zedfrigg/bookwyrm
1
0
Fork 0
Code Activity

various 2fa improvements

Browse source 
- cleaner code
- use TWO_FACTOR_LOGIN_MAX_SECONDS instead of hardcoded number
- render qrcode properly
- use nginx to rate limit login attempts
- do not throw error if session user is undefined
This commit is contained in:
Hugh Rundle 2022-10-14 21:56:38 +11:00
parent aefc7a23bc
commit 79b04c2240
3 changed files with 11 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

2
bookwyrm/views/landing/login.py
View file

@ -55,7 +55,7 @@ class Login(View):
user = authenticate(request, username=username, password=password)
if user is not None:
# if 2fa is set, don't log them in until they enter the right code
if user.two_factor_auth is True:
if user.two_factor_auth:
request.session["2fa_user"] = user.username
request.session["2fa_auth_time"] = time.time()
return redirect("login-with-2fa")