From 0b6208a0f7cf14befad00b35ed21113ed46ea7fe Mon Sep 17 00:00:00 2001 From: Oleg Bulkin Date: Wed, 19 Jul 2017 19:55:22 -0700 Subject: [PATCH] [9.0][FIX][IMP] Backport of auth_totp bug fixes and improvements from v10 PR (#898) * [FIX] auth_totp: Permissions fix and other tweaks * Slightly reword README * Replace LasLabs logo with OCA one * Overload _build_model in res.users model to add two MFA fields to the model class's list of self-writeable fields, allowing these fields to be edited by users without admin permissions for their own record * Update view_users_form_simple_modif and the unit tests in the module based on the self-writeable field change * [IMP] auth_totp: Admin support * Add MFA fields to normal res.users form view for admin access * Update record rules to give admins read/unlink access to MFA authenticators * [FIX] auth_totp: User deletion * Add ondelete='cascade' to the res.users.authenticator.create wizard model to properly support deletion of users who have just created an MFA authenticator * [FIX] auth_totp: Website compatibility * Add website compatibility by modifying the decorator on one of the routes and updating the login_success request parameter as needed --- auth_totp/README.rst | 6 ++-- auth_totp/controllers/main.py | 10 ++++++- auth_totp/models/res_users.py | 10 ++++++- .../res_users_authenticator_security.xml | 17 +++++++++-- auth_totp/static/description/icon.png | Bin 10319 -> 9455 bytes auth_totp/tests/test_res_users.py | 6 ++++ auth_totp/views/res_users.xml | 28 ++++++++++++++---- .../wizards/res_users_authenticator_create.py | 1 + 8 files changed, 64 insertions(+), 14 deletions(-) diff --git a/auth_totp/README.rst b/auth_totp/README.rst index 85a18c141..1046cf8ee 100644 --- a/auth_totp/README.rst +++ b/auth_totp/README.rst @@ -2,9 +2,9 @@ :target: http://www.gnu.org/licenses/lgpl.html :alt: License: LGPL-3 -=========== -MFA Support -=========== +==================== +MFA Support via TOTP +==================== This module adds support for MFA using TOTP (time-based, one-time passwords). It allows users to enable/disable MFA and manage authentication apps/devices diff --git a/auth_totp/controllers/main.py b/auth_totp/controllers/main.py index 52638d6dd..2262469be 100644 --- a/auth_totp/controllers/main.py +++ b/auth_totp/controllers/main.py @@ -55,6 +55,7 @@ class AuthTotp(Home): user.generate_mfa_login_token() request.session.logout(keep_db=True) + request.params['login_success'] = False