fix: auto-create otp bypass tokens when enabling otp

ocadotechnology · Feb 21, 2025 · 6312314 · 6312314
1 parent 2a9e6a7
commit 6312314
Show file tree

Hide file tree

Showing 5 changed files with 26 additions and 9 deletions.
diff --git a/Pipfile.lock b/Pipfile.lock
diff --git a/settings.py b/settings.py
@@ -20,6 +20,11 @@
 
 secrets = set_up_settings(BASE_DIR, service_name="portal")
 
+# pylint: disable-next=wrong-import-position,wildcard-import,unused-wildcard-import
+from codeforlife.settings import *
+
+SECRET_KEY = secrets.SECRET_KEY
+
 # ------------------------------------------------------------------------------
 # TODO: Clean settings below
 # ------------------------------------------------------------------------------
@@ -80,7 +85,10 @@
 
 if os.environ.get("STATIC_MODE", "") == "pipeline":
     STATICFILES_FINDERS = ["pipeline.finders.PipelineFinder"]
-    STATICFILES_STORAGE = "pipeline.storage.PipelineStorage"
+    STORAGES = {
+        **STORAGES,  # type: ignore[has-type]
+        "staticfiles": {"BACKEND": "pipeline.storage.PipelineStorage"},
+    }
 
     PIPELINE = {
         "COMPILERS": ("portal.pipeline_compilers.LibSassCompiler",),
@@ -251,8 +259,6 @@ def domain():
 # TODO: Clean settings above
 # ------------------------------------------------------------------------------
 
-# pylint: disable-next=wrong-import-position,wildcard-import,unused-wildcard-import
-from codeforlife.settings import *
 
 ROOT_URLCONF = "src.urls"
 

diff --git a/src/api/serializers/auth_factor.py b/src/api/serializers/auth_factor.py
@@ -6,7 +6,7 @@
 import re
 
 from codeforlife.serializers import ModelSerializer
-from codeforlife.user.models import AuthFactor, User
+from codeforlife.user.models import AuthFactor, OtpBypassToken, User
 from rest_framework import serializers
 
 # pylint: disable=missing-class-docstring
@@ -62,4 +62,9 @@ def validate(self, attrs):
     def create(self, validated_data):
         validated_data["user_id"] = self.request.auth_user.id
         validated_data.pop("otp", None)
-        return super().create(validated_data)
+        auth_factor = super().create(validated_data)
+
+        if auth_factor.type == AuthFactor.Type.OTP:
+            OtpBypassToken.objects.bulk_create(auth_factor.user)
+
+        return auth_factor
diff --git a/src/api/serializers/auth_factor_test.py b/src/api/serializers/auth_factor_test.py
@@ -6,7 +6,12 @@
 from unittest.mock import Mock, patch
 
 from codeforlife.tests import ModelSerializerTestCase
-from codeforlife.user.models import AuthFactor, TeacherUser, User
+from codeforlife.user.models import (
+    AuthFactor,
+    OtpBypassToken,
+    TeacherUser,
+    User,
+)
 
 from .auth_factor import AuthFactorSerializer
 
@@ -99,3 +104,5 @@ def test_create__otp(self):
             new_data={"user": user.id},
             context={"request": self.request_factory.post(user=user)},
         )
+
+        assert user.otp_bypass_tokens.count() == OtpBypassToken.max_count
diff --git a/src/api/views/otp_bypass_token.py b/src/api/views/otp_bypass_token.py
@@ -33,7 +33,6 @@ def get_permissions(self):
     def get_queryset(self):
         return OtpBypassToken.objects.filter(user=self.request.auth_user)
 
-    # TODO: replace this custom action with bulk create and list serializer.
     @action(detail=False, methods=["post"])
     def generate(self, request: Request):
         """