Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: allow reset_otp_secret only if Two Factor Auth is enabled #20506

Merged
merged 3 commits into from
Apr 3, 2023
Merged

fix: allow reset_otp_secret only if Two Factor Auth is enabled #20506

merged 3 commits into from
Apr 3, 2023

Conversation

DaizyModi
Copy link
Contributor

Fix

In user.js

  1. Display Reset OTP Secret button only if Two Factor Auth is enabled from System Settings.

Whitelisted function reset_otp_secret In twofactor.py

  1. Added type hint
  2. validate Two Factor Auth from settings
  3. Use of get_cached_doc and get_cached_value

@DaizyModi DaizyModi requested review from a team and shariquerik and removed request for a team March 29, 2023 12:14
@github-actions github-actions bot added the add-test-cases Add test case to validate fix or enhancement label Mar 29, 2023
@DaizyModi DaizyModi force-pushed the fix-reset_otp_secret-whitelisted-fn branch from 941bce5 to 6976b12 Compare March 29, 2023 12:29
@codecov
Copy link

codecov bot commented Mar 29, 2023
edited

Codecov Report

Merging #20506 (6976b12) into develop (40ad983) will increase coverage by 0.10%.
The diff coverage is 28.57%.

Additional details and impacted files 
@@             Coverage Diff             @@
##           develop   #20506      +/-   ##
===========================================
+ Coverage    63.80%   63.90%   +0.10%     
===========================================
  Files          758      758              
  Lines        68679    68699      +20     
  Branches      6194     6198       +4     
===========================================
+ Hits         43821    43903      +82     
+ Misses       21320    21298      -22     
+ Partials      3538     3498      -40
Flag Coverage Δ
server 68.77% <16.66%> (-0.02%) ⬇️
server-ui 31.65% <0.00%> (-0.03%) ⬇️
ui-tests 51.90% <100.00%> (+0.30%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

@ankush ankush removed the add-test-cases Add test case to validate fix or enhancement label Apr 3, 2023
@ankush ankush merged commit 06580bd into frappe:develop Apr 3, 2023
@ankush ankush deleted the fix-reset_otp_secret-whitelisted-fn branch April 3, 2023 09:32
mergify bot pushed a commit that referenced this pull request Apr 3, 2023
@DaizyModi @mergify
fix: allow reset_otp_secret only if Two Factor Auth is enabled (#20506
eca315c 
)

* fix: display `Reset OTP Secret` button only if Two factor Auth is enabled

* fix: added validations and fetched value from cached doc

* fix: linter changes

(cherry picked from commit 06580bd)
mergify bot pushed a commit that referenced this pull request Apr 3, 2023
@DaizyModi @mergify
fix: allow reset_otp_secret only if Two Factor Auth is enabled (#20506
d378256 
)

* fix: display `Reset OTP Secret` button only if Two factor Auth is enabled

* fix: added validations and fetched value from cached doc

* fix: linter changes

(cherry picked from commit 06580bd)

# Conflicts:
#	frappe/core/doctype/user/user.js
#	frappe/twofactor.py
This was referenced Apr 3, 2023
Merged
Merged
ankush pushed a commit that referenced this pull request Apr 3, 2023
@mergify @DaizyModi
fix: allow reset_otp_secret only if Two Factor Auth is enabled (#20506
ca486c4 
) (#20561)

* fix: display `Reset OTP Secret` button only if Two factor Auth is enabled

* fix: added validations and fetched value from cached doc

* fix: linter changes

(cherry picked from commit 06580bd)

Co-authored-by: Daizy Modi <modidaizy5217@gmail.com>
frappe-pr-bot pushed a commit that referenced this pull request Apr 4, 2023
@frappe-bot
chore(release): Bumped to Version 14.31.0
b176243 
# [14.31.0](v14.30.0...v14.31.0) (2023-04-04)

### Bug Fixes

* allow `reset_otp_secret` only if Two Factor Auth is enabled ([#20506](#20506)) ([#20561](#20561)) ([ca486c4](ca486c4))
* allowed only POST and PUT methods in `rename_doc` ([#20504](#20504)) ([#20565](#20565)) ([fd1f6fe](fd1f6fe))
* bulk update using doc method, check perms ([#20522](#20522)) ([2237968](2237968))
* cannot restore cancelled document if workflow is active ([547efe3](547efe3))
* Check if reference_name is set ([2e9068b](2e9068b))
* content_type can be `None` during file upload ([#20572](#20572)) ([#20574](#20574)) ([ebc6059](ebc6059))
* date field shouldn't be formatted for TZ ([#20486](#20486)) ([#20490](#20490)) ([07b7b46](07b7b46))
* don't hide tab with dashboard if there is a visible section/control ([084e8af](084e8af))
* Drop message_id index before migrating email queue ([#20376](#20376)) ([#20578](#20578)) ([394c232](394c232))
* email linking and message_id indexing ([#20356](#20356)) ([#20579](#20579)) ([5ae94ef](5ae94ef))
* escape HTML instead of sanitizing ([2269d6e](2269d6e))
* fix address query for postgres ([f01566a](f01566a)), closes [/github.com//pull/20537#ref-pullrequest-1645575433](https://github.com//github.com/frappe/frappe/pull/20537/issues/ref-pullrequest-1645575433)
* get workflow_state_fieldname instead of setting workflow_state to none ([bac4e9b](bac4e9b))
* Handle JsBarcode exceptions ([#20532](#20532)) ([b1c3d8b](b1c3d8b))
* heatmap not reset on dashboard refresh ([3c0659b](3c0659b))
* hide chart and heatmap on dashboard reset ([cec7a73](cec7a73))
* Incorrect use of the Walrus operator ([a70a5ca](a70a5ca))
* nestedset rename ([#20498](#20498)) ([#20499](#20499)) ([b831392](b831392))
* removed unnecessary usage of `[@frappe](https://github.com/frappe).whitelist` ([#20503](#20503)) ([#20563](#20563)) ([0af8315](0af8315))
* rewrite query for postgres ([#20557](#20557)) ([#20559](#20559)) ([d754be5](d754be5))
* sending mails to unintended recipients as cc ([1c47643](1c47643))
* **UI:** align link cards & charts on workspace ([82cfd33](82cfd33))
* unsubscribe from list_update before resubbing ([#20450](#20450)) ([#20581](#20581)) ([7866605](7866605))
* use chart type passed to `render_graph` on form dashboards ([015f7db](015f7db))

