:
                 return redirect('multifactor:authenticate')
@@ -36,7 +37,7 @@ class PreferMultiAuthMixin(MultiFactorMixin):
     """Use Multifactor if user has active factors."""
 
     def dispatch(self, request, *args, **kwargs):
-        if not self.active_factors and self.has_multifactor:
+        if not self.active_factors and not self.bypass and self.has_multifactor:
             request.session['multifactor-next'] = request.get_full_path()
             return redirect('multifactor:authenticate')