PyPI - django-pfx - Versions diffs - 1.7.2.dev12__tar.gz → 1.7.2.dev16__tar.gz - Mend

django-pfx 1.7.2.dev12tar.gz → 1.7.2.dev16tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (207) hide show

{django_pfx-1.7.2.dev12 → django_pfx-1.7.2.dev16}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: django-pfx
-Version: 1.7.2.dev12
+Version: 1.7.2.dev16
 Summary: Django PFX is a toolkit designed to streamline the development of RESTful APIs using the Django framework.
 Author: Hervé Martinet
 Author-email: herve.martinet@gmail.com

{django_pfx-1.7.2.dev12 → django_pfx-1.7.2.dev16}/django_pfx.egg-info/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: django-pfx
-Version: 1.7.2.dev12
+Version: 1.7.2.dev16
 Summary: Django PFX is a toolkit designed to streamline the development of RESTful APIs using the Django framework.
 Author: Hervé Martinet
 Author-email: herve.martinet@gmail.com

{django_pfx-1.7.2.dev12 → django_pfx-1.7.2.dev16}/django_pfx.egg-info/SOURCES.txt RENAMED Viewed

@@ -135,6 +135,8 @@ tests/migrations/0001_initial.py
 tests/migrations/0002_alter_book_cover.py
 tests/migrations/0003_book_local_file.py
 tests/migrations/0004_mfausermixin_fields.py
+tests/migrations/0005_mfausermixin_fields_fix.py
+tests/migrations/0006_rename_otp_enabled_user_mfa_authenticator_enabled_and_more.py
 tests/migrations/__init__.py
 tests/settings/__init__.py
 tests/settings/ci.py

django_pfx-1.7.2.dev16/pfx/pfxcore/locale/fr/LC_MESSAGES/django.mo ADDED Viewed

Binary file

{django_pfx-1.7.2.dev12 → django_pfx-1.7.2.dev16}/pfx/pfxcore/locale/fr/LC_MESSAGES/django.po RENAMED Viewed

