From 619a0bd612fee9c399b3cfed2495b076263dfa38 Mon Sep 17 00:00:00 2001
From: Jorran de Wit <jorrandewit@outlook.com>
Date: Thu, 28 Mar 2019 07:55:25 +0100
Subject: [PATCH] Close admin login

---
 SciPost_v1/urls.py | 4 +++-
 scipost/totp.py    | 1 +
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/SciPost_v1/urls.py b/SciPost_v1/urls.py
index 0738a0e6c..cada26ad3 100644
--- a/SciPost_v1/urls.py
+++ b/SciPost_v1/urls.py
@@ -3,6 +3,7 @@ __license__ = "AGPL v3"
 
 
 from django.conf import settings
+from django.contrib.auth.decorators import login_required
 from django.conf.urls import include, url
 from django.conf.urls.static import static
 from django.contrib import admin
@@ -28,7 +29,8 @@ router.register(r'news', NewsItemViewSet)
 router.register(r'conflicts', ConflictOfInterestViewSet)
 router.register(r'publications/GoogleScholar', PublicationViewSetForGoogleScholar)
 
-
+# Disable admin login view which is essentially a 2FA workaround.
+admin.site.login = login_required(admin.site.login)
 
 # Base URLs
 urlpatterns = [
diff --git a/scipost/totp.py b/scipost/totp.py
index 7beecf397..b224bfa6c 100644
--- a/scipost/totp.py
+++ b/scipost/totp.py
@@ -43,6 +43,7 @@ class TOTPVerification:
                 # 1. Check if the current counter is higher than the value of last verified counter
                 # 2. Check if entered token is correct
                 valid_token = totp.verify(code, for_time=time_int, valid_window=self.tolerance)
+
                 if not valid_token:
                     # Token not valid
                     continue
-- 
GitLab