diff --git a/tests/models/test_role.py b/tests/models/test_role.py
index 8c786a75c1f818aaa2036dba7bba412ead3527f4..21c8a264f566aa76d9bd4d4289c8d059073ff202 100644
--- a/tests/models/test_role.py
+++ b/tests/models/test_role.py
@@ -57,6 +57,7 @@ class TestUserRoleAttributes(UffdTestCase):
role2.groups[group2].requires_mfa = True
self.assertSetEqual(user.compute_groups(), {group1})
db.session.add(TOTPMethod(user=user))
+ db.session.commit()
self.assertSetEqual(user.compute_groups(), {group1, group2})
def test_update_groups(self):
diff --git a/uffd/models/mfa.py b/uffd/models/mfa.py
index 16bd83bd862a788b1ac4af4ac4214a6ebc5af07e..6a646c84c91e4067c2789b43598325b4e0241523 100644
--- a/uffd/models/mfa.py
+++ b/uffd/models/mfa.py
@@ -18,6 +18,9 @@ from uffd.utils import nopad_b32decode, nopad_b32encode
from uffd.database import db
from .user import User
+User.mfa_recovery_codes = relationship('RecoveryCodeMethod', viewonly=True)
+User.mfa_totp_methods = relationship('TOTPMethod', viewonly=True)
+User.mfa_webauthn_methods = relationship('WebauthnMethod', viewonly=True)
User.mfa_enabled = property(lambda user: bool(user.mfa_totp_methods or user.mfa_webauthn_methods))
class MFAType(enum.Enum):
@@ -46,7 +49,6 @@ class MFAMethod(db.Model):
class RecoveryCodeMethod(MFAMethod):
code_salt = Column('recovery_salt', String(64))
code_hash = Column('recovery_hash', String(256))
- user = relationship('User', backref='mfa_recovery_codes')
__mapper_args__ = {
'polymorphic_identity': MFAType.RECOVERY_CODE
@@ -80,7 +82,6 @@ def _hotp(counter, key, digits=6):
class TOTPMethod(MFAMethod):
key = Column('totp_key', String(64))
last_counter = Column('totp_last_counter', Integer())
- user = relationship('User', backref='mfa_totp_methods')
__mapper_args__ = {
'polymorphic_identity': MFAType.TOTP
@@ -132,7 +133,6 @@ class TOTPMethod(MFAMethod):
class WebauthnMethod(MFAMethod):
_cred = Column('webauthn_cred', Text())
- user = relationship('User', backref='mfa_webauthn_methods')
__mapper_args__ = {
'polymorphic_identity': MFAType.WEBAUTHN