remove allauth_2fa flows

InvenTree/InvenTree/forms.py

@@ -1,7 +1,6 @@
 """Helper forms which subclass Django forms to provide additional functionality."""
 
 import logging
-from urllib.parse import urlencode
 
 from django import forms
 from django.conf import settings
@@ -13,10 +12,7 @@ from django.utils.translation import gettext_lazy as _
 
 from allauth.account.adapter import DefaultAccountAdapter
 from allauth.account.forms import LoginForm, SignupForm, set_form_field_order
-from allauth.core.exceptions import ImmediateHttpResponse
 from allauth.socialaccount.adapter import DefaultSocialAccountAdapter
-from allauth_2fa.adapter import OTPAdapter
-from allauth_2fa.utils import user_has_valid_totp_device
 from crispy_forms.bootstrap import AppendedText, PrependedAppendedText, PrependedText
 from crispy_forms.helper import FormHelper
 from crispy_forms.layout import Field, Layout
@@ -336,29 +332,6 @@ class CustomSocialAccountAdapter(
             return super().is_auto_signup_allowed(request, sociallogin)
         return False
 
-    # from OTPAdapter
-    def has_2fa_enabled(self, user):
-        """Returns True if the user has 2FA configured."""
-        return user_has_valid_totp_device(user)
-
-    def login(self, request, user):
-        """Ensure user is send to 2FA before login if enabled."""
-        # Require two-factor authentication if it has been configured.
-        if self.has_2fa_enabled(user):
-            # Cast to string for the case when this is not a JSON serializable
-            # object, e.g. a UUID.
-            request.session['allauth_2fa_user_id'] = str(user.id)
-
-            redirect_url = reverse('two-factor-authenticate')
-            # Add GET parameters to the URL if they exist.
-            if request.GET:
-                redirect_url += '?' + urlencode(request.GET)
-
-            raise ImmediateHttpResponse(response=HttpResponseRedirect(redirect_url))
-
-        # Otherwise defer to the original allauth adapter.
-        return super().login(request, user)
-
     def authentication_error(
         self, request, provider_id, error=None, exception=None, extra_context=None
     ):

InvenTree/InvenTree/middleware.py

@@ -7,9 +7,8 @@ from django.conf import settings
 from django.contrib.auth.middleware import PersistentRemoteUserMiddleware
 from django.http import HttpResponse
 from django.shortcuts import redirect
-from django.urls import Resolver404, include, path, resolve, reverse_lazy
+from django.urls import include, path, resolve, reverse_lazy
 
-from allauth_2fa.middleware import AllauthTwoFactorMiddleware, BaseRequire2FAMiddleware
 from error_report.middleware import ExceptionProcessor
 
 from InvenTree.urls import frontendpatterns
@@ -127,33 +126,6 @@ class AuthRequiredMiddleware(object):
 url_matcher = path('', include(frontendpatterns))
 
 
-class Check2FAMiddleware(BaseRequire2FAMiddleware):
-    """Check if user is required to have MFA enabled."""
-
-    def require_2fa(self, request):
-        """Use setting to check if MFA should be enforced for frontend page."""
-        from common.models import InvenTreeSetting
-
-        try:
-            if url_matcher.resolve(request.path[1:]):
-                return InvenTreeSetting.get_setting('LOGIN_ENFORCE_MFA')
-        except Resolver404:
-            pass
-        return False
-
-
-class CustomAllauthTwoFactorMiddleware(AllauthTwoFactorMiddleware):
-    """This function ensures only frontend code triggers the MFA auth cycle."""
-
-    def process_request(self, request):
-        """Check if requested url is forntend and enforce MFA check."""
-        try:
-            if not url_matcher.resolve(request.path[1:]):
-                super().process_request(request)
-        except Resolver404:
-            pass
-
-
 class InvenTreeRemoteUserMiddleware(PersistentRemoteUserMiddleware):
     """Middleware to check if HTTP-header based auth is enabled and to set it up."""
 

InvenTree/InvenTree/settings.py

@@ -249,7 +249,7 @@ INSTALLED_APPS = [
     'django_otp',  # OTP is needed for MFA - base package
     'django_otp.plugins.otp_totp',  # Time based OTP
     'django_otp.plugins.otp_static',  # Backup codes
-    'allauth_2fa',  # MFA flow for allauth
+    'allauth.mfa',  # MFA for for allauth
     'dj_rest_auth',  # Authentication APIs - dj-rest-auth
     'dj_rest_auth.registration',  # Registration APIs - dj-rest-auth'
     'drf_spectacular',  # API documentation
@@ -269,12 +269,10 @@ MIDDLEWARE = CONFIG.get(
         'django.contrib.auth.middleware.AuthenticationMiddleware',
         'InvenTree.middleware.InvenTreeRemoteUserMiddleware',  # Remote / proxy auth
         'django_otp.middleware.OTPMiddleware',  # MFA support
-        'InvenTree.middleware.CustomAllauthTwoFactorMiddleware',  # Flow control for allauth
         'allauth.account.middleware.AccountMiddleware',
         'django.contrib.messages.middleware.MessageMiddleware',
         'django.middleware.clickjacking.XFrameOptionsMiddleware',
         'InvenTree.middleware.AuthRequiredMiddleware',
-        'InvenTree.middleware.Check2FAMiddleware',  # Check if the user should be forced to use MFA
         'maintenance_mode.middleware.MaintenanceModeMiddleware',
         'InvenTree.middleware.InvenTreeExceptionProcessor',  # Error reporting
     ],

InvenTree/InvenTree/urls.py

@@ -405,7 +405,6 @@ classic_frontendpatterns = [
     ),
     # Override login page
     path('accounts/login/', CustomLoginView.as_view(), name='account_login'),
-    path('accounts/', include('allauth_2fa.urls')),  # MFA support
     path('accounts/', include('allauth.urls')),  # included urlpatterns
 ]