Skip to main content

Django application for FIDO protocol

Project description

django-fido

Python tests JS tests codecov

Django application for FIDO protocol

Django-fido provides basic components for FIDO 2 authentication - model to store user's FIDO 2 authenticator data and basic views.

Table of Contents

Dependencies

  • Python 3.5 and higher
  • Django >= 2.0

Configuration

  1. Add django_fido to INSTALLED_APPS.

  2. Add django_fido.backends.Fido2AuthenticationBackend to AUTHENTICATION_BACKENDS.

  3. Link django-fido URLs into your urls.py:

    urlpatterns += [
       url(r'', include('django_fido.urls')),
    ]
    
  4. If you wish, set string variable DJANGO_FIDO_RP_NAME.

Extra configuration

DJANGO_FIDO_RESIDENT_KEY

Default: False

Purpose: Set to True to enable discoverable credentials, private key and associated metadata is stored in persistent memory on the authenticator. This is useful for passwordless authentication.

One step authentication

You can also decide to use one step authentication. In this case, you will use just one authentication form, that will collect username, password and FIDO2 credentials. In addition to the configuration above, you also need to:

  1. Set DJANGO_FIDO_TWO_STEP_AUTH to False.
  2. Replace django_fido.backends.Fido2AuthenticationBackend with django_fido.backends.Fido2GeneralAuthenticationBackend in AUTHENTICATION_BACKENDS.
  3. Set DJANGO_FIDO_AUTHENTICATION_BACKENDS to the list of your additional authentication backends, if you use others than django.contrib.auth.backends.ModelBackend.
  4. Set data-autosubmit-off attribute on the form element of your login page.

Please note that your login form must have a field named username, even if your USERNAME_FIELD is not username.

Metadata download

If you want to be able to download authenticator metadata, you need to set DJANGO_FIDO_METADATA_SERVICE setting which is a dictionary. The MDS is available in two versions v2 (deprecated) and v3 (current). If you want to use MDSv2, you have to set a valid ACCESS_TOKEN. If you want to use MDSv3, you have to set MDS_FORMAT to 3 and set a valid URL providing the MDSv3 data. Then you can periodically run the download_authenticator_metadata management command. If metadata are available for the given Authenticator, its metadata property will be an object. The level, vulnerabilities and is_update_available methods on metadata can be used to determine the trust and certification level.

Changes

See changelog.

Testing

Use tox to run tests

tox

License

See LICENSE.

Changelog

Unreleased

0.37

  • Drop support for Django 1.11
  • Drop support for python 3.5
  • Sets a default_auto_field
  • Fix django.conf.urls deprecation warnings
  • Added user_handle field to Authenticator model
  • Added DJANGO_FIDO_RESIDENT_KEY (default False) app setting
  • Restructured js handling key registration and exposed additional functions

0.36

  • Sort users in admin Authenticator add form by username
  • Sort statusReport dictionary in metadata

0.35

  • Change authenticate request arg to positional
  • Fix metadata for empty credential_data
  • Bump path-parse from 1.0.6 to 1.0.7
  • Proper cleanup of database model under MDS3

0.34

  • Fix MDS3 metadata verification

0.33

  • Support for MDSv3 AuthenticatorMetadata

0.32

  • Fix authentication for devices without counter support

0.31

  • Support for fido2 library >0.9.0
  • Add tests under django 3.1
  • Handle when multiple device metadata are returned
  • JS fixes and updates

0.30

  • Counter is now stored as BigInteger.
  • Restrict version of fido2 library to <0.9.0.

0.29

  • Catch InvalidAttestation error in registration view.

0.28

  • Updated error strings to be more informative.

0.27

  • Throw form error on unknown attestation format instead of a server error.

0.26

  • Improve metadata matching for U2F authenticators.

0.25

  • BREAKING - AuthenticatorMetadata are now looked up by URL and not by an identifier. If you are downloading metadata, you need to clear them all and re-download to prevent multiple objects for each authenticator.
  • Update JS dependencies

0.24

  • Metadata validation

0.23

  • Display no authenticator error
  • error key in repsponse of BaseFido2RequestView is now deprecated and will be removed in the future
  • Added metadata download and reporting

0.22

  • Use username as a backup displayName

0.21

  • Create FIDO errors list when needed unless it already exists
  • Clear FIDO errors list before each registration or authentication request

0.20

  • Fix Django 3.0 compatibility issues in templates

0.19

  • Added class attribute attestation_types to Fido2ViewMixin to specify allowed attestation types during registration.
  • Set default value of setting DJANGO_FIDO_AUTHENTICATION_BACKENDS to list containing django.contrib.auth.backends.ModelBackend

0.18

  • Fix issue caused by default value of DJANGO_FIDO_AUTHENTICATION_BACKENDS. It is now empty list.

0.17

  • BREAKING Replace Fido2ModelAuthenticationBackend with more general Fido2GeneralAuthenticationBackend.

0.16

  • BREAKING Authenticator label has to be unique for user. This can potentialy break if you have multiple tokens for user.
  • Add authenticator admin.
  • Add one step authentication.

0.15

  • Add DJANGO_FIDO_RP_NAME setting.
  • Add back autosubmit on login view.
  • Display error in login view on server request error.

0.14

  • Add label to Authenticator model.
  • Remove autosubmit on registration view.
  • Update JS dependencies.

0.