diff --git a/app_gateway/forms.py b/app_gateway/forms.py
index 0069a6d..92923b8 100644
--- a/app_gateway/forms.py
+++ b/app_gateway/forms.py
@@ -169,6 +169,7 @@ class AccessPolicyForm(forms.ModelForm):
has_local_password = False
local_password_count = 0
oidc_count = 0
+ totp_count = 0
has_groups = groups and len(groups) > 0
# Count authentication methods
@@ -179,6 +180,8 @@ class AccessPolicyForm(forms.ModelForm):
local_password_count += 1
elif method.auth_type == 'oidc':
oidc_count += 1
+ elif method.auth_type == 'totp':
+ totp_count += 1
# Rule: Cannot select more than one local password method
if local_password_count > 1:
@@ -188,10 +191,18 @@ class AccessPolicyForm(forms.ModelForm):
if oidc_count > 1:
self.add_error('methods', _("Cannot select more than one OpenID Connect (OIDC) authentication method."))
+ # Rule: Cannot select more than one TOTP method
+ if totp_count > 1:
+ self.add_error('methods', _("Cannot select more than one TOTP authentication method."))
+
# Rule: Cannot mix local password and oidc
if local_password_count > 0 and oidc_count > 0:
self.add_error('methods', _("Cannot select both Local Password and OpenID Connect (OIDC) authentication methods."))
+ # Rule: TOTP cannot be selected alone — must be combined with local_password or oidc
+ if totp_count > 0 and local_password_count == 0 and oidc_count == 0:
+ self.add_error('methods', _("TOTP must be combined with a Local Password or OpenID Connect authentication method."))
+
# Rule: If local password is selected, at least one user group must be selected
if has_local_password and not has_groups:
self.add_error('groups', _("At least one user group must be selected when using Local Password authentication."))
diff --git a/gatekeeper/views.py b/gatekeeper/views.py
index 60afdce..2947fe8 100644
--- a/gatekeeper/views.py
+++ b/gatekeeper/views.py
@@ -24,7 +24,7 @@ def view_gatekeeper_list(request):
active_tab = request.GET.get('tab', 'auth_methods')
auth_methods = AuthMethod.objects.all().order_by('name')
- users = GatekeeperUser.objects.all().order_by('username')
+ users = GatekeeperUser.objects.all().prefetch_related('groups').order_by('username')
groups = GatekeeperGroup.objects.all().order_by('name')
auth_domains = AuthMethodAllowedDomain.objects.all().order_by('domain')
auth_emails = AuthMethodAllowedEmail.objects.all().order_by('email')
diff --git a/templates/gatekeeper/gatekeeper_list.html b/templates/gatekeeper/gatekeeper_list.html
index 2b79423..d4d25f9 100644
--- a/templates/gatekeeper/gatekeeper_list.html
+++ b/templates/gatekeeper/gatekeeper_list.html
@@ -60,6 +60,8 @@
| {% trans 'Username' %} |
{% trans 'Email' %} |
+ {% trans 'TOTP' %} |
+ {% trans 'Groups' %} |
{% trans 'Actions' %} |
@@ -68,12 +70,26 @@
| {{ user.username }} |
{{ user.email }} |
+
+ {% if user.totp_secret %}
+ {% trans 'Yes' %}
+ {% else %}
+ {% trans 'No' %}
+ {% endif %}
+ |
+
+ {% for group in user.groups.all %}
+ {{ group.name }}
+ {% empty %}
+ —
+ {% endfor %}
+ |
-
-
|