WIP.

Author: Michał Kopydłowski

trench/decorators.py

@@ -0,0 +1,27 @@
+from django.contrib.auth import REDIRECT_FIELD_NAME
+from django.contrib.auth.decorators import user_passes_test
+
+from trench.command.authenticate_second_factor import authenticate_second_step_command
+
+
+def mfa_login_required(
+    function=None, redirect_field_name=REDIRECT_FIELD_NAME, login_url=None
+):
+    """
+    Decorator for views that checks that the user is logged in, redirecting
+    to the log-in page if necessary.
+    """
+
+    def test(user):
+        # return user.is_verified() or (user.is_authenticated and not user_has_device(user))
+        return authenticate_second_step_command
+
+    actual_decorator = user_passes_test(
+        lambda u: u.is_authenticated,
+        # test,
+        login_url=login_url,
+        redirect_field_name=redirect_field_name,
+    )
+    if function:
+        return actual_decorator(function)
+    return actual_decorator

trench/views/base.py

@@ -1,3 +1,4 @@
+from django.contrib.auth.decorators import login_required
 from django.contrib.auth.models import User
 from django.db.models import QuerySet
 from django.utils.translation import gettext_lazy as _
@@ -24,6 +25,7 @@
     regenerate_backup_codes_for_mfa_method_command,
 )
 from trench.command.set_primary_mfa_method import set_primary_mfa_method_command
+from trench.decorators import mfa_login_required
 from trench.exceptions import MFAMethodDoesNotExistError, MFAValidationError
 from trench.query.get_mfa_config_by_name import get_mfa_config_by_name_query
 from trench.responses import ErrorResponse
@@ -210,6 +212,7 @@ class MFAMethodRequestCodeView(APIView):
     permission_classes = (IsAuthenticated,)
 
     @staticmethod
+    @login_required
     def post(request: Request) -> Response:
         serializer = MFAMethodCodeSerializer(data=request.data)
         serializer.is_valid(raise_exception=True)