return http.local_redirect( '/auth_totp/login', query={ @@ -64,7 +65,13 @@ class AuthTotp(Home): keep_hash=True, ) - @http.route('/auth_totp/login', type='http', auth='none', methods=['GET']) + @http.route( + '/auth_totp/login', + type='http', + auth='public', + methods=['GET'], + website=True, + ) def mfa_login_get(self, *args, **kwargs): return request.render('auth_totp.mfa_login', qcontext=request.params) @@ -127,6 +134,7 @@ class AuthTotp(Home): temp_user.generate_mfa_login_token(60 * 24 * 30) token = temp_user.mfa_login_token request.session.authenticate(request.db, user.login, token, user.id) + request.params['login_success'] = True redirect = request.params.get('redirect') if not redirect: diff --git a/auth_totp/models/res_users.py b/auth_totp/models/res_users.py index 91c9a05a7..1d413ae8e 100644 --- a/auth_totp/models/res_users.py +++ b/auth_totp/models/res_users.py @@ -13,6 +13,13 @@ from ..exceptions import MfaTokenInvalidError, MfaTokenExpiredError class ResUsers(models.Model): _inherit = 'res.users' + @classmethod + def _build_model(cls, pool, cr): + model = super(ResUsers, cls)._build_model(pool, cr) + ModelCls = type(model) + ModelCls.SELF_WRITEABLE_FIELDS += ['mfa_enabled', 'authenticator_ids'] + return model + mfa_enabled = fields.Boolean(string='MFA Enabled?') authenticator_ids = fields.One2many( comodel_name='res.users.authenticator', @@ -20,7 +27,8 @@ class ResUsers(models.Model): string='Authentication Apps/Devices', help='To delete an authentication app, remove it from this list. To' ' add a new authentication app, please use the button to the' - ' right.', + ' right. If the button is not present, you do not have the' + ' permissions to do this.', ) mfa_login_token = fields.Char() mfa_login_token_exp = fields.Datetime() diff --git a/auth_totp/security/res_users_authenticator_security.xml b/auth_totp/security/res_users_authenticator_security.xml index a96b9cc9a..5e9adc1fb 100644 --- a/auth_totp/security/res_users_authenticator_security.xml +++ b/auth_totp/security/res_users_authenticator_security.xml @@ -6,13 +6,24 @@ --> - - MFA Authenticators - Owner Only + + MFA Authenticators - Owner Access [('user_id', '=?', user.id)] - + + + + + + MFA Authenticators - Admin Read/Unlink + + + + + + diff --git a/auth_totp/static/description/icon.png b/auth_totp/static/description/icon.png index bb990930a39969c9e9bbd071819473f246a37aa2..3a0328b516c4980e8e44cdb63fd945757ddd132d 