@@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: \n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2026-04-20 16:17+0200\n"
+"POT-Creation-Date: 2026-04-23 14:57+0200\n"
 "PO-Revision-Date: 2021-06-22 23:31+0200\n"
 "Last-Translator: \n"
 "Language-Team: \n"
@@ -61,11 +61,11 @@ msgstr ""
 #: models/abstract_pfx_base_user.py:52
 msgid "user"
-msgstr ""
+msgstr "utilisateur"
 #: models/abstract_pfx_base_user.py:53
 msgid "users"
-msgstr ""
+msgstr "utilisateurs"
 #: models/login_ban.py:54
 msgid "Username"
@@ -112,22 +112,32 @@ msgid "Temporary SMS phone number"
 msgstr "Numéro de téléphone temporaire (SMS)"
 #: models/mfa_user_mixin.py:35
-#, fuzzy
-#| msgid "OTP enabled"
 msgid "SMS MFA enabled"
-msgstr "OTP activé"
+msgstr "MFA SMS activé"
-#: models/mfa_user_mixin.py:37
+#: models/mfa_user_mixin.py:38
 msgid "Email MFA enabled"
 msgstr "MFA par email activé"
-#: models/mfa_user_mixin.py:40
+#: models/mfa_user_mixin.py:41
 msgid "MFA setup dismissed"
 msgstr "Configuration MFA annulée"
-#: models/mfa_user_mixin.py:47 views/authentication_views.py:712
-msgid "OTP enabled"
-msgstr "OTP activé"
+#: models/mfa_user_mixin.py:44
+msgid "Authenticator MFA enabled"
+msgstr "Application MFA activée"
+#: models/mfa_user_mixin.py:61
+msgid "MFA enabled"
+msgstr "MFA activé"
+#: models/mfa_user_mixin.py:68
+msgid "MFA setup required"
+msgstr "Configuration MFA requise"
+#: models/mfa_user_mixin.py:74
+msgid "Is MFA forced"
+msgstr "MFA est forcé"
 #: models/pfx_models.py:14
 #, python-format
@@ -245,51 +255,55 @@ msgstr ""
 "Votre connexion est temporairement désactivée après plusieurs tentatives "
 "infructueuses, veuillez réessayer dans {seconds} secondes."
-#: views/authentication_views.py:214
+#: views/authentication_views.py:209
 msgid "Successful login"
 msgstr "Connexion réussie"
-#: views/authentication_views.py:385
+#: views/authentication_views.py:386
 msgid "This field is required."
 msgstr "Ce champ est requis."
-#: views/authentication_views.py:396
+#: views/authentication_views.py:397
 msgid "Code sent."
 msgstr "Code envoyé."
-#: views/authentication_views.py:459 views/authentication_views.py:629
+#: views/authentication_views.py:460 views/authentication_views.py:628
 msgid "password updated successfully"
 msgstr "le mot de passe a été mis à jour avec succès"
-#: views/authentication_views.py:464
+#: views/authentication_views.py:465
 msgid "Incorrect password"
 msgstr "Mot de passe incorrect"
-#: views/authentication_views.py:467 views/authentication_views.py:638
+#: views/authentication_views.py:468 views/authentication_views.py:637
 msgid "Empty password is not allowed"
 msgstr "Un mot de passe vide n’est pas autorisé"
-#: views/authentication_views.py:558
+#: views/authentication_views.py:557
 msgid "User and token are valid"
 msgstr "L'utilisateur et le token sont valides"
-#: views/authentication_views.py:560
+#: views/authentication_views.py:559
 msgid "User or token is invalid"
 msgstr "L'utilisateur ou le token est invalide"
-#: views/authentication_views.py:672
+#: views/authentication_views.py:671
 msgid "OTP is already enabled"
 msgstr "OTP est déjà activé"
-#: views/authentication_views.py:713 views/authentication_views.py:749
+#: views/authentication_views.py:711
+msgid "OTP enabled"
+msgstr "OTP activé"
+#: views/authentication_views.py:712 views/authentication_views.py:748
 msgid "Invalid code"
 msgstr "Code invalide"
-#: views/authentication_views.py:748
+#: views/authentication_views.py:747
 msgid "OTP disabled"
 msgstr "OTP désactivé"
-#: views/authentication_views.py:1009
+#: views/authentication_views.py:1008
 msgid ""
 "If the email address you entered is correct, you will receive an email from "
 "us with instructions to reset your password."
@@ -298,7 +312,7 @@ msgstr ""
 "un courrier électronique de notre part contenant des instructions pour "
 "réinitialiser votre mot de passe."
-#: views/authentication_views.py:1083
+#: views/authentication_views.py:1082
 msgid "A new authentication code has been sent by email."
 msgstr "Un nouveau code d'authentification a été envoyé par e-mail."

{django_pfx-1.7.2.dev12 → django_pfx-1.7.2.dev16}/pfx/pfxcore/models/mfa_user_mixin.py RENAMED Viewed

@@ -32,21 +32,51 @@ class MFAUserMixin(models.Model):
     sms_phone_number_tmp = models.CharField(
         _("Temporary SMS phone number"), max_length=32, null=True, blank=True)
     #: SMS MFA enabled.
-    sms_enabled = models.BooleanField(_("SMS MFA enabled"), default=False)
+    mfa_sms_enabled = models.BooleanField(_("SMS MFA enabled"), default=False)
     #: Email MFA enabled.
-    email_enabled = models.BooleanField(_("Email MFA enabled"), default=False)
+    mfa_email_enabled = models.BooleanField(
+        _("Email MFA enabled"), default=False)
     #: User has dismissed or completed the MFA setup screen.
     mfa_setup_dismissed = models.BooleanField(
         _("MFA setup dismissed"), default=False)
+    #: Authenticator app MFA explicitly enabled by the user.
+    mfa_authenticator_enabled = models.BooleanField(
+        _("Authenticator MFA enabled"), default=False)
     class Meta:
         abstract = True
-    # --- deprecated alias ---
-    @rest_property(_("OTP enabled"), "BooleanField")
-    def is_otp(self):
-        return bool(self.otp_secret_token)
+    def auth_json_repr(self, **kw):
+        res = super().auth_json_repr(
+            is_mfa=self.is_mfa,
+            mfa_authenticator_enabled=self.mfa_authenticator_enabled,
+            mfa_sms_enabled=self.mfa_sms_enabled,
+            mfa_email_enabled=self.mfa_email_enabled,
+            mfa_setup_dismissed=self.mfa_setup_dismissed,
+            mfa_setup_required=self.mfa_setup_required,
+            mfa_forced=self.mfa_forced,
+            **kw)
+        return res
+    @rest_property(_("MFA enabled"), "BooleanField")
+    def is_mfa(self):
+        return (
+            self.mfa_authenticator_enabled
+            or self.mfa_sms_enabled
+            or self.mfa_email_enabled)
+    @rest_property(_("MFA setup required"), "BooleanField")
+    def mfa_setup_required(self):
+        return (
+            self.mfa_forced and
+            not self.mfa_setup_dismissed)
+    @rest_property(_("Is MFA forced"), "BooleanField")
+    def mfa_forced(self):
+        """Return True if MFA is forced for this user.
+        Can be overridden to implement per-organisation logic."""
+        return settings.PFX_MFA_FORCE
     def need_otp_response_extra(self):
         """Add extra attribute to response when need_otp=True."""
@@ -74,8 +104,10 @@ class MFAUserMixin(models.Model):
         if self.is_otp_valid(otp_code, tmp=True):
             self.otp_secret_token = self.otp_secret_token_tmp
             self.otp_secret_token_tmp = None
+            self.mfa_authenticator_enabled = True
             self.save(update_fields=[
-                'otp_secret_token', 'otp_secret_token_tmp'])
+                'otp_secret_token', 'otp_secret_token_tmp',
+                'mfa_authenticator_enabled'])
             return True
         return False
@@ -85,7 +117,9 @@ class MFAUserMixin(models.Model):
         Remove the OTP secret token.
         """
         self.otp_secret_token = None
-        self.save(update_fields=['otp_secret_token'])
+        self.mfa_authenticator_enabled = False
+        self.save(update_fields=[
+            'otp_secret_token', 'mfa_authenticator_enabled'])
     def get_otp_setup_uri(self, tmp=False, with_color=True):
         """Return the setup URL for OTP activation.

