Django application for FIDO protocol
Project description
django-fido
Django application for FIDO protocol
Django-fido provides basic components for FIDO 2 authentication - model to store user's FIDO 2 authenticator data and basic views.
Table of Contents
Dependencies
- Python 3.5 and higher
- Django >= 1.11
Configuration
-
Add
django_fido
toINSTALLED_APPS
. -
Add
django_fido.backends.Fido2AuthenticationBackend
toAUTHENTICATION_BACKENDS
. -
Link django-fido URLs into your
urls.py
:urlpatterns += [ url(r'', include('django_fido.urls')), ]
-
If you wish, set string variable
DJANGO_FIDO_RP_NAME
.
One step authentication
You can also decide to use one step authentication. In this case, you will use just one authentication form, that will collect username, password and FIDO2 credentials. In addition to the configuration above, you also need to:
- Set
DJANGO_FIDO_TWO_STEP_AUTH
toFalse
. - Replace
django_fido.backends.Fido2AuthenticationBackend
withdjango_fido.backends.Fido2GeneralAuthenticationBackend
inAUTHENTICATION_BACKENDS
. - Set
DJANGO_FIDO_AUTHENTICATION_BACKENDS
to the list of your additional authentication backends, if you use others thandjango.contrib.auth.backends.ModelBackend
. - Set
data-autosubmit-off
attribute on the form element of your login page.
Please note that your login form must have a field named username
, even if your USERNAME_FIELD
is not username
.
Metadata download
If you want to be able to download authenticator metadata, you need to set DJANGO_FIDO_METADATA_SERVICE
setting which is a dictionary.
The MDS is available in two versions v2 (deprecated) and v3 (current).
If you want to use MDSv2, you have to set a valid ACCESS_TOKEN
.
If you want to use MDSv3, you have to set MDS_FORMAT
to 3
and set a valid URL
providing the MDSv3 data.
Then you can periodically run the download_authenticator_metadata
management command.
If metadata are available for the given Authenticator
, its metadata
property will be an object.
The level
, vulnerabilities
and is_update_available
methods on metadata
can be used to determine the trust and certification level.
Changes
See changelog.
Testing
Use tox
to run tests
tox
License
See LICENSE.
Changelog
Unreleased
0.36
- Sort users in admin Authenticator add form by username
- Sort statusReport dictionary in metadata
0.35
- Change authenticate request arg to positional
- Fix metadata for empty credential_data
- Bump path-parse from 1.0.6 to 1.0.7
- Proper cleanup of database model under MDS3
0.34
- Fix MDS3 metadata verification
0.33
- Support for MDSv3 AuthenticatorMetadata
0.32
- Fix authentication for devices without counter support
0.31
- Support for
fido2
library>0.9.0
- Add tests under django 3.1
- Handle when multiple device metadata are returned
- JS fixes and updates
0.30
- Counter is now stored as BigInteger.
- Restrict version of
fido2
library to<0.9.0
.
0.29
- Catch
InvalidAttestation
error in registration view.
0.28
- Updated error strings to be more informative.
0.27
- Throw form error on unknown attestation format instead of a server error.
0.26
- Improve metadata matching for U2F authenticators.
0.25
- BREAKING - AuthenticatorMetadata are now looked up by URL and not by an identifier. If you are downloading metadata, you need to clear them all and re-download to prevent multiple objects for each authenticator.
- Update JS dependencies
0.24
- Metadata validation
0.23
- Display no authenticator error
error
key in repsponse ofBaseFido2RequestView
is now deprecated and will be removed in the future- Added metadata download and reporting
0.22
- Use username as a backup
displayName
0.21
- Create FIDO errors list when needed unless it already exists
- Clear FIDO errors list before each registration or authentication request
0.20
- Fix Django 3.0 compatibility issues in templates
0.19
- Added class attribute
attestation_types
toFido2ViewMixin
to specify allowed attestation types during registration. - Set default value of setting
DJANGO_FIDO_AUTHENTICATION_BACKENDS
to list containingdjango.contrib.auth.backends.ModelBackend
0.18
- Fix issue caused by default value of
DJANGO_FIDO_AUTHENTICATION_BACKENDS
. It is now empty list.
0.17
- BREAKING Replace
Fido2ModelAuthenticationBackend
with more generalFido2GeneralAuthenticationBackend
.
0.16
- BREAKING Authenticator
label
has to be unique for user. This can potentialy break if you have multiple tokens for user. - Add authenticator admin.
- Add one step authentication.
0.15
- Add
DJANGO_FIDO_RP_NAME
setting. - Add back autosubmit on login view.
- Display error in login view on server request error.
0.14
- Add label to Authenticator model.
- Remove autosubmit on registration view.
- Update JS dependencies.
0.13
- Support fido2 0.6-0.8.
- Add support for python 3.8.
- Fixup annotations.
0.12
- Fix dependencies (add webpack-cli).
0.11
- Fix webpack output path.
0.10
- Fix dependencies (add webpack).
0.9
- Refactor JS code.
- Update setup.
- Add bumpversion.
0.8
- Fix JS translation lazynes.
- For empty values, submit button reload page.
0.7
- Add credential ID field.
- Drop
credential_data
field. - Update error messages.
- Mark django-fido as typed.
- Add JS hooks.
0.6
- Use FIDO 2 instead of U2F.
- Drop python 2.7.
- Add annotations and mypy check.
- Move repository to a CZ.NIC account.
0.5
- Fix JS translation lazynes
0.4
- Update JS messages.
- Drop unused
polint
environment in tox.
0.3
- Store attestation certificate in database #6
- Install package data #7
0.2
- Accept any arguments in
BaseU2fRequestView.get
- Add czech translations
- Fix links in README
0.1
- Initial version
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file django-fido-0.36.tar.gz
.
File metadata
- Download URL: django-fido-0.36.tar.gz
- Upload date:
- Size: 266.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.3.0 pkginfo/1.7.0 requests/2.25.1 setuptools/58.2.0 requests-toolbelt/0.9.1 tqdm/4.56.0 CPython/3.9.7
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | 6c1d35c7069c87b46181dd26fdbe3e49c534d787652dcb3bcd25be2ca6f950fa |
|
MD5 | eb1a048fe4df5c015c567a82d1885d7d |
|
BLAKE2b-256 | 94a73dd89ba13d8b4794d0a263c123037dd13232390698a9292a7aca30b3d624 |
File details
Details for the file django_fido-0.36-py3-none-any.whl
.
File metadata
- Download URL: django_fido-0.36-py3-none-any.whl
- Upload date:
- Size: 525.1 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.3.0 pkginfo/1.7.0 requests/2.25.1 setuptools/58.2.0 requests-toolbelt/0.9.1 tqdm/4.56.0 CPython/3.9.7
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | 5fe45f925424e089777f1a7dc34ce6f62c5452dd9a0010ad8196b82480038013 |
|
MD5 | 4eee5fd9a75da4a08444043914439824 |
|
BLAKE2b-256 | 0f67dfacca73883d2c9bc0454c24d4ebf173a05e2800539689d7a2efe3436a5a |