100644 GIT binary patch literal 9455 zcmW++2RxMjAAjx~&dlBk9S+%}OXg)AGE&Cb*&}d0jUxM@u(PQx^-s)697TX`ehR4?GS^qbkof1cslKgkU)h65qZ9Oc=ml_0temigYLJfnz{IDzUf>bGs4N!v3=Z3jMq&A#7%rM5eQ#dc?k~! zVpnB`o+K7|Al`Q_U;eD$B zfJtP*jH`siUq~{KE)`jP2|#TUEFGRryE2`i0**z#*^6~AI|YzIWy$Cu#CSLW3q=GA z6`?GZymC;dCPk~rBS%eCb`5OLr;RUZ;D`}um=H)BfVIq%7VhiMr)_#G0N#zrNH|__ zc+blN2UAB0=617@>_u;MPHN;P;N#YoE=)R#i$k_`UAA>WWCcEVMh~L_ zj--gtp&|K1#58Yz*AHCTMziU1Jzt_jG0I@qAOHsk$2}yTmVkBp_eHuY$A9)>P6o~I z%aQ?!(GqeQ-Y+b0I(m9pwgi(IIZZzsbMv+9w{PFtd_<_(LA~0H(xz{=FhLB@(1&qHA5EJw1>>=%q2f&^X>IQ{!GJ4e9U z&KlB)z(84HmNgm2hg2C0>WM{E(DdPr+EeU_N@57;PC2&DmGFW_9kP&%?X4}+xWi)( z;)z%wI5>D4a*5XwD)P--sPkoY(a~WBw;E~AW`Yue4kFa^LM3X`8x|}ZUeMnqr}>kH zG%WWW>3ml$Yez?i%)2pbKPI7?5o?hydokgQyZsNEr{a|mLdt;X2TX(#B1j35xPnPW z*bMSSOauW>o;*=kO8ojw91VX!qoOQb)zHJ!odWB}d+*K?#sY_jqPdg{Sm2HdYzdEx zOGVPhVRTGPtv0o}RfVP;Nd(|CB)I;*t&QO8h zFfekr30S!-LHmV_Su-W+rEwYXJ^;6&3|L$mMC8*bQptyOo9;>Qb9Q9`ySe3%V$A*9 zeKEe+b0{#KWGp$F+tga)0RtI)nhMa-K@JS}2krK~n8vJ=Ngm?R!9G<~RyuU0d?nz# z-5EK$o(!F?hmX*2Yt6+coY`6jGbb7tF#6nHA zuKk=GGJ;ZwON1iAfG$E#Y7MnZVmrY|j0eVI(DN_MNFJmyZ|;w4tf@=CCDZ#5N_0K= z$;R~bbk?}TpfDjfB&aiQ$VA}s?P}xPERJG{kxk5~R`iRS(SK5d+Xs9swCozZISbnS zk!)I0>t=A<-^z(cmSFz3=jZ23u13X><0b)P)^1T_))Kr`e!-pb#q&J*Q`p+B6la%C zuVl&0duN<;uOsB3%T9Fp8t{ED108<+W(nOZd?gDnfNBC3>M8WE61$So|P zVvqH0SNtDTcsUdzaMDpT=Ty0pDHHNL@Z0w$Y`XO z2M-_r1S+GaH%pz#Uy0*w$Vdl=X=rQXEzO}d6J^R6zjM1u&c9vYLvLp?W7w(?np9x1 zE_0JSAJCPB%i7p*Wvg)pn5T`8k3-uR?*NT|J`eS#_#54p>!p(mLDvmc-3o0mX*mp_ zN*AeS<>#^-{S%W<*mz^!X$w_2dHWpcJ6^j64qFBft-o}o_Vx80o0>}Du;>kLts;$8 zC`7q$QI(dKYG`Wa8#wl@V4jVWBRGQ@1dr-hstpQL)Tl+aqVpGpbSfN>5i&QMXfiZ> zaA?T1VGe?rpQ@;+pkrVdd{klI&jVS@I5_iz!=UMpTsa~mBga?1r}aRBm1WS;TT*s0f0lY=JBl66Upy)-k4J}lh=P^8(SXk~0xW=T9v*B|gzIhN z>qsO7dFd~mgxAy4V?&)=5ieYq?zi?ZEoj)&2o)RLy=@hbCRcfT5jigwtQGE{L*8<@Yd{zg;CsL5mvzfDY}P-wos_6PfprFVaeqNE%h zKZhLtcQld;ZD+>=nqN~>GvROfueSzJD&BE*}XfU|H&(FssBqY=hPCt`d zH?@s2>I(|;fcW&YM6#V#!kUIP8$Nkdh0A(bEVj``-AAyYgwY~jB zT|I7Bf@%;7aL7Wf4dZ%VqF$eiaC38OV6oy3Z#TER2G+fOCd9Iaoy6aLYbPTN{XRPz z;U!V|vBf%H!}52L2gH_+j;`bTcQRXB+y9onc^wLm5wi3-Be}U>k_u>2Eg$=k!(l@I zcCg+flakT2Nej3i0yn+g+}%NYb?ta;R?(g5SnwsQ49U8Wng8d|{B+lyRcEDvR3+`O{zfmrmvFrL6acVP%yG98X zo&+VBg@px@i)%o?dG(`T;n*$S5*rnyiR#=wW}}GsAcfyQpE|>a{=$Hjg=-*_K;UtD z#z-)AXwSRY?OPefw^iI+ z)AXz#PfEjlwTes|_{sB?4(O@fg0AJ^g8gP}ex9Ucf*@_^J(s_5jJV}c)s$`Myn|Kd z$6>}#q^n{4vN@+Os$m7KV+`}c%4)4pv@06af4-x5#wj!KKb%caK{A&Y#Rfs z-po?Dcb1({W=6FKIUirH&(yg=*6aLCekcKwyfK^JN5{wcA3nhO(o}SK#!CINhI`-I z1)6&n7O&ZmyFMuNwvEic#IiOAwNkR=u5it{B9n2sAJV5pNhar=j5`*N!Na;c7g!l$ z3aYBqUkqqTJ=Re-;)s!EOeij=7SQZ3Hq}ZRds%IM*PtM$wV z@;rlc*NRK7i3y5BETSKuumEN`Xu_8GP1Ri=OKQ$@I^ko8>H6)4rjiG5{VBM>B|%`&&s^)jS|-_95&yc=GqjNo{zFkw%%HHhS~e=s zD#sfS+-?