{django_pfx-1.7.2.dev12 → django_pfx-1.7.2.dev16}/pfx/pfxcore/views/authentication_views.py RENAMED Viewed

@@ -190,10 +190,6 @@ class AuthenticationView(
         user.last_login = tz.now()
         user.save(update_fields=['last_login'])
         token = self._prepare_token(user, mode, remember_me)
-        mfa_setup_required = (
-            isinstance(user, MFAUserMixin) and
-            self.is_mfa_forced(user) and
-            not user.mfa_setup_dismissed)
         if mode == 'cookie':
             if remember_me:
                 expires = datetime.now(
@@ -203,7 +199,6 @@ class AuthenticationView(
             res = JsonResponse(dict(
                 need_otp=False,
-                mfa_setup_required=mfa_setup_required,
                 user=self.get_user_information(user)))
             res.set_cookie(
                 'token', token, secure=settings.PFX_COOKIE_SECURE,
@@ -213,7 +208,6 @@ class AuthenticationView(
         return JsonResponse(dict(
             message=message or _("Successful login"),
             need_otp=False,
-            mfa_setup_required=mfa_setup_required,
             token=token,
             user=self.get_user_information(user)))
@@ -230,6 +224,12 @@ class AuthenticationView(
             self.send_mfa_challenge(user, backend_id)
         token = self._prepare_token(user, mode, remember_me, otp_login=True)
         available = self.get_mfa_backends(user)
+        # Ensure the active OOB backend appears in available_backends so the
+        # frontend can offer a resend button (e.g. forced-email fallback where
+        # email_enabled is False but email is still the active channel).
+        available_for_response = list(available)
+        if is_oob and backend_id not in available_for_response:
+            available_for_response.append(backend_id)
         extra = user.need_otp_response_extra() if isinstance(
             user, MFAUserMixin) else {}
         return JsonResponse(dict(
@@ -239,7 +239,7 @@ class AuthenticationView(
             mfa_backend={'id': backend_id, 'is_oob': is_oob},
             available_backends=[
                 {'id': b, 'is_oob': b in {'email', 'sms'}}
-                for b in available
+                for b in available_for_response
             ]))
     # --- MFA helpers ---
@@ -253,11 +253,12 @@ class AuthenticationView(
             return []
         result = []
         for backend_id in settings.PFX_MFA_BACKENDS:
-            if backend_id == 'authenticator' and user.otp_secret_token:
+            if (backend_id == 'authenticator'
+                    and user.mfa_authenticator_enabled):
                 result.append(backend_id)
-            elif backend_id == 'sms' and user.sms_enabled:
+            elif backend_id == 'sms' and user.mfa_sms_enabled:
                 result.append(backend_id)
-            elif backend_id == 'email' and user.email_enabled:
+            elif backend_id == 'email' and user.mfa_email_enabled:
                 result.append(backend_id)
         return result
@@ -265,7 +266,7 @@ class AuthenticationView(
         """Return True if MFA is forced for this user.
         Can be overridden to implement per-organisation logic."""
-        return settings.PFX_MFA_FORCE
+        return isinstance(user, MFAUserMixin) and user.mfa_forced
     def get_active_mfa_backend(self, user):
         """Return the highest-priority active MFA backend ID for this user.
@@ -503,8 +504,6 @@ class AuthenticationView(
         :param user: The user"""
         info = user.auth_json_repr()
-        if isinstance(user, MFAUserMixin):
-            info.update(is_otp=user.is_otp)
         return info
     @classmethod
@@ -667,7 +666,7 @@ class AuthenticationView(
         if not isinstance(self.request.user, MFAUserMixin):
             logger.error("User must inherit MFAUserMixin to use MFA")
             raise NotFoundError()
-        if self.request.user.otp_secret_token:
+        if self.request.user.mfa_authenticator_enabled:
             return JsonResponse(
                 dict(message=_("OTP is already enabled")), status=400)
         self.request.user.enable_otp()

