A Django middleware that adds 2-factor authentication via Duo.
Project description
A Django middleware that adds 2-factor authentication via Duo.
django-duo-auth is designed to be easily integrated into an existing Django project to quickly add 2-factor authentication. It supports one or more Duo applications and uses the configured AUTHENTICATION_BACKENDS to select which users it should authenticate under which circumstance.
Installation
django-duo-auth can be installed from PyPI, and only depends on duo-web.
?> pip install django-duo-auth
Configuration
To enable Duo authentication, first add the following to settings.py:
# Add duo_auth to the list of installed apps
INSTALLED_APPS = [
# ...
'duo_auth',
]
# The DuoAuthMiddleware requires and must come after the SessionMiddleware
# and AuthenticationMiddleware
MIDDLEWARE = [
# ...
'duo_auth.middleware.DuoAuthMiddleware',
]
DUO_CONFIG = {
'DEFAULT': {
'HOST': '<api-host-url>',
'IKEY': '<integration_key>',
'AKEY': '<app_secret_key>',
'SKEY': '<secret_key>',
'FIRST_STAGE_BACKENDS': [
'django.contrib.auth.backends.ModelBackend',
]
}
}
Then include the URLs in urls.py:
from django.urls import path, include
urlpatterns = [
# ...
path('duo/', include('duo_auth.urls')),
]
First Stage Backends
The FIRST_STAGE_BACKENDS key for each entry in DUO_CONFIG should be a list of the authentication backends that the Duo application should act as a second factor for. If an authentication backend isn’t listed in any FIRST_STAGE_BACKENDS list, then Duo is disabled.
Username Remapping
If it is necessary to remap a user’s name to a different name in Duo, you can add the USERNAME_REMAPPER key to a Duo Config entry. The value of USERNAME_REMAPPER should be a function, callable object, or a string containing the dotted path to a callable which accepts an HttpRequest object and returns a username string, which will be used in the Duo signing request instead of the name as it appears in request.user.username.
Overloading the Default Template
The Duo login view loads a template named duo_auth_form.html which must minimally include the following to properly render the Duo I-Frame:
<form method="POST" id="duo_form">
{% csrf_token %}
{% if next %}
<input type="hidden" name="next" value="{{ next }}"/>
{% endif %}
{% if app_name %}
<input type="hidden" name="app_name" value="{{ app_name }}"/>
{% endif %}
</form>
<link rel="stylesheet" type="text/css" href="{{ duo_css_src }}">
<script src="{{ duo_js_src }}"></script>
<iframe id="duo_iframe"
title="Two-Factor Authentication"
frameborder="0"
data-host="{{ duo_host }}"
data-sig-request="{{ sig_request }}"
data-post-action="{{ post_action }}"
>
</iframe>
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distributions
Built Distribution
File details
Details for the file django_duo_auth-0.1.4-py2.py3-none-any.whl.
File metadata
- Download URL: django_duo_auth-0.1.4-py2.py3-none-any.whl
- Upload date:
- Size: 14.7 kB
- Tags: Python 2, Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/2.0.0 pkginfo/1.5.0.1 requests/2.22.0 setuptools/28.8.0 requests-toolbelt/0.9.1 tqdm/4.38.0 CPython/3.6.6
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 6552fbdfc6c198f4b80796e6d944db578cf351cccf1e8dd1515d175a20fa9446 |
|
| MD5 | 944ffe5e785dfe810e9a29dc9d889812 |
|
| BLAKE2b-256 | 76a182fee9d36bf1e3b3ae460f35ce4922277dec4f7d06e5fb75351f28ae0d8d |