*t|J!+ozP6KvtOl!R)@@-z24}`9{QaVLD^9VCSR2b`b!KC#o;Ki<+wXB6 zx3&O0LOWcg4&rv4QG0)4yb}7BFSEg~=IR5#ZRj8kg}dS7_V&^%#Do==#`u zpy6{ox?jWuR(;pg+f@mT>#HGWHAJRRDDDv~@(IDw&R>9643kK#HN`!1vBJHnC+RM&yIh8{gG2q zA%e*U3|N0XSRa~oX-3EAneep)@{h2vvd3Xvy$7og(sayr@95+e6~Xvi1tUqnIxoIH zVWo*OwYElb#uyW{Imam6f2rGbjR!Y3`#gPqkv57dB6K^wRGxc9B(t|aYDGS=m$&S!NmCtrMMaUg(c zc2qC=2Z`EEFMW-me5B)24AqF*bV5Dr-M5ig(l-WPS%CgaPzs6p_gnCIvTJ=Y<6!gT zVt@AfYCzjjsMEGi=rDQHo0yc;HqoRNnNFeWZgcm?f;cp(6CNylj36DoL(?TS7eU#+ z7&mfr#y))+CJOXQKUMZ7QIdS9@#-}7y2K1{8)cCt0~-X0O!O?Qx#E4Og+;A2SjalQ zs7r?qn0H044=sDN$SRG$arw~n=+T_DNdSrarmu)V6@|?1-ZB#hRn`uilTGPJ@fqEy zGt(f0B+^JDP&f=r{#Y_wi#AVDf-y!RIXU^0jXsFpf>=Ji*TeqSY!H~AMbJdCGLhC) zn7Rx+sXw6uYj;WRYrLd^5IZq@6JI1C^YkgnedZEYy<&4(z%Q$5yv#Boo{AH8n$a zhb4Y3PWdr269&?V%uI$xMcUrMzl=;w<_nm*qr=c3Rl@i5wWB;e-`t7D&c-mcQl7x! zZWB`UGcw=Y2=}~wzrfLx=uet<;m3~=8I~ZRuzvMQUQdr+yTV|ATf1Uuomr__nDf=X zZ3WYJtHp_ri(}SQAPjv+Y+0=fH4krOP@S&=zZ-t1jW1o@}z;xk8 z(Nz1co&El^HK^NrhVHa-_;&88vTU>_J33=%{if;BEY*J#1n59=07jrGQ#IP>@u#3A z;!q+E1Rj3ZJ+!4bq9F8PXJ@yMgZL;>&gYA0%_Kbi8?S=XGM~dnQZQ!yBSgcZhY96H zrWnU;k)qy`rX&&xlDyA%(a1Hhi5CWkmg(`Gb%m(HKi-7Z!LKGRP_B8@`7&hdDy5n= z`OIxqxiVfX@OX1p(mQu>0Ai*v_cTMiw4qRt3~NBvr9oBy0)r>w3p~V0SCm=An6@3n)>@z!|o-$HvDK z|3D2ZMJkLE5loMKl6R^ez@Zz%S$&mbeoqH5`Bb){Ei21q&VP)hWS2tjShfFtGE+$z zzCR$P#uktu+#!w)cX!lWN1XU%K-r=s{|j?)Akf@q#3b#{6cZCuJ~gCxuMXRmI$nGtnH+-h z+GEi!*X=AP<|fG`1>MBdTb?28JYc=fGvAi2I<$B(rs$;eoJCyR6_bc~p!XR@O-+sD z=eH`-ye})I5ic1eL~TDmtfJ|8`0VJ*Yr=hNCd)G1p2MMz4C3^Mj?7;!w|Ly%JqmuW zlIEW^Ft%z?*|fpXda>Jr^1noFZEwFgVV%|*XhH@acv8rdGxeEX{M$(vG{Zw+x(ei@ zmfXb22}8-?Fi`vo-YVrTH*C?a8%M=Hv9MqVH7H^J$KsD?>!SFZ;ZsvnHr_gn=7acz z#W?0eCdVhVMWN12VV^$>WlQ?f;P^{(&pYTops|btm6aj>_Uz+hqpGwB)vWp0Cf5y< zft8-je~nn?W11plq}N)4A{l8I7$!ks_x$PXW-2XaRFswX_BnF{R#6YIwMhAgd5F9X zGmwdadS6(a^fjHtXg8=l?Rc0Sm%hk6E9!5cLVloEy4eh(=FwgP`)~I^5~pBEWo+F6 zSf2ncyMurJN91#cJTy_u8Y}@%!bq1RkGC~-bV@SXRd4F{R-*V`bS+6;W5vZ(&+I<9$;-V|eNfLa5n-6% z2(}&uGRF;p92eS*sE*oR$@pexaqr*meB)VhmIg@h{uzkk$9~qh#cHhw#>O%)b@+(| z^IQgqzuj~Sk(J;swEM-3TrJAPCq9k^^^`q{IItKBRXYe}e0Tdr=Huf7da3$l4PdpwWDop%^}n;dD#K4s#DYA8SHZ z&1!riV4W4R7R#C))JH1~axJ)RYnM$$lIR%6fIVA@zV{XVyx}C+a-Dt8Y9M)^KU0+H zR4IUb2CJ{Hg>CuaXtD50jB(_Tcx=Z$^WYu2u5kubqmwp%drJ6 z?Fo40g!Qd<-l=TQxqHEOuPX0;^z7iX?Ke^a%XT<13TA^5`4Xcw6D@Ur&VT&CUe0d} z1GjOVF1^L@>O)l@?bD~$wzgf(nxX1OGD8fEV?TdJcZc2KoUe|oP1#=$$7ee|xbY)A zDZq+cuTpc(fFdj^=!;{k03C69lMQ(|>uhRfRu%+!k&YOi-3|1QKB z z?n?eq1XP>p-IM$Z^C;2L3itnbJZAip*Zo0aw2bs8@(s^~*8T9go!