diff --git a/api/controllers/console/auth/mfa.py b/api/controllers/console/auth/mfa.py index 38d0278125..4be7294a8f 100644 --- a/api/controllers/console/auth/mfa.py +++ b/api/controllers/console/auth/mfa.py @@ -6,6 +6,7 @@ from flask_restful import Resource, reqparse from controllers.console.wraps import account_initialization_required from libs.login import login_required from models.account import Account +from models.engine import db from services.mfa_service import MFAService @@ -15,7 +16,7 @@ class MFASetupInitApi(Resource): def post(self): """Initialize MFA setup - generate secret and QR code.""" account = cast(Account, flask_login.current_user) - + try: mfa_status = MFAService.get_mfa_status(account) if mfa_status["enabled"]: @@ -100,7 +101,6 @@ class MFAVerifyApi(Resource): parser.add_argument("mfa_token", type=str, required=True, help="MFA token is required") args = parser.parse_args() - from models.engine import db account = db.session.query(Account).filter_by(email=args["email"]).first() if not account: diff --git a/api/migrations/versions/2025_07_08_1500-abc123def456_add_account_mfa_settings_table.py b/api/migrations/versions/2025_07_08_1500-abc123def456_add_account_mfa_settings_table.py index 2d09e1717f..f94a79afd4 100644 --- a/api/migrations/versions/2025_07_08_1500-abc123def456_add_account_mfa_settings_table.py +++ b/api/migrations/versions/2025_07_08_1500-abc123def456_add_account_mfa_settings_table.py @@ -6,9 +6,7 @@ Create Date: 2025-07-08 15:00:00.000000 """ from alembic import op -import models as models import sqlalchemy as sa -from sqlalchemy.dialects import postgresql # revision identifiers, used by Alembic. revision = 'abc123def456' diff --git a/api/services/mfa_service.py b/api/services/mfa_service.py index 04391d3591..9b458fad4f 100644 --- a/api/services/mfa_service.py +++ b/api/services/mfa_service.py @@ -7,6 +7,7 @@ from datetime import datetime import pyotp import qrcode +from libs.password import compare_password from models.account import Account, AccountMFASettings from models.engine import db @@ -63,8 +64,7 @@ class MFAService: try: totp = pyotp.TOTP(secret) return totp.verify(token, valid_window=1) - except Exception as e: - print(f"[MFA DEBUG] verify_totp error: {type(e).__name__}: {str(e)}") + except Exception: return False @staticmethod @@ -129,8 +129,6 @@ class MFAService: @staticmethod def disable_mfa(account: Account, password: str) -> bool: """Disable MFA for account after password verification.""" - from libs.password import compare_password - # Verify password if account.password is None or not compare_password(password, account.password, account.password_salt): return False @@ -178,28 +176,19 @@ class MFAService: @staticmethod def authenticate_with_mfa(account: Account, token: str) -> bool: """Authenticate user with MFA token (TOTP or backup code).""" - print(f"[MFA DEBUG] authenticate_with_mfa called with token: {token}") mfa_settings = db.session.query(AccountMFASettings).filter_by(account_id=account.id).first() if not mfa_settings or not mfa_settings.enabled: - print("[MFA DEBUG] MFA not enabled, returning True") return True - print(f"[MFA DEBUG] MFA enabled, secret: {mfa_settings.secret[:10]}...") - # Try TOTP first - print("[MFA DEBUG] Trying TOTP verification") if MFAService.verify_totp(mfa_settings.secret, token): - print("[MFA DEBUG] TOTP verification successful") return True # Try backup code - print("[MFA DEBUG] Trying backup code verification") if MFAService.verify_backup_code(mfa_settings, token): - print("[MFA DEBUG] Backup code verification successful") return True - print("[MFA DEBUG] All verifications failed") return False @staticmethod