[#2076] Fix admin index with 2fa

Author: pi-sigma

requirements/base.txt

@@ -80,6 +80,7 @@ diff-match-patch==20200713
 django==3.2.23
     # via
     #   -r requirements/base.in
+    #   django-admin-index
     #   django-appconf
     #   django-appdata
     #   django-axes

requirements/ci.txt

@@ -152,6 +152,7 @@ django==3.2.23
     # via
     #   -c requirements/base.txt
     #   -r requirements/base.txt
+    #   django-admin-index
     #   django-appconf
     #   django-appdata
     #   django-axes
@@ -196,7 +197,7 @@ django==3.2.23
     #   mozilla-django-oidc-db
     #   notifications-api-common
     #   zgw-consumers
-django-admin-index==1.5.0
+django-admin-index==3.1.0
     # via
     #   -c requirements/base.txt
     #   -r requirements/base.txt
@@ -330,7 +331,7 @@ django-open-forms-client==0.2.3
     # via
     #   -c requirements/base.txt
     #   -r requirements/base.txt
-django-ordered-model==3.4.3
+django-ordered-model==3.7.4
     # via
     #   -c requirements/base.txt
     #   -r requirements/base.txt

requirements/dev.txt

@@ -185,6 +185,7 @@ django==3.2.23
     #   -c requirements/ci.txt
     #   -r requirements/ci.txt
     #   ddt-api-calls
+    #   django-admin-index
     #   django-appconf
     #   django-appdata
     #   django-axes
@@ -231,7 +232,7 @@ django==3.2.23
     #   mozilla-django-oidc-db
     #   notifications-api-common
     #   zgw-consumers
-django-admin-index==1.5.0
+django-admin-index==3.1.0
     # via
     #   -c requirements/ci.txt
     #   -r requirements/ci.txt
@@ -312,7 +313,7 @@ django-elasticsearch-dsl==7.2.1
     # via
     #   -c requirements/ci.txt
     #   -r requirements/ci.txt
-django-extensions==3.1.3
+django-extensions==3.2.3
     # via -r requirements/dev.in
 django-extra-fields==3.0.2
     # via
@@ -369,7 +370,7 @@ django-open-forms-client==0.2.3
     # via
     #   -c requirements/ci.txt
     #   -r requirements/ci.txt
-django-ordered-model==3.4.3
+django-ordered-model==3.7.4
     # via
     #   -c requirements/ci.txt
     #   -r requirements/ci.txt

src/open_inwoner/conf/base.py

@@ -480,11 +480,6 @@
     "open_inwoner.accounts.backends.CustomOIDCBackend",
 ]
 
-# Allowing OIDC admins to bypass 2FA
-MAYKIN_2FA_ALLOW_MFA_BYPASS_BACKENDS = [
-    "open_inwoner.accounts.backends.CustomOIDCBackend",
-]
-
 
 SESSION_COOKIE_NAME = "open_inwoner_sessionid"
 SESSION_ENGINE = "django.contrib.sessions.backends.cache"
@@ -609,6 +604,11 @@
 ADMIN_INDEX_SHOW_REMAINING_APPS = False
 ADMIN_INDEX_AUTO_CREATE_APP_GROUP = False
 ADMIN_INDEX_SHOW_REMAINING_APPS_TO_SUPERUSERS = False
+ADMIN_INDEX_SHOW_MENU = True
+ADMIN_INDEX_DISPLAY_DROP_DOWN_MENU_CONDITION_FUNCTION = (
+    "open_inwoner.utils.django_two_factor_auth.should_display_dropdown_menu"
+)
+
 
 #
 # DJANGO-AXES (4.0+)
@@ -816,6 +816,10 @@
 TWO_FACTOR_PATCH_ADMIN = False
 TWO_FACTOR_WEBAUTHN_RP_NAME = f"OpenInwoner {ENVIRONMENT}"
 TWO_FACTOR_WEBAUTHN_AUTHENTICATOR_ATTACHMENT = "cross-platform"
+# Allow OIDC admins to bypass 2FA
+MAYKIN_2FA_ALLOW_MFA_BYPASS_BACKENDS = [
+    "open_inwoner.accounts.backends.CustomOIDCBackend",
+]
 
 # file upload limits
 MIN_UPLOAD_SIZE = 1  # in bytes

src/open_inwoner/conf/ci.py

@@ -60,10 +60,6 @@
 # Django privates
 SENDFILE_BACKEND = "django_sendfile.backends.development"
 
-# Two factor auth
-TWO_FACTOR_FORCE_OTP_ADMIN = False
-TWO_FACTOR_PATCH_ADMIN = False
-
 # THOU SHALT NOT USE NAIVE DATETIMES
 warnings.filterwarnings(
     "error",

src/open_inwoner/configurations/migrations/0059_alter_siteconfigurationpage_options.py

@@ -0,0 +1,21 @@
+# Generated by Django 3.2.23 on 2024-02-07 15:19
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("configurations", "0058_siteconfiguration_recipients_email_digest"),
+    ]
+
+    operations = [
+        migrations.AlterModelOptions(
+            name="siteconfigurationpage",
+            options={
+                "ordering": ("order",),
+                "verbose_name": "Flatpage in the footer",
+                "verbose_name_plural": "Flatpages in the footer",
+            },
+        ),
+    ]

src/open_inwoner/configurations/models.py

@@ -611,7 +611,7 @@ class SiteConfigurationPage(OrderedModel):
 
     objects = OrderedModelManager()
 
-    class Meta:
+    class Meta(OrderedModel.Meta):
         verbose_name = _("Flatpage in the footer")
         verbose_name_plural = _("Flatpages in the footer")
 

src/open_inwoner/pdc/models/product.py

@@ -414,7 +414,7 @@ class ProductCondition(OrderedModel):
         help_text=_("Rule for the automated check"),
     )
 
-    class Meta:
+    class Meta(OrderedModel.Meta):
         verbose_name = _("Condition")
         verbose_name_plural = _("Conditions")
         ordering = ("order",)

src/open_inwoner/utils/django_two_factor_auth.py

@@ -1,5 +1,3 @@
-from django.conf import settings
-
 from django_admin_index.utils import (
     should_display_dropdown_menu as default_should_display_dropdown_menu,
 )
@@ -8,12 +6,7 @@
 def should_display_dropdown_menu(request) -> bool:
     default = default_should_display_dropdown_menu(request)
 
-    two_factor_enabled = settings.TWO_FACTOR_PATCH_ADMIN
-    if not two_factor_enabled:
-        return default
-
-    # never display the dropdown in two-factor admin views
-    if request.resolver_match.view_name.startswith("admin:two_factor:"):
+    if request.resolver_match.view_name.startswith("maykin_2fa"):
         return False
 
     return default and request.user.is_verified()