%dHcAz2lM;`yp zD=7&xjFV$S&5uDaiScyD?B-i1ze`+CoRtz`Wn+Zl&#s4&}MO{@N!ufrzjG$B79)Y2d3tBk&)TxUTw@QS0TEL_?njX|@vq?Uz(nBFK5Pq7*xj#u*R&i|?7+6# z+|r_n#SW&LXhtheZdah{ZVoqwyT{D>MC3nkFF#N)xLi{p7J1jXlmVeb;cP5?e(=f# zuT7fvjSbjS781v?7{)-X3*?>tq?)Yd)~|1{BDS(pqC zC}~H#WXlkUW*H5CDOo<)#x7%RY)A;ShGhI5s*#cRDA8YgqG(HeKDx+#(ZQ?386dv! zlXCO)w91~Vw4AmOcATuV653fa9R$fyK8ul%rG z-wfS zihugoZyr38Im?Zuh6@RcF~t1anQu7>#lPpb#}4cOA!EM11`%f*07RqOVkmX{p~KJ9 z^zP;K#|)$`^Rb{rnHGH{~>1(fawV0*Z#)}M`m8-?ZJV<+e}s9wE# z)l&az?w^5{)`S(%MRzxdNqrs1n*-=jS^_jqE*5XDrA0+VE`5^*p3CuM<&dZEeCjoz zR;uu_H9ZPZV|fQq`Cyw4nscrVwi!fE6ciMmX$!_hN7uF;jjKG)d2@aC4ropY)8etW=xJvni)8eHi`H$%#zn^WJ5NLc-rqk|u&&4Z6fD_m&JfSI1Bvb?b<*n&sfl0^t z=HnmRl`XrFvMKB%9}>PaA`m-fK6a0(8=qPkWS5bb4=v?XcWi&hRY?O5HdulRi4?fN zlsJ*N-0Qw+Yic@s0(2uy%F@ib;GjXt01Fmx5XbRo6+n|pP(&nodMoap^z{~q ziEeaUT@Mxe3vJSfI6?uLND(CNr=#^W<1b}jzW58bIfyWTDle$mmS(|x-0|2UlX+9k zQ^EX7Nw}?EzVoBfT(-LT|=9N@^hcn-_p&sqG z&*oVs2JSU+N4ZD`FhCAWaS;>|wH2G*Id|?pa#@>tyxX`+4HyIArWDvVrX)2WAOQff z0qyHu&-S@i^MS-+j--!pr4fPBj~_8({~e1bfcl0wI1kaoN>mJL6KUPQm5N7lB(ui1 zE-o%kq)&djzWJ}ob<-GfDlkB;F31j-VHKvQUGQ3sp`CwyGJk_i!y^sD0fqC@$9|jO zOqN!r!8-p==F@ZVP=U$qSpY(gQ0)59P1&t@y?5rvg<}E+GB}26NYPp4f2YFQrQtot5mn3wu_qprZ=>Ig-$ zbW26Ws~IgY>}^5w`vTB(G`PTZaDiGBo5o(tp)qli|NeV( z@H_=R8V39rt5J5YB2Ky?4eJJ#b`_iBe2ot~6%7mLt5t8Vwi^Jy7|jWXqa3amOIoRb zOr}WVFP--DsS`1WpN%~)t3R!arKF^Q$e12KEqU36AWwnCBICpH4XCsfnyrHr>$I$4 z!DpKX$OKLWarN7nv@!uIA+~RNO)l$$w}p(;b>mx8pwYvu;dD_unryX_NhT8*Tj>BTrTTL&!?O+%Rv;b?B??gSzdp?6Uug9{ zd@V08Z$BdI?fpoCS$)t4mg4rT8Q_I}h`0d-vYZ^|dOB*Q^S|xqTV*vIg?@fVFSmMpaw0qtTRbx} z({Pg?#{2`sc9)M5N$*N|4;^t$+QP?#mov zGVC@I*lBVrOU-%2y!7%)fAKjpEFsgQc4{amtiHb95KQEwvf<(3T<9-Zm$xIew#P22 zc2Ix|App^>v6(3L_MCU0d3W##AB0M~3D00EWoKZqsJYT(#@w$Y_H7G22M~ApVFTRHMI_3be)Lkn#0F*V8Pq zc}`Cjy$bE;FJ6H7p=0y#R>`}-m4(0F>%@P|?7fx{=R^uFdISRnZ2W_xQhD{YuR3t< z{6yxu=4~JkeA;|(J6_nv#>Nvs&FuLA&PW^he@t(UwFFE8)|a!R{`E`K`i^ZnyE4$k z;(749Ix|oi$c3QbEJ3b~D_kQsPz~fIUKym($a_7dJ?o+40*OLl^{=&oq$<#Q(yyrp z{J-FAniyAw9tPbe&IhQ|a`DqFTVQGQ&Gq3!C2==4x{6EJwiPZ8zub-iXoUtkJiG{} zPaR&}_fn8_z~(=;5lD-aPWD3z8PZS@AaUiomF!G8I}Mf>e~0g#BelA-5#`cj;O5>N Xviia!U7SGha1wx#SCgwmn*{w2TRX*I literal 10319 zcmcI~c|6qZ*S|F)OEeVOLz$5lq=XWch_*4K#!?M#yQ$lnu@u=t$dVeQw{g=QxY?xMMGG;&$87{+j)5 