Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Setup wizard crashes if registry is empty #742

Open
dawidwolski-identt opened this issue Oct 16, 2024 · 1 comment
Open

Setup wizard crashes if registry is empty #742

dawidwolski-identt opened this issue Oct 16, 2024 · 1 comment

Comments

@dawidwolski-identt
Copy link

Setup wizard crashes on MethodForm if registry is empty.

Expected Behavior

The wizard should show warning and do not allow user to proceed if there is no methods in the registry.

Current Behavior

HTTP 500 and

Traceback (most recent call last):
  File "/usr/local/lib/python3.11/dist-packages/django/core/handlers/base.py", line 181, in _get_response
    response = wrapped_callback(request, *callback_args, **callback_kwargs)
  File "/usr/local/lib/python3.11/dist-packages/sentry_sdk/integrations/django/views.py", line 90, in sentry_wrapped_callback
    return callback(request, *args, **kwargs)
  File "/usr/local/lib/python3.11/dist-packages/django/views/generic/base.py", line 70, in view
    return self.dispatch(request, *args, **kwargs)
  File "/usr/local/lib/python3.11/dist-packages/django/utils/decorators.py", line 43, in _wrapper
    return bound_method(*args, **kwargs)
  File "/usr/local/lib/python3.11/dist-packages/django/views/decorators/cache.py", line 44, in _wrapped_view_func
    response = view_func(request, *args, **kwargs)
  File "/usr/local/lib/python3.11/dist-packages/django/utils/decorators.py", line 43, in _wrapper
    return bound_method(*args, **kwargs)
  File "/usr/local/lib/python3.11/dist-packages/django/contrib/auth/decorators.py", line 21, in _wrapped_view
    return view_func(request, *args, **kwargs)
  File "/usr/local/lib/python3.11/dist-packages/formtools/wizard/views.py", line 244, in dispatch
    response = super().dispatch(request, *args, **kwargs)
  File "/usr/local/lib/python3.11/dist-packages/django/views/generic/base.py", line 98, in dispatch
    return handler(request, *args, **kwargs)
  File "/usr/local/lib/python3.11/dist-packages/two_factor/views/utils.py", line 169, in post
    return super().post(*args, **kwargs)
  File "/usr/local/lib/python3.11/dist-packages/formtools/wizard/views.py", line 305, in post
    return self.render_next_step(form)
  File "/usr/local/lib/python3.11/dist-packages/two_factor/views/core.py", line 529, in render_next_step
    return super().render_next_step(form, **kwargs)
  File "/usr/local/lib/python3.11/dist-packages/formtools/wizard/views.py", line 316, in render_next_step
    new_form = self.get_form(
  File "/usr/local/lib/python3.11/dist-packages/two_factor/views/core.py", line 491, in get_form
    return super().get_form(step=step, **kwargs)
  File "/usr/local/lib/python3.11/dist-packages/formtools/wizard/views.py", line 426, in get_form
    return form_class(**kwargs)
  File "/usr/local/lib/python3.11/dist-packages/two_factor/forms.py", line 26, in __init__
    method.initial = method.choices[0][0]
IndexError: list index out of range

Possible Solution

Do not allow user to proceed to the method step (gray out Next button on "welcome" step) or show message instead of method list on "method" step.

Steps to Reproduce (for bugs)

  1. Remove all methods from registry
  2. Go to setup wizard
  3. Proceed to "method" step

Context

We allow administrators to select which methods are allowed. They can disable all methods. We can handle that case on our side or we can discuss and choose solution here.

Your Environment

  • Browser and version: N/A
  • Python version: 3.11.2
  • Django version: 3.2.25
  • django-otp version: 1.5.4
  • django-two-factor-auth version: 1.16.0
  • Link to your project: closed source
@moggers87
Copy link
Collaborator

I feel like this is expected behaviour if all registry methods have been removed.

Maybe consider using a custom decorator, e.g.

def redirect_on_empty_registry(func):
  @wraps(func)
    def inner(request, *args, **kwargs):
      if len(registry.get_methods()) == 0:
        return redirect("somewhere-else")
      return func(request, *args, **kwargs)
  return inner

setup_view = redirect_on_empty_registry(SetupView.as_view())

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@moggers87 @dawidwolski-identt