### Features

* Disable Sharing globally (backport [#20318](#20318)) ([#20492](#20492)) ([67a537c](67a537c))
* list-view click and drag on check box to select multiple rows (backport [#20457](#20457)) ([#20568](#20568)) ([f757a37](f757a37))
* make workflow state translatable ([#20412](#20412)) ([8675789](8675789))
* **util:** `get_table_name`: wrap in backticks ([#20553](#20553)) ([#20556](#20556)) ([5c56dff](5c56dff))

### Performance Improvements

* Faster address query with explicit joins (backport [#20537](#20537)) ([#20540](#20540)) ([2ef7ef5](2ef7ef5))
* unsubscribe from list_update events ([#20423](#20423)) ([#20580](#20580)) ([8a63144](8a63144))
ankush added a commit that referenced this pull request Apr 11, 2023
@mergify @DaizyModi @ankush
fix: allow reset_otp_secret only if Two Factor Auth is enabled (bac…
e8025a4 
…kport #20506) (#20560)

* fix: allow `reset_otp_secret` only if Two Factor Auth is enabled (#20506)

* fix: display `Reset OTP Secret` button only if Two factor Auth is enabled

* fix: added validations and fetched value from cached doc

* fix: linter changes

(cherry picked from commit 06580bd)

# Conflicts:
#	frappe/core/doctype/user/user.js
#	frappe/twofactor.py

* chore: conflicts

---------

Co-authored-by: Daizy Modi <modidaizy5217@gmail.com>
Co-authored-by: Ankush Menat <ankush@frappe.io>
@commit-lint commit-lint bot mentioned this pull request Apr 11, 2023
Merged
frappe-pr-bot pushed a commit that referenced this pull request Apr 11, 2023
@frappe-bot
chore(release): Bumped to Version 13.53.0
809f58e 
# [13.53.0](v13.52.0...v13.53.0) (2023-04-11)

### Bug Fixes

* allow `reset_otp_secret` only if Two Factor Auth is enabled (backport [#20506](#20506)) ([#20560](#20560)) ([e8025a4](e8025a4))
* better permission error for query_report ([#20643](#20643)) ([#20646](#20646)) ([d972af8](d972af8))
* change z-index of freeze component to make it appear above all components ([1878b87](1878b87)), closes [#20538](#20538)
* child row form should be above freeze screen ([9201e84](9201e84))
* client script add to instead of replace ([0c7ac16](0c7ac16))
* client_script default value ([9ed7851](9ed7851))
* german translation of workflow state ([#20609](#20609)) ([#20615](#20615)) ([3769bdf](3769bdf))
* **grid row:** fix prettier hook check ([9309687](9309687))
* **grid row:** fix update_docfield_property function not updating grid row ([558f908](558f908))
* **ListView:** Evaluate sort_field sort_order within listviews based on DocTypes Definition ([#20482](#20482)) ([ba3cf84](ba3cf84))
* log requests even if no response ([#20638](#20638)) ([#20639](#20639)) ([ae4f7dd](ae4f7dd))
* no optional chaining in v13 ([d08627b](d08627b))
* **pretty-date:** plural form when the value is 1 ([#20619](#20619)) ([#20641](#20641)) ([4d6b776](4d6b776))
* validate if doctype exists before syncing customisations ([#20598](#20598)) ([#20644](#20644)) ([32ba65f](32ba65f))

### Features

* add context to confirm dailog ([0e21299](0e21299))
* add context to prompt dialog ([1bbf9c9](1bbf9c9))
* make report name translatable (backport [#20608](#20608)) ([#20617](#20617)) ([a92e69e](a92e69e))
* **minor:** log datetime in worker log (backport [#20414](#20414)) ([#20569](#20569)) ([dccb6af](dccb6af))
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Apr 18, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@ankush ankush ankush approved these changes

@surajshetty3416 surajshetty3416 Awaiting requested review from surajshetty3416

@shariquerik shariquerik Awaiting requested review from shariquerik

Assignees
No one assigned
Labels
backport version-14-hotfix backport to version 14
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@DaizyModi @ankush