2FA authentication for CKAN
Project description
This extension partially based on the ckanext-security
The extension provides a 2FA authentication mechanism for CKAN.
There are two methods of 2FA available:
- TOTP (Time-based One-Time Password) with authenticator apps like Google Authenticator, Authy, etc.
Requirements
This extension uses Redis, so it must be configured for CKAN.
Compatibility with core CKAN versions:
CKAN version | Compatible? |
---|---|
2.9 and earlier | no |
2.10+ | yes |
If you want to add compatibility with CKAN 2.9 and earlier, you can contact me and I'll help you with that.
Installation
To install ckanext-auth:
-
Activate your CKAN virtual environment, for example:
. /usr/lib/ckan/default/bin/activate
-
Clone the source and install it on the virtualenv
git clone https://github.com/DataShades/ckanext-auth.git cd ckanext-auth pip install -e . pip install -r requirements.txt
-
Add
auth
to theckan.plugins
setting in your CKAN config file (by default the config file is located at/etc/ckan/default/ckan.ini
). -
Restart CKAN. For example if you've deployed CKAN with Apache on Ubuntu:
sudo service apache2 reload
Config settings
There are several configuration settings available for this extension:
- key: ckanext.auth.2fa_enabled
default: true
type: bool
description: Enable two-factor authentication for users
- key: ckanext.auth.2fa_method
default: email
description: The method to use for two-factor authentication. Options are email or authenticator.
- key: ckanext.auth.2fa_email_interval
default: 600
type: int
description: TTL for the authentication code sent via email in seconds. Default is 10 minutes.
- key: ckanext.auth.2fa_login_timeout
default: 900
type: int
description: Login timeout in seconds after N failed attempted. Default is 15 minutes.
- key: ckanext.auth.2fa_login_max_attempts
default: 10
type: int
description: Number of failed login attempts before the login timeout is triggered.
If you have the ckanext-admin-panel installed, the configuration settings will be available in the admin panel too.
How to
- If you want to change the email for email 2FA, you can do it by creating a new template file at
auth/emails/verification_code.html
.
Tests
To run the tests, do:
pytest --ckan-ini=test.ini
License
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for ckanext_auth-0.1.32-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 764df366c131dea698a9d05851f0e55630e9938cd1a83f422e780777d3e6836e |
|
MD5 | 50f3c606a0fc813343d2375ce507c43d |
|
BLAKE2b-256 | 534768345d426c92e8702836f6c3aa41b02a00f9dd0c851f7a7c2b3cff26459d |