fix(auth): Fix problem of BadSignature in django two factor auth libr…

…ary (#19351) Fixes #19350 Fixes POSTHOG-DJW
PostHog · Dec 20, 2023 · 87fdf3f · 87fdf3f
1 parent fcb5236
commit 87fdf3f
Showing 1 changed file with 10 additions and 4 deletions.
diff --git a/posthog/api/authentication.py b/posthog/api/authentication.py
@@ -11,6 +11,7 @@
     PasswordResetTokenGenerator as DefaultPasswordResetTokenGenerator,
 )
 from django.core.exceptions import ValidationError
+from django.core.signing import BadSignature
 from django.db import transaction
 from django.http import HttpRequest, HttpResponse, JsonResponse
 from django.shortcuts import redirect
@@ -104,10 +105,15 @@ def _check_if_2fa_required(self, user: User) -> bool:
         # If user has a valid 2FA cookie, use that instead of showing them the 2FA screen
         for key, value in self.context["request"].COOKIES.items():
             if key.startswith(REMEMBER_COOKIE_PREFIX) and value:
-                if validate_remember_device_cookie(value, user=user, otp_device_id=device.persistent_id):
-                    user.otp_device = device  # type: ignore
-                    device.throttle_reset()
-                    return False
+                try:
+                    if validate_remember_device_cookie(value, user=user, otp_device_id=device.persistent_id):
+                        user.otp_device = device  # type: ignore
+                        device.throttle_reset()
+                        return False
+                except BadSignature:
+                    # Workaround for signature mismatches due to Django upgrades.
+                    # See https://github.com/PostHog/posthog/issues/19350
+                    pass
         return True
 
     def create(self, validated_data: Dict[str, str]) -> Any: