From d26c140f9d57cd285ec802ba0c3d56377bbc57eb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dominic=20Le=CC=81tourneau?= <doumdi@gmail.com>
Date: Tue, 1 Oct 2024 11:36:16 -0400
Subject: [PATCH] Refs #253, enable 2FA for users in sites and related user
 groups.

---
 .../python/modules/DatabaseModule/DBManager.py   | 16 ++++++++++++++--
 teraserver/python/opentera/db/models/__init__.py |  4 ++--
 2 files changed, 16 insertions(+), 4 deletions(-)

diff --git a/teraserver/python/modules/DatabaseModule/DBManager.py b/teraserver/python/modules/DatabaseModule/DBManager.py
index 44a14107..4f135d2f 100755
--- a/teraserver/python/modules/DatabaseModule/DBManager.py
+++ b/teraserver/python/modules/DatabaseModule/DBManager.py
@@ -133,8 +133,8 @@ def user_group_updated_or_inserted(mapper, connection, target: TeraUserGroup):
                 if role.id_site and role.service_role_site.site_2fa_required:
                     # Efficiently load all related users with joinedload
                     user_ids = set()
-                    for group in target.user_group_users:
-                        user_ids.add(group.id_user)
+                    for user in target.user_group_users:
+                        user_ids.add(user.id_user)
 
                     # Perform a bulk update for all users at once
                     if user_ids:
@@ -144,6 +144,18 @@ def user_group_updated_or_inserted(mapper, connection, target: TeraUserGroup):
                             .values(user_2fa_enabled=True)
                         )
 
+        @event.listens_for(TeraUserUserGroup, 'after_update')
+        @event.listens_for(TeraUserUserGroup, 'after_insert')
+        def user_user_group_updated_or_inserted(mapper, connection, target: TeraUserUserGroup):
+            # Check if 2FA is enabled for a related site
+            for role in target.user_user_group_user_group.user_group_services_roles:
+                if role.id_site and role.service_role_site.site_2fa_required:
+                    # Perform single update for user
+                    connection.execute(
+                        update(TeraUser)
+                        .where(TeraUser.id_user == target.user_user_group_user.id_user)
+                        .values(user_2fa_enabled=True)
+                    )
 
     def setup_events_for_class(self, cls, event_name):
         import json
diff --git a/teraserver/python/opentera/db/models/__init__.py b/teraserver/python/opentera/db/models/__init__.py
index c0d5f08e..e1bdb0e6 100644
--- a/teraserver/python/opentera/db/models/__init__.py
+++ b/teraserver/python/opentera/db/models/__init__.py
@@ -33,10 +33,10 @@
 from .TeraUserGroup import TeraUserGroup
 from .TeraUserUserGroup import TeraUserUserGroup
 from .TeraUserPreference import TeraUserPreference
-from .TeraUserUserGroup import TeraUserUserGroup
+
 
 """
-    A map containing the event name and class, useful for event filtering. 
+    A map containing the event name and class, useful for event filtering.
     Insert only useful events here.
 """
 EventNameClassMap = {