From 14bd4e8ccc97f00d253ae9d06c48ca9dec14cfb3 Mon Sep 17 00:00:00 2001 From: Eduardo Silva Date: Sun, 15 Mar 2026 17:20:18 -0300 Subject: [PATCH] add TOTP authentication method rules and display in user list --- app_gateway/forms.py | 11 +++++++++++ gatekeeper/views.py | 2 +- templates/gatekeeper/gatekeeper_list.html | 20 ++++++++++++++++++-- 3 files changed, 30 insertions(+), 3 deletions(-) diff --git a/app_gateway/forms.py b/app_gateway/forms.py index 0069a6d..92923b8 100644 --- a/app_gateway/forms.py +++ b/app_gateway/forms.py @@ -169,6 +169,7 @@ class AccessPolicyForm(forms.ModelForm): has_local_password = False local_password_count = 0 oidc_count = 0 + totp_count = 0 has_groups = groups and len(groups) > 0 # Count authentication methods @@ -179,6 +180,8 @@ class AccessPolicyForm(forms.ModelForm): local_password_count += 1 elif method.auth_type == 'oidc': oidc_count += 1 + elif method.auth_type == 'totp': + totp_count += 1 # Rule: Cannot select more than one local password method if local_password_count > 1: @@ -188,10 +191,18 @@ class AccessPolicyForm(forms.ModelForm): if oidc_count > 1: self.add_error('methods', _("Cannot select more than one OpenID Connect (OIDC) authentication method.")) + # Rule: Cannot select more than one TOTP method + if totp_count > 1: + self.add_error('methods', _("Cannot select more than one TOTP authentication method.")) + # Rule: Cannot mix local password and oidc if local_password_count > 0 and oidc_count > 0: self.add_error('methods', _("Cannot select both Local Password and OpenID Connect (OIDC) authentication methods.")) + # Rule: TOTP cannot be selected alone — must be combined with local_password or oidc + if totp_count > 0 and local_password_count == 0 and oidc_count == 0: + self.add_error('methods', _("TOTP must be combined with a Local Password or OpenID Connect authentication method.")) + # Rule: If local password is selected, at least one user group must be selected if has_local_password and not has_groups: self.add_error('groups', _("At least one user group must be selected when using Local Password authentication.")) diff --git a/gatekeeper/views.py b/gatekeeper/views.py index 60afdce..2947fe8 100644 --- a/gatekeeper/views.py +++ b/gatekeeper/views.py @@ -24,7 +24,7 @@ def view_gatekeeper_list(request): active_tab = request.GET.get('tab', 'auth_methods') auth_methods = AuthMethod.objects.all().order_by('name') - users = GatekeeperUser.objects.all().order_by('username') + users = GatekeeperUser.objects.all().prefetch_related('groups').order_by('username') groups = GatekeeperGroup.objects.all().order_by('name') auth_domains = AuthMethodAllowedDomain.objects.all().order_by('domain') auth_emails = AuthMethodAllowedEmail.objects.all().order_by('email') diff --git a/templates/gatekeeper/gatekeeper_list.html b/templates/gatekeeper/gatekeeper_list.html index 2b79423..d4d25f9 100644 --- a/templates/gatekeeper/gatekeeper_list.html +++ b/templates/gatekeeper/gatekeeper_list.html @@ -60,6 +60,8 @@ {% trans 'Username' %} {% trans 'Email' %} + {% trans 'TOTP' %} + {% trans 'Groups' %} {% trans 'Actions' %} @@ -68,12 +70,26 @@ {{ user.username }} {{ user.email }} + + {% if user.totp_secret %} + {% trans 'Yes' %} + {% else %} + {% trans 'No' %} + {% endif %} + + + {% for group in user.groups.all %} + {{ group.name }} + {% empty %} + + {% endfor %} + - -