2026-06-11 19:56:20 +05:30

29 lines
966 B
Python

# Copyright (c) 2025, Project Management and contributors
# License: MIT
import frappe
from frappe import _
@frappe.whitelist()
def get_two_factor_status(user: str | None = None):
"""Return whether 2FA is enabled site-wide and required for the given user (OTP App flow)."""
target = user or frappe.session.user
if not target or target == "Guest":
frappe.throw(_("Not logged in"), frappe.AuthenticationError)
from frappe.twofactor import get_verification_method, two_factor_is_enabled_for_
enabled_globally = bool(int(frappe.db.get_single_value("System Settings", "enable_two_factor_auth") or 0))
method = get_verification_method() if enabled_globally else None
required_for_user = False
if enabled_globally and target != "Administrator":
required_for_user = bool(two_factor_is_enabled_for_(target))
return {
"enabled_globally": enabled_globally,
"required_for_user": required_for_user,
"method": method,
"otp_app": method == "OTP App",
}