diff --git a/InvenTree/InvenTree/settings.py b/InvenTree/InvenTree/settings.py index 68d8d4565906..5692fd457593 100644 --- a/InvenTree/InvenTree/settings.py +++ b/InvenTree/InvenTree/settings.py @@ -868,6 +868,8 @@ ACCOUNT_DEFAULT_HTTP_PROTOCOL = get_setting('INVENTREE_LOGIN_DEFAULT_HTTP_PROTOCOL', 'login_default_protocol', 'http') ACCOUNT_LOGOUT_ON_PASSWORD_CHANGE = True ACCOUNT_PREVENT_ENUMERATION = True +# 2FA +REMOVE_SUCCESS_URL = 'settings' # override forms / adapters ACCOUNT_FORMS = { diff --git a/InvenTree/InvenTree/urls.py b/InvenTree/InvenTree/urls.py index 0cf125f32a7e..4098359bc714 100644 --- a/InvenTree/InvenTree/urls.py +++ b/InvenTree/InvenTree/urls.py @@ -38,9 +38,9 @@ CustomEmailView, CustomLoginView, CustomPasswordResetFromKeyView, CustomSessionDeleteOtherView, CustomSessionDeleteView, - CustomTwoFactorRemove, DatabaseStatsView, DynamicJsView, - EditUserView, IndexView, NotificationsView, SearchView, - SetPasswordView, SettingsView, auth_request) + DatabaseStatsView, DynamicJsView, EditUserView, IndexView, + NotificationsView, SearchView, SetPasswordView, + SettingsView, auth_request) admin.site.site_header = "InvenTree Admin" @@ -191,10 +191,6 @@ re_path(r'^accounts/social/connections/', CustomConnectionsView.as_view(), name='socialaccount_connections'), re_path(r"^accounts/password/reset/key/(?P[0-9A-Za-z]+)-(?P.+)/$", CustomPasswordResetFromKeyView.as_view(), name="account_reset_password_from_key"), - # Temporary fix for django-allauth-2fa # TODO remove - # See https://github.com/inventree/InvenTree/security/advisories/GHSA-8j76-mm54-52xq - re_path(r'^accounts/two_factor/remove/?$', CustomTwoFactorRemove.as_view(), name='two-factor-remove'), - # Override login page re_path("accounts/login/", CustomLoginView.as_view(), name="account_login"), diff --git a/InvenTree/InvenTree/views.py b/InvenTree/InvenTree/views.py index 9cb04e09d12f..9819defcf639 100644 --- a/InvenTree/InvenTree/views.py +++ b/InvenTree/InvenTree/views.py @@ -27,7 +27,6 @@ PasswordResetFromKeyView) from allauth.socialaccount.forms import DisconnectForm from allauth.socialaccount.views import ConnectionsView -from allauth_2fa.views import TwoFactorRemove from djmoney.contrib.exchange.models import ExchangeBackend, Rate from user_sessions.views import SessionDeleteOtherView, SessionDeleteView @@ -664,9 +663,3 @@ class NotificationsView(TemplateView): """View for showing notifications.""" template_name = "InvenTree/notifications/notifications.html" - - -# Custom 2FA removal form to allow custom redirect URL -class CustomTwoFactorRemove(TwoFactorRemove): - """Specify custom URL redirect.""" - success_url = reverse_lazy("settings")