ztRJr4{xk=N>a2;;*&Dvy6McBk1CE(LXJvKr1?TQ`y)jgVkvlL|BTaL&&X25iN=tuB z&ukdJ_lh)Q)Aw0sgtmyQP5-PtJ#BMel%!MFkkV_Qu+!A$tQiX#*qL)nqcU$W)Aa_(Oy|M3}T+r_he`T+?J)?GQocKBNJa0nF}v>5xq z#iYv|XN0==1UX*bQ9;)SI7>*5VB+9jVgd|A!S^4-T#HrWQqejZO_Vp^B}!! z+SEP24Uwt4tQE!4{uBfc(UTp-d$$#AI=i6+pP5{f}fB`m{|1F#U?tCC{o-2%(gDbjjtwA4bc#7YypEJFP-C|m% zq1zVOWX=Glxdi_WWT>FnP!UDBp!$F;0+tr#e*^hZ_*b1!_t}Af&)9MXR~g=cen79d z@DOUg0;YF3uNVloactAaA&~cs%=3ThYa1xAPad#7dkP+>2<43y0;&ca2Tr;G5C!EO zOtn%x;BLv!3Ca&=>$gXNLkk-z$}WD0rSS#Zl>Gmx-~J!+E&A{Ex1Bldd}tk;-;k~_ z93cMutL%Zwuu(bz4`r86{vN1&woO0ESgqXZIL{Fgs%*#@IU=O=ymX^^NN#K9J4GD? zWVca4*?B&OKnqjii|dx+z>$skwc-e>>oZq;XV2f_mY0P}jDLI?$9jz*B}>Nc$54zx znLPQ45^#B1;IZYf8}(VJi2n=*vD>hGP;J7eu*H%yB6_C;?s(N$454x&l2Fw=3DUKI z48y_DvOJ<_`48HXC?91Dj5Nwr@PaVu=PBqh{ruoqYzPjPYQxEo_>PihxqKOPwjZcF ztNV!?2oPF2j*xWQL%WrnGJ>-`ePCY!~UUh`=6g+ zHgF(Kr_z7%>!2F-$9qn|4C635vBrP#gds-e*YEI?)ADDU(2AkdK{fI;>`YTC(DOID z$S=ehW3}NY)&`>8cXF_RzQ@-l%?oq2$L*AeCoJ)gcl9qfTe8goj@iIoBz~n&bTAtH z_&9;U65TO<#lutqvwV<>--N%5={3-12qpr~>#rz+7;t>#YN)6!8wO|4B&c+3a1xFF zs)2omb2E=1BZ^Q3jsq{F-xey#-PT)bE+xdmnKB?n@{%!G10YyyOJ= zJ&l7Qx=TQ^YCtZBLG(>_fQE%Vxc9sDr%4Zr;3TfbM;t=8AM)aA=m~6xL{ap6f9wd} z@d4=A9kgOVU<4s)t1xpb6g<^@vQxrLo5Zzd!wJ2-nm)AdYz9oMnsaLc0_}<@xvw85GW!cplc)j+5fJL$`!+Gf`OPaG=s~p%AJ2N9eJ}kGyQ{GbwIk(R zfMg`KJ?4=Ge>8GyCMp{$e%f#eWd@8_fh_!l^44Vkkai>e3L73C3A2k2)?TRW1-33K z2YPmQ-5+gBY0cetiyJ&D12z`t{$i+k{yM7`Nm%IGTo_H5S=W!}&6 zJq;z`37k|CPdD#gtMuv4fL3!)oz!00a}~q;2KD4PskO1E?}B6$#ccLuj~mvs5= zM1c%r#c;?v60;QY%9SQqasS8){fj}&==FQQ&Z@vrv^8kY_qPzz$LgtS5#ZgG5}%({ z`l#Jsfq!D>FkVXV{i@?HA)Bx3R8SWJr3Q0H${y8-q4a9&#jNDXsdrvae3!*x0R2DE zkhe*F&eI0uc?5)7hyQ?2g|rKXcd=aYEA>(<^-_YRV}ddW>}X8)8z_5Fk+Pns6l5K4p_L)#m^Hmu>j`1%-tFbn)7tf1Az{?0hAQtHyfnelV~DnIY->LmNw{8YR5^n|D(+9aojWZn6ipaPA!r=V zwGeEv`Vgn^q?$(%hZJgqr|n0bUG#bm=wpb9Y0I9L7m6jks4Fqu{y>Q|(c8SI2042Y zN?`=y1Nrnp(i>%x!2Qw2waP;jyMwyLN~EH%&65o0Zbshvy`sUj`H5v=msC3i@NtMS zjsEc~@+p2p1tdZgg#`4#X*EG!k}BYSukSs-bu1UuApd7J2S?1RO_S(i$<6I3U~>Ozqwk?jQL=wgZ^QdOn9~U7sPU&x>u?8i@dkVPd`BK3Qq@b2rl?||P3&JR` zEZyBoFac5Gv|x+N%_pYcAV}HKfK`Sdd2fQx9oK9VVyHDx$0CWheDp5^4@6Ny_I~7$ zW}SeRJN~s5w=l;0P&B3z<*gn>gB`bQbneZ#ehMBbnf_StWzs*N8g-b|;L+k85H$O0 zI{mF}4K$wyN36PjqDBGzPDJoXF!Ig<5pGa4h0g4&6Ue0(8?!AIIx-gz z&9zt5iJ`92kSz-PjUbPa9?5*Unv@#kGd2(o00=`2)H2L*Se8M_6^yYsie?X>1_V3Q zMmV&%@TD=@MAnL-Rzg+7#@mD5AU`$8%R1BYF58~!