Merge 9cf9dfe into 5a7fd4e

vantage6 · Dec 4, 2023 · 5539eca · 5539eca
2 parents 5a7fd4e + 9cf9dfe
commit 5539eca
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 4 deletions.
diff --git a/docs/server/yaml/server_config.yaml b/docs/server/yaml/server_config.yaml
@@ -29,6 +29,10 @@ uri: sqlite:///test.sqlite
 # testing/developing.
 allow_drop_all: True
 
+# Enable or disable two-factor authentication. If enabled, users will be
+# presented with a QR-code to scan with their phone the first time they log in.
+two_factor_auth: true
+
 # The secret key used to generate JWT authorization tokens. This should
 # be kept secret as others are able to generate access tokens if they
 # know this secret. This parameter is optional. In case it is not

diff --git a/vantage6-server/vantage6/server/resource/common/input_schema.py b/vantage6-server/vantage6/server/resource/common/input_schema.py
@@ -257,7 +257,20 @@ class RecoverPasswordInputSchema(Schema):
     username = fields.String(validate=Length(max=_MAX_LEN_NAME))
 
     @validates_schema
-    def validate_email_or_username(self, data, **kwargs):
+    def validate_email_or_username(self, data: dict, **kwargs):
+        """
+        Validate the input, which should contain either an email or username.
+
+        Parameters
+        ----------
+        data : dict
+            The input data.
+
+        Raises
+        ------
+        ValidationError
+            If the input does not contain an email or username.
+        """
         if not ('email' in data or 'username' in data):
             raise ValidationError('Email or username is required')
 
@@ -268,10 +281,12 @@ class ResetPasswordInputSchema(_PasswordValidationSchema):
                                 validate=Length(max=_MAX_LEN_STR_LONG))
 
 
-class Recover2FAInputSchema(_PasswordValidationSchema):
+class Recover2FAInputSchema(Schema):
     """ Schema for validating input for recovering 2FA. """
     email = fields.Email()
     username = fields.String(validate=Length(max=_MAX_LEN_NAME))
+    password = fields.String(required=True, validate=Length(
+        min=1, max=_MAX_LEN_PW))
 
     @validates_schema
     def validate_email_or_username(self, data: dict, **kwargs):

diff --git a/vantage6-server/vantage6/server/resource/recover.py b/vantage6-server/vantage6/server/resource/recover.py
@@ -382,7 +382,7 @@ def post(self):
             log.info("Someone request 2FA reset for non-existing account"
                      f" {account_name}")
             # we do not tell them.... But we won't continue either
-            return ret
+            return ret, HTTPStatus.OK
 
         # check password
         user, code = user_login(self.config, user.username, password,
@@ -431,7 +431,7 @@ def post(self):
             )
         )
 
-        return ret
+        return ret, HTTPStatus.OK
 
 
 class ChangePassword(ServicesResources):