Adds two factor authentication to django-allauth
django-allauth-2fa with pip (note that this will install Django,
django-allauth, django-otp, qrcode and all of their requirements):
pip install django-allauth-2fa
After all the pre-requisities are installed, django-allauth and django-otp must be configured in your Django settings file. (Please check the django-allauth documentation and django-otp documentation for more in-depth steps on their configuration.)
INSTALLED_APPS = ( # Required by allauth. 'django.contrib.sites', # Configure Django auth package. 'django.contrib.auth', 'django.contrib.contenttypes', 'django.contrib.sessions', # Enable allauth. 'allauth', 'allauth.account', # Configure the django-otp package. 'django_otp', 'django_otp.plugins.otp_totp', 'django_otp.plugins.otp_static', # Enable two-factor auth. 'allauth_2fa', ) MIDDLEWARE_CLASSES = ( # Configure Django auth package. 'django.contrib.auth.middleware.AuthenticationMiddleware', # Configure the django-otp package. Note this must be after the # AuthenticationMiddleware. 'django_otp.middleware.OTPMiddleware', # Reset login flow middleware. If this middleware is included, the login # flow is reset if another page is loaded between login and successfully # entering two-factor credentials. 'allauth_2fa.middleware.AllauthTwoFactorMiddleware', ) # Set the allauth adapter to be the 2FA adapter. ACCOUNT_ADAPTER = 'allauth_2fa.adapter.OTPAdapter' # Configure your default site. See # https://docs.djangoproject.com/en/dev/ref/settings/#sites. SITE_ID = 1
After the above is configure, you must run migrations.
python manage.py migrate
Finally, you must include the django-allauth-2fa URLs:
from django.conf.urls import include, url urlpatterns = [ # Include the allauth and 2FA urls from their respective packages. url(r'^', include('allauth_2fa.urls')), url(r'^', include('allauth.urls')), ]
Any login view that is not provided by django-allauth will bypass the allauth workflow (including two-factor authentication). The Django admin site includes an additional login view (usually available at /admin/login).
The easiest way to fix this is to wrap it in login_required decorator (the code only works if you use the standard admin site, if you have a custom admin site you’ll need to customize this more):
from django.contrib import admin from django.contrib.auth.decorators import login_required # Ensure users go through the allauth workflow when logging into admin. admin.site.login = login_required(admin.site.login) # Run the standard admin set-up. admin.autodiscover()
django-allauth-2fa was initially created by Víðir Valberg Guðmundsson (@valberg), and is currently maintained by Percipient Networks. Please feel free to contribute if you find django-allauth-2fa useful!
The test project can be used as a minimal example using the following:
# Run the server with debug. DJANGO_SETTINGS_MODULE=tests.run_settings python manage.py runserver_plus # Run the shell. DJANGO_SETTINGS_MODULE=tests.run_settings python manage.py shell_plus
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
|File Name & Checksum SHA256 Checksum Help||Version||File Type||Upload Date|
|django_allauth_2fa-0.4.4-py2.py3-none-any.whl (17.2 kB) Copy SHA256 Checksum SHA256||py2.py3||Wheel||Mar 24, 2017|