kpi is the (frontend) server for KoboToolbox. It includes an API for users to access data and manage their forms, question library, sharing settings, create reports, and export data.
When the MFA activation API endpoint is accessed, it fails with a forbidden error if the user is not in the MfaAvailableToUser table (#4556). We had to include a check for user subscription and STRIPE_ENABLED.
Notes
Trench provides a set of views for the MFA API. The view trench.views.MFAMethodActivationView was extended to check, before accepting a call to the activation endpoint, whether or not the user can use MFA by checking the model kobo.apps.accounts.mfa.models.MfaAvailableToUser. The module kobo.apps.accounts.adapter was also changed to use the more centralized function at kobo.apps.accounts.mfa.permissions.mfa_allowed_for_user.
Description
When the MFA activation API endpoint is accessed, it fails with a forbidden error if the user is not in the MfaAvailableToUser table (#4556). We had to include a check for user subscription and STRIPE_ENABLED.
Notes
Trench provides a set of views for the MFA API. The view
trench.views.MFAMethodActivationView
was extended to check, before accepting a call to the activation endpoint, whether or not the user can use MFA by checking the modelkobo.apps.accounts.mfa.models.MfaAvailableToUser
. The modulekobo.apps.accounts.adapter
was also changed to use the more centralized function atkobo.apps.accounts.mfa.permissions.mfa_allowed_for_user
.Related issues
Fixes #4556