#d{^P@yZ_lzH3(udlf7t7ig-| z_&c`wsHekcclbLTtrtTb{feCJ4*)_H5uVvggEi~c@e5C!hOhTdz)(ME$Q6of?NYRG zpNmve&2zg*`2Mtz-5FlLtL|L0IlKo2MDS^*B@@nefnEdjNII5nj+FsE&5edIbWQ-} zIs!bS?M2Z#RVh%(?kqT6_qgf(F6fM_HOQr&J%PNNK5V>VGC`|wa$HiEj3T^cevUovXqF@(`uuK|Ka()kC~0qGw+|lk}qS9$6J+?*@*3pP!HI zjN5e#P_>?YAVm%A6xnVk`efrH*9X{0!a+8>Ar8U>nKGE7eLu}x_KAYkX;6QG2xJI) zmL53tPqw}ct_4Y0xpId)iK5zuepkmoQtjFGq|LgZWtTzj0~%O_tUv&_;4;-A0sw7- z6Xg%_BknCts^G|OssLr!5YQ50K>A(3r;+EAsZqy3uS^QeS=(xBJ`Q{{#eCpg%kX(> z;%{RM`~v_kUn($325g9gpZ9rv`3xdnnUwv6U?tZzG}0W0nL)i~X(J3#ovP}ghc zm_9_&4CgUWKrsMN3E84elVO3afKy=58yGx zHe-qMiJ`-!w69=AMvssF2E}`{Hw+@cSfJbFdT-d)M6Gu~?iU_Yj8+Uj|BsAK6OgsT zK=iYSK^|;(gbM!<|8AtAX3Tyd(4}u>y9dIN{t?14P1b7CYY`Nxcr@XKNr$9G5T#BG zl+ai5>5GGt4G=Q`HEr0))Axe%ZHLY|Mv9W8)UEm`x;Xpoc|~=O>T|MF@7~qp(Zbwv zEuvp?=v)_Y5?UQTHkO~d=ygQKwdy) zZ=i({ari~Sf&AakEeUI{^;0TzuCM+uct<}OYY~KKDop4wTRCBTGSxEQ-8Dq(Z=pWH ztMKk(Zn-?83K$1UrMF|QOYhH(Bi6}&uNE1H5b9Q$3ONhZ0iO0Eo8 z1RaihJ#pcL&`ZYf5b>jLRLcD5wdpwTL*zLfXV#_|S{gmNwPqWqO-@*R`iW)xOLn~( zK57rAHICjAk&I6c@A>g*^Owhk^7XPHX4?)~RUqNJQ8c%s(Zqh80~Dw-^}Rb-?K*Pn z?OCBm(i&~m-bP3P-%5CMF^J&tjVr9uv`$1`Wjz=-*WMH0-W+yG%%U%lopvYf& zdgb?v=QD4MTVn?mvMrZloLMTD357)mc#^BS@7M|XW=$mJ1TcSd-_Bk0DIXS6vM7z( z)^R4wa<$w|RS=ABP`ru*lC8}#8B)x#IE>swr=o(4l#Gt&W`!esVOK1Sb|ONwimTMD zI}RVdIW^HkuTU=wV8K#EVo2$o&p{p{zap2`_NiF0eY>-}SyyM~V#oCQch%|x&f4#T zXV!_{2^zD7t5b7)HL)O0Eq>w)`G)?AXZ=_EB~+}ZE9PS08`~N=C-+2wk`V(*Cr%6J z2*B(=l_vMqu7ZA2;)cYvVVy%;vf^ki!sigWoH%^6K-9WR-&Q%a1u4tUTI2~z zYqaEM4#1lcWm3E)r>DQt0oT|SG~2Xbbe&)z1+Yo$t{UsI8D-)ZX8S8o__c24H$|}f zicUH81K&PJ2 zm2|xi7~mTcUHN~8R_YDb*Ne1dNuqF|#}_-svpkHGp;c`S$D2Rywu8reja*NV%dC_q zF`f_@_u`d-tPirq-OGM7&T$Q&` z2jKyvTcAn)I?UeoV1MB1K5Z`7#Bf7w`B;(_NF-aA!I9ZFyI$>^=oRi6`>aUuo)AUN z(vTL|jjmA(F)OIuc?BI`3mqDe(FGw-)t&P4N&pQmny}vQ-10H8V^iAVL_LJQI^{I~ z-6zD_%(UKHQJ?`KF*zQM`p;dVA_IQ6RmVXEj`0A!s~6U&E5Uu99eY^0TH=#7_2@U@27#WeBYJ2#xVB1qD(!SXaIw3YavJz--Tn6Clgt7(Vf;n*~BB^|7;xNk>-|~ z`h1%5SPx9wmo>pR6i`sBwRE#NFC1?h%nF$Fnx(lU3(}B#poz?rKfHwv`Is~+E&`rf zQFp3P-0Dj#NE84a8hRj`^dlf2XRtzRN+5P{YGz$p9}p``2~@#ofoZ^+Vk{x$a0Fc5 zZ|2!`e-%K0JgS;@>!sCx*eA=7B*gxcd)@g3N87IUSEC0TUh{^;hMSMt0?&8T==Z1w z_`U{(rCct8v{j=b{IG%P;FxeC+%EV?{px1pB>+Agr%X1Icuk{sYKWn#JiB)Hx7DrE zK-DEt#n6h;R~ci%INm4n0O%YIX-|GWaHr!*uFKXSjnH7^4|OHK?awt^gL`UHl^AfX zc+e2X>)LzH56d#A)XLpb ztr*U_gAMO5+eH#n2gin<4{2!hDwBd6PW#S{-FpSt#bt_(ga=1q8^a_kTqk$;gX<{p z&lJPysztF(5!