django_pfx-1.7.2.dev16/tests/migrations/0005_mfausermixin_fields_fix.py ADDED Viewed

@@ -0,0 +1,17 @@
+from django.db import migrations, models
+class Migration(migrations.Migration):
+    dependencies = [
+        ('tests', '0004_mfausermixin_fields'),
+    ]
+    operations = [
+        migrations.AddField(
+            model_name='user',
+            name='otp_enabled',
+            field=models.BooleanField(
+                default=False, verbose_name='Authenticator MFA enabled'),
+        ),
+    ]

django_pfx-1.7.2.dev16/tests/migrations/0006_rename_otp_enabled_user_mfa_authenticator_enabled_and_more.py ADDED Viewed

@@ -0,0 +1,29 @@
+# Generated by Django 4.2.30 on 2026-04-23 07:33
+# flake8: noqa
+from django.db import migrations
+class Migration(migrations.Migration):
+    dependencies = [
+        ('tests', '0005_mfausermixin_fields_fix'),
+    ]
+    operations = [
+        migrations.RenameField(
+            model_name='user',
+            old_name='otp_enabled',
+            new_name='mfa_authenticator_enabled',
+        ),
+        migrations.RenameField(
+            model_name='user',
+            old_name='email_enabled',
+            new_name='mfa_email_enabled',
+        ),
+        migrations.RenameField(
+            model_name='user',
+            old_name='sms_enabled',
+            new_name='mfa_sms_enabled',
+        ),
+    ]

{django_pfx-1.7.2.dev12 → django_pfx-1.7.2.dev16}/tests/tests/__init__.py RENAMED Viewed

@@ -2,7 +2,7 @@ from .basic_api_errors import BasicAPIErrorTest
 from .basic_api_test import BasicAPITest
 from .test_api_doc import ApiDocTest
 from .test_api_doc_search import TestAPIDocSearch
-from .test_auth_api import AuthAPITest
+from .test_auth_api import AuthAPITest, MFALoginTest
 from .test_body_mixin import TestBodyMixin
 from .test_cache import TestCache
 from .test_client import TestApiClient

{django_pfx-1.7.2.dev12 → django_pfx-1.7.2.dev16}/tests/tests/test_auth_api.py RENAMED Viewed

