remove unused TOTP field and update user model constraints

2026-03-17 14:26:18 +00:00 · 2026-03-15 16:29:20 -03:00
parent 6b70701c9c
commit 517bd14bdb
4 changed files with 35 additions and 9 deletions
--- a/containers/caddy/config_example/auth_policies.json
+++ b/containers/caddy/config_example/auth_policies.json
@@ -5,8 +5,7 @@
    },
    "totp_default": {
      "type": "totp",
-      "totp_secret": "",
-      "totp_before_auth": false
+      "totp_secret": ""
    },
    "google_workspace_admins": {
      "type": "oidc",
--- a/gatekeeper/forms.py
+++ b/gatekeeper/forms.py
@@ -92,14 +92,13 @@ class AuthMethodForm(forms.ModelForm):
    class Meta:
        model = AuthMethod
        fields = [
-            'name', 'auth_type', 'totp_secret', 'totp_before_auth',
+            'name', 'auth_type', 'totp_secret',
            'oidc_provider', 'oidc_client_id', 'oidc_client_secret'
        ]
        labels = {
            'name': _('Name'),
            'auth_type': _('Authentication Type'),
            'totp_secret': _('Global TOTP Secret'),
-            'totp_before_auth': _('Global TOTP Before Authentication'),
            'oidc_provider': _('OIDC Provider URL'),
            'oidc_client_id': _('OIDC Client ID'),
            'oidc_client_secret': _('OIDC Client Secret'),
@@ -122,7 +121,6 @@ class AuthMethodForm(forms.ModelForm):
            Div(
                Div('totp_secret', css_class='col-xl-6'),
                Div('totp_pin', css_class='col-xl-6'),
-                Div('totp_before_auth', css_class='col-xl-12'),
                css_class='row totp-group'
            ),
            Div(
--- a/gatekeeper/migrations/0007_remove_authmethod_totp_before_auth_and_more.py
+++ b/gatekeeper/migrations/0007_remove_authmethod_totp_before_auth_and_more.py
@@ -0,0 +1,31 @@
+# Generated by Django 5.2.12 on 2026-03-15 19:28
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('gatekeeper', '0006_gatekeeperuser_password_hash'),
+    ]
+
+    operations = [
+        migrations.RemoveField(
+            model_name='authmethod',
+            name='totp_before_auth',
+        ),
+        migrations.RemoveField(
+            model_name='gatekeeperuser',
+            name='password_hash',
+        ),
+        migrations.AlterField(
+            model_name='gatekeeperuser',
+            name='email',
+            field=models.EmailField(blank=True, max_length=254, unique=True),
+        ),
+        migrations.AlterField(
+            model_name='gatekeeperuser',
+            name='password',
+            field=models.CharField(blank=True, help_text='Password for local authentication (leave blank if not using)', max_length=250),
+        ),
+    ]
--- a/gatekeeper/models.py
+++ b/gatekeeper/models.py
@@ -15,7 +15,6 @@ class AuthMethod(models.Model):

    # TOTP-specific fields
    totp_secret = models.CharField(max_length=255, blank=True, help_text=_("Shared/global TOTP secret key"))
-    totp_before_auth = models.BooleanField(default=False)

    # OIDC-specific fields
    oidc_provider = models.CharField(max_length=64, blank=True)
@@ -65,9 +64,8 @@ class AuthMethodAllowedEmail(models.Model):

 class GatekeeperUser(models.Model):
    username = models.SlugField(max_length=64, unique=True)
-    email = models.EmailField(unique=True)
-    password = models.CharField(blank=True, max_length=128, help_text=_("Password for local authentication (leave blank if not using)"))
-    password_hash = models.CharField(blank=True, null=True, max_length=128)
+    email = models.EmailField(unique=True, blank=True)
+    password = models.CharField(blank=True, max_length=250, help_text=_("Password for local authentication (leave blank if not using)"))
    totp_secret = models.CharField(max_length=255, blank=True, help_text=_("Per-user TOTP secret key"))

    created = models.DateTimeField(auto_now_add=True)