`-Dn8kUmg+YNVUg)ULtn(iVl>t}3ozPs$k@tkS76s;`?msZrhoB(9 zH-3+l;9w#)&KWkuX;m{zbYlp5?s~wKu`J5=K_rz+Wv>;e0^@om)eL#k`DlXiCn> zTh1baOqaqcmaOrWGmW`)AFHL;;Q;Q9GRffi5)z|4Zw4 zO5@wgJKf{Iy58f@joy7+_I_*5``D08exK~}bK=Uf_k+KJa;bm&b|TCAXO>1Qr@WU0 zdTKYMdR&T7rE4n-74NM}et9pg{GG3Wxj>j^F(%))cE(%l&-gcFd5pT$8x$pNng8Cf z`B>VymAW=<(OkBok#J#aJ(ZePP4#aYMl~^)I`8L1r&N=NS`6mv?Ezfb-kLFlo`QOM z?AfIrE>kayBJ>0L-Ahq2b6%(+gKP5CQN&}aSaR= zAO*y<9hM(3zF*Z{mcaD?qm~{JXnTwQI)Sz@*A`+;rE(40bJo86_l`|fTocSV@;&F($fx_RtNJ^kHH$^*3&1` zonshj3#ZN*S>F_R4^M1XkR6#D-?ipztxL+Ey&9+)e!;SptW@E{7z>O2F06TsGG(eX zE}1j93~ra!@kI07FepeePXQqDX1fnk|A9tO6>%zT6K> zKTWE}w>0mlMb0F*Hlj#AJ{e!H5!Uw5d|{U{T!9RQ#}EpZbmr^~2cO@npZ1 z##AO2C~);q-UntQ9uU|%nK%_#@a+8e*7NyFq1TtG0amzI(@mwTHvQL2L@LefA`v)V za(!J%z6NxiZ{Ym%i)B6{>snGS{y5%4q^Ce9tl6yMemSIv0(SS~SqaTRz@nN04h80& z^7-4pXR`6pCLWZ9_CAz`D5~nlg^qG3tlqt9Fbj#T2>&ivA(+B!m;wEZ6R6Ek-axww zN2w)RF@(FS5%4qE4S6$)`A-EBY~)=OGfxI;w=-Z6-k z$ut>s9^kG2!Vq{VZgpINa`<91l{GT-LnJ@wrVLI?+dz7DgJf}T?Dtdjc%{fMd`9NT zm&F$r9R|Mdfa~0h28vyqj9#-Xe!z{dqx9iI?A>B|RN(Um?loD2!I)LYT2}Nkf1?h( zpyUC^sV(QZx8ZR#QB<@OdU7#y-^$Ww|4K>8wp{7+Cyy>rrwVv2&nXhXV3CHQD@C}E zKfo)G>cyHa;yi-d##3^AOV!;vVL@~EqmQ2pye$${Vx9fo2_QH0M3W+`Cl5Nw&rD6m zn!2h>%2I`br38Uw72b|#MjhNa)O+{p-P&SadY9rq(w$}Y&V315 z=tJ35xZbCY=XF|p|9P>>O=nDhv8!dN_U6|32J>3_l1zjGrTW15$P3U7?iTbeU1&N; z+W&E4DXlSIKyE9iwFQm7)a#QmFBHp)Qwl-O*ZEfsITth}=7^ey^VPJ@6?)+3uck-c z-kezqa=b!}Ss>4g1g+lR2ntD=cJ+>=Ogd)b8sZft3v+Iugk(;T+^tee>XEqc8^4~H^1m4tsTdS7OaFuD zV?FzL)2Zvb`~z?=v=$~SmY7R>QEte($GvawyME8Y5o_FnM({0qV_bnJ&$J}R97>(>i% zD%Y9wOvmBM(gqI~UuTz(W6#6UkhJh5>zuA3ZPu}9 zn#9wv9=fExP$ZF#r>I2{`kXN8B{{5yr7r?K!<6;x@wQykPoDTjd}FA`AuhN5X~gMLHi?(Z^iZ92*14MGT-uSGjnl_@^`=A-@KW4%axuVh4wel!tLQH1*@qrjA%nV3;_EOA>__XXSn7~}zfi~Y z|N3j`>Z8(6)b)epGzlwXj7-nfZl-f|2(0>0Ibs4U8_O-0?L2&3uA05r^sTuHvoO6#7eEn5W-}%Mo4RY$f_Qbh>?4gSqm8r|q*7Up~EX>I$Qqrsd_Z4{T(_~q#mckTX47yS)&znj{#&W;)$ zI^={q#YbX@n{8te1h<{wv^{MpNj3eL^SN(Y` zL*wa@1g2`O`OhDpJlb*GE{6p3JeMD7=4}qWp1wuN;XL(gIo8FY$IrL$oNr-)?np6< z3x4o|r7gyOZC4J?9`>@N?$TYIVwJ9Lr7PzqY)+B}t-*v~WEnw7w^>*Z$Rc!*s{|Ba zv8rD3p>(GHCZ|C!NBYc~$AcD(6k4IIdegczp}DbOxT;}WAbg-P-{52QEb;KZ*>jc& z&99`~_cE1uc`Yw1!qYK1IM%#p27#XW1C`L+%( z>8ToYv-J3A8XOFHQbDd^xpSj09`?+Ax6Wh4hjS5L#V38Gf4i*VZ}XGs{4VpOyXhmf zUUYKBOua~#qkueD(o5NRtp|PimEO(C|7ZW%?SDTw`0?@< a*DemdjFG_u + + User Form - MFA Settings + res.users + + + + +

Note: Please have user add at least one authentication app/device before enabling MFA.

+ + + + + Change My Preferences - MFA Settings res.users @@ -13,12 +30,11 @@ -
- Note: Please add at least one authentication app/device before enabling MFA. -
- - - +

Note: Please add at least one authentication app/device before enabling MFA.

+