@@ -924,6 +924,7 @@ class MFALoginTest(TestAssertMixin, TransactionTestCase):
     def enable_otp(self, user):
         user.otp_secret_token = pyotp.random_base32()
+        user.mfa_authenticator_enabled = True
         user.save()
         user.refresh_from_db()
         return pyotp.totp.TOTP(user.otp_secret_token)
@@ -948,10 +949,10 @@ class MFALoginTest(TestAssertMixin, TransactionTestCase):
     @override_settings(
         PFX_OTP_IMAGE="https://example.org/fake.png",
         PFX_OTP_COLOR="FF0000")
-    def test_otp_enable(self):
+    def test_mfa_authenticator_enabled(self):
         self.client.login(username='jrr.tolkien', password='RIGHT PASSWORD')
-        self.assertEqual(self.user1.is_otp, False)
+        self.assertEqual(self.user1.is_mfa, False)
         response = self.client.get('/api/auth/otp/setup-uri')
         self.assertRC(response, 200)
         self.assertJIn(response, 'setup_uri', "otpauth://totp/")
@@ -978,9 +979,9 @@ class MFALoginTest(TestAssertMixin, TransactionTestCase):
         self.user1.refresh_from_db()
         self.assertEqual(len(self.user1.otp_secret_token), 32)
         self.assertIsNone(self.user1.otp_secret_token_tmp)
-        self.assertEqual(self.user1.is_otp, True)
+        self.assertEqual(self.user1.is_mfa, True)
-    def test_otp_enable_bad_code(self):
+    def test_mfa_authenticator_enabled_bad_code(self):
         self.client.login(username='jrr.tolkien', password='RIGHT PASSWORD')
         response = self.client.get('/api/auth/otp/setup-uri')
@@ -1009,7 +1010,7 @@ class MFALoginTest(TestAssertMixin, TransactionTestCase):
     def test_otp_disable(self):
         totp = self.enable_otp(self.user1)
-        self.assertEqual(self.user1.is_otp, True)
+        self.assertEqual(self.user1.is_mfa, True)
         self.otp_login(self.user1, 'RIGHT PASSWORD')
         response = self.client.put('/api/auth/otp/disable', dict(
             otp_code=totp.now()))
@@ -1018,7 +1019,7 @@ class MFALoginTest(TestAssertMixin, TransactionTestCase):
         self.user1.refresh_from_db()
         self.assertIsNone(self.user1.otp_secret_token)
         self.assertIsNone(self.user1.otp_secret_token_tmp)
-        self.assertEqual(self.user1.is_otp, False)
+        self.assertEqual(self.user1.is_mfa, False)
     @override_settings(
         PFX_HOTP_CODE_VALIDITY=15,
@@ -1090,8 +1091,8 @@ class MFALoginTest(TestAssertMixin, TransactionTestCase):
                 token=token,
                 otp_code=totp.now()))
             self.assertRC(response, 200)
-            self.assertJE(response, 'user.is_otp', True)
-            self.assertJE(response, 'mfa_setup_required', False)
+            self.assertJE(response, 'user.is_mfa', True)
+            self.assertJE(response, 'user.mfa_setup_required', False)
             headers = jwt.get_unverified_header(token)
             self.assertEqual(headers['pfx_user_pk'], self.user1.pk)
             decoded = jwt.decode(
@@ -1103,6 +1104,7 @@ class MFALoginTest(TestAssertMixin, TransactionTestCase):
             self.assertEqual(
                 datetime.fromtimestamp(decoded['exp']),
                 datetime(2023, 5, 1, 8, 40))
+            response.print()
     @override_settings(PFX_TOKEN_LONG_VALIDITY={'days': 1})
     def test_otp_login_remember_me(self):
@@ -1444,7 +1446,7 @@ class MFALoginTest(TestAssertMixin, TransactionTestCase):
         """Login with email+authenticator:
            email (highest priority) is active backend."""
         self.enable_otp(self.user1)
-        self.user1.email_enabled = True
+        self.user1.mfa_email_enabled = True
         self.user1.save()
         with patch(
                 'pfx.pfxcore.views.authentication_views'
@@ -1458,19 +1460,19 @@ class MFALoginTest(TestAssertMixin, TransactionTestCase):
         self.assertJE(response, 'available_backends.@0.id', 'email')
         self.assertJE(response, 'available_backends.@1.id', 'authenticator')
-    # --- mfa_setup_required ---
+    # --- user.mfa_setup_required ---
     def test_login_success_mfa_setup_required_false_by_default(self):
         """Direct login, no MFA force: mfa_setup_required=False."""
         response = self.do_login()
         self.assertRC(response, 200)
         self.assertJE(response, 'need_otp', False)
-        self.assertJE(response, 'mfa_setup_required', False)
+        self.assertJE(response, 'user.mfa_setup_required', False)
     @override_settings(PFX_MFA_FORCE=True)
     def test_login_success_mfa_setup_required_true(self):
         """After OTP login, MFA forced, setup not dismissed:
