From 63947346e94c27848a325117530e93557c8aadd9 Mon Sep 17 00:00:00 2001 From: wh1te909 <7434746+wh1te909@users.noreply.github.com> Date: Fri, 15 Nov 2024 20:18:41 +0000 Subject: [PATCH] remove deprecated login endpoints --- api/tacticalrmm/accounts/views.py | 87 ----------------------------- api/tacticalrmm/tacticalrmm/urls.py | 4 +- 2 files changed, 1 insertion(+), 90 deletions(-) diff --git a/api/tacticalrmm/accounts/views.py b/api/tacticalrmm/accounts/views.py index f0f6cf2b..5be38b9f 100644 --- a/api/tacticalrmm/accounts/views.py +++ b/api/tacticalrmm/accounts/views.py @@ -135,93 +135,6 @@ class LoginViewV2(KnoxLoginView): return notify_error("Bad credentials") -class CheckCreds(KnoxLoginView): - # TODO - # This view is deprecated as of 0.19.0 - # Needed for the initial update to 0.19.0 so frontend code doesn't break on login - permission_classes = (AllowAny,) - - def post(self, request, format=None): - # check credentials - serializer = AuthTokenSerializer(data=request.data) - if not serializer.is_valid(): - AuditLog.audit_user_failed_login( - request.data["username"], debug_info={"ip": request._client_ip} - ) - return notify_error("Bad credentials") - - user = serializer.validated_data["user"] - - if user.block_dashboard_login or user.is_sso_user: - return notify_error("Bad credentials") - - # block local logon if configured - core_settings = get_core_settings() - if not user.is_superuser and core_settings.block_local_user_logon: - return notify_error("Bad credentials") - - # if totp token not set modify response to notify frontend - if not user.totp_key: - login(request, user) - response = super(CheckCreds, self).post(request, format=None) - response.data["totp"] = "totp not set" - return response - - return Response("ok") - - -class LoginView(KnoxLoginView): - # TODO - # This view is deprecated as of 0.19.0 - # Needed for the initial update to 0.19.0 so frontend code doesn't break on login - permission_classes = (AllowAny,) - - def post(self, request, format=None): - valid = False - - serializer = AuthTokenSerializer(data=request.data) - serializer.is_valid(raise_exception=True) - user = serializer.validated_data["user"] - - if user.block_dashboard_login or user.is_sso_user: - return notify_error("Bad credentials") - - # block local logon if configured - core_settings = get_core_settings() - if not user.is_superuser and core_settings.block_local_user_logon: - return notify_error("Bad credentials") - - token = request.data["twofactor"] - totp = pyotp.TOTP(user.totp_key) - - if settings.DEBUG and token == "sekret": - valid = True - elif getattr(settings, "DEMO", False): - valid = True - elif totp.verify(token, valid_window=10): - valid = True - - if valid: - login(request, user) - - # save ip information - ipw = IpWare() - client_ip, _ = ipw.get_client_ip(request.META) - if client_ip: - user.last_login_ip = str(client_ip) - user.save() - - AuditLog.audit_user_login_successful( - request.data["username"], debug_info={"ip": request._client_ip} - ) - return super(LoginView, self).post(request, format=None) - else: - AuditLog.audit_user_failed_twofactor( - request.data["username"], debug_info={"ip": request._client_ip} - ) - return notify_error("Bad credentials") - - class GetDeleteActiveLoginSessionsPerUser(APIView): permission_classes = [IsAuthenticated, AccountsPerms] diff --git a/api/tacticalrmm/tacticalrmm/urls.py b/api/tacticalrmm/tacticalrmm/urls.py index 3bc77d66..b5b19094 100644 --- a/api/tacticalrmm/tacticalrmm/urls.py +++ b/api/tacticalrmm/tacticalrmm/urls.py @@ -2,7 +2,7 @@ from django.conf import settings from django.urls import include, path, register_converter from knox import views as knox_views -from accounts.views import CheckCreds, CheckCredsV2, LoginView, LoginViewV2 +from accounts.views import CheckCredsV2, LoginViewV2 from ee.sso.urls import allauth_urls # from agents.consumers import SendCMD @@ -28,8 +28,6 @@ urlpatterns = [ path("_allauth/", include(allauth_urls)), path("v2/checkcreds/", CheckCredsV2.as_view()), path("v2/login/", LoginViewV2.as_view()), - path("checkcreds/", CheckCreds.as_view()), # DEPRECATED AS OF 0.19.0 - path("login/", LoginView.as_view()), # DEPRECATED AS OF 0.19.0 path("logout/", knox_views.LogoutView.as_view()), path("logoutall/", knox_views.LogoutAllView.as_view()), path("api/v3/", include("apiv3.urls")),