From 4b412f57161277eff3d996f805477976587d18e2 Mon Sep 17 00:00:00 2001 From: Matthias Mair Date: Mon, 13 Jan 2025 23:08:24 +0100 Subject: [PATCH] add setting for configuring types --- docs/docs/start/config.md | 1 + src/backend/InvenTree/InvenTree/settings.py | 12 ++++++++++-- .../Settings/AccountSettings/SecurityContent.tsx | 7 +++++-- 3 files changed, 16 insertions(+), 4 deletions(-) diff --git a/docs/docs/start/config.md b/docs/docs/start/config.md index 4ac937e651..6e9f57235a 100644 --- a/docs/docs/start/config.md +++ b/docs/docs/start/config.md @@ -379,6 +379,7 @@ InvenTree provides allowance for additional sign-in options. The following optio | Environment Variable | Configuration File | Description | Default | | --- | --- | --- | --- | | INVENTREE_MFA_ENABLED | mfa_enabled | Enable or disable multi-factor authentication support for the InvenTree server | True | +| MFA_SUPPORTED_TYPES | mfa_supported_types | List of supported multi-factor authentication types | recovery_codes,totp | ### Single Sign On diff --git a/src/backend/InvenTree/InvenTree/settings.py b/src/backend/InvenTree/InvenTree/settings.py index d4d42b209e..075381d751 100644 --- a/src/backend/InvenTree/InvenTree/settings.py +++ b/src/backend/InvenTree/InvenTree/settings.py @@ -1220,7 +1220,7 @@ else: if CORS_ALLOWED_ORIGIN_REGEXES: logger.info('CORS: Whitelisted origin regexes: %s', CORS_ALLOWED_ORIGIN_REGEXES) -# region auth +# region auth for app in SOCIAL_BACKENDS: # Ensure that the app starts with 'allauth.socialaccount.providers' social_prefix = 'allauth.socialaccount.providers.' @@ -1304,7 +1304,15 @@ HEADLESS_FRONTEND_URLS = { } HEADLESS_ONLY = True HEADLESS_TOKEN_STRATEGY = 'InvenTree.auth_overrides.DRFTokenStrategy' -MFA_ENABLED = get_boolean_setting('INVENTREE_MFA_ENABLED', 'mfa_enabled', True) +MFA_ENABLED = get_boolean_setting( + 'INVENTREE_MFA_ENABLED', 'mfa_enabled', True +) # TODO re-implement +MFA_SUPPORTED_TYPES = get_setting( + 'INVENTREE_MFA_SUPPORTED_TYPES', + 'mfa_supported_types', + ['totp', 'recovery_codes'], + typecast=list, +) LOGOUT_REDIRECT_URL = get_setting( 'INVENTREE_LOGOUT_REDIRECT_URL', 'logout_redirect_url', 'index' diff --git a/src/frontend/src/pages/Index/Settings/AccountSettings/SecurityContent.tsx b/src/frontend/src/pages/Index/Settings/AccountSettings/SecurityContent.tsx index f1655e34d5..0099f5cf75 100644 --- a/src/frontend/src/pages/Index/Settings/AccountSettings/SecurityContent.tsx +++ b/src/frontend/src/pages/Index/Settings/AccountSettings/SecurityContent.tsx @@ -445,6 +445,7 @@ function MfaAddSection({ refetch: () => void; showRecoveryCodes: (codes: Recoverycodes) => void; }>) { + const [auth_config] = useServerApiState((state) => [state.auth_config]); const [totpQrOpen, { open: openTotpQr, close: closeTotpQr }] = useDisclosure(false); const [totpQr, setTotpQr] = useState<{ totp_url: string; secret: string }>(); @@ -507,8 +508,10 @@ function MfaAddSection({ function: registerRecoveryCodes, used: usedFactors?.includes('recovery_codes') } - ]; - }, [usedFactors]); + ].filter((factor) => { + auth_config?.mfa.supported_types.includes(factor.type); + }); + }, [usedFactors, auth_config]); return (