-           mfa_setup_required=True."""
+           user.mfa_setup_required=True."""
         totp = self.enable_otp(self.user1)
         response = self.do_login()
         self.assertRC(response, 200)
@@ -1478,12 +1480,12 @@ class MFALoginTest(TestAssertMixin, TransactionTestCase):
         response = self.client.post('/api/auth/otp/login', dict(
             token=otp_token, otp_code=totp.now()))
         self.assertRC(response, 200)
-        self.assertJE(response, 'mfa_setup_required', True)
+        self.assertJE(response, 'user.mfa_setup_required', True)
     @override_settings(PFX_MFA_FORCE=True)
     def test_login_success_mfa_setup_required_false_when_dismissed(self):
         """After OTP login, MFA forced, setup dismissed:
-           mfa_setup_required=False."""
+           user.mfa_setup_required=False."""
         totp = self.enable_otp(self.user1)
         self.user1.mfa_setup_dismissed = True
         self.user1.save()
@@ -1493,14 +1495,14 @@ class MFALoginTest(TestAssertMixin, TransactionTestCase):
         response = self.client.post('/api/auth/otp/login', dict(
             token=otp_token, otp_code=totp.now()))
         self.assertRC(response, 200)
-        self.assertJE(response, 'mfa_setup_required', False)
+        self.assertJE(response, 'user.mfa_setup_required', False)
     # --- email backend ---
     @override_settings(PFX_MFA_BACKENDS=['email'])
     def test_login_email_backend_sends_challenge(self):
         """Login with email backend: sends email and returns is_oob=True."""
-        self.user1.email_enabled = True
+        self.user1.mfa_email_enabled = True
         self.user1.otp_secret_token = pyotp.random_base32()
         self.user1.save()
         response = self.do_login()
@@ -1515,7 +1517,7 @@ class MFALoginTest(TestAssertMixin, TransactionTestCase):
     def test_login_email_backend_generates_token_if_missing(self):
         """Login with email backend auto-generates
            otp_secret_token if absent."""
-        self.user1.email_enabled = True
+        self.user1.mfa_email_enabled = True
         self.user1.save()
         self.assertIsNone(self.user1.otp_secret_token)
         response = self.do_login()
@@ -1531,7 +1533,7 @@ class MFALoginTest(TestAssertMixin, TransactionTestCase):
     def test_login_sms_backend_calls_send_sms(self):
         """Login with SMS backend: calls send_mfa_sms_challenge,
            returns is_oob=True."""
-        self.user1.sms_enabled = True
+        self.user1.mfa_sms_enabled = True
         self.user1.otp_secret_token = pyotp.random_base32()
         self.user1.save()
         with patch(
@@ -1550,7 +1552,7 @@ class MFALoginTest(TestAssertMixin, TransactionTestCase):
     def test_login_forced_mfa_fallback_to_email(self):
         """MFA forced with no backend configured:
            falls back to email challenge."""
-        # No otp_secret_token, sms_enabled=False, email_enabled=False
+        # No otp_secret_token, mfa_sms_enabled=False, mfa_email_enabled=False
         response = self.do_login()
         self.assertRC(response, 200)
         self.assertJE(response, 'need_otp', True)
@@ -1572,7 +1574,7 @@ class MFALoginTest(TestAssertMixin, TransactionTestCase):
     @override_settings(PFX_MFA_BACKENDS=['authenticator', 'email'])
     def test_mfa_challenge_email_success(self):
         """POST /auth/mfa/challenge with email sends a new code."""
-        self.user1.email_enabled = True
+        self.user1.mfa_email_enabled = True
         self.user1.otp_secret_token = pyotp.random_base32()
         self.user1.save()
         otp_token = self._get_otp_token()
@@ -1589,7 +1591,7 @@ class MFALoginTest(TestAssertMixin, TransactionTestCase):
         """POST /auth/mfa/challenge: email allowed even without
            email_enabled when MFA forced."""
         otp_token = self._get_otp_token()
-        # user1 has email_enabled=False,
+        # user1 has mfa_email_enabled=False,
         # but PFX_MFA_FORCE=True => forced_email is True
         response = self.client.post('/api/auth/mfa/challenge', {
             'token': otp_token,
@@ -1640,7 +1642,7 @@ class MFALoginTest(TestAssertMixin, TransactionTestCase):
     @override_settings(PFX_MFA_BACKENDS=['sms'])
     def test_mfa_challenge_sms_success(self):
         """POST /auth/mfa/challenge with sms calls send_mfa_sms_challenge."""
-        self.user1.sms_enabled = True
+        self.user1.mfa_sms_enabled = True
         self.user1.otp_secret_token = pyotp.random_base32()
         self.user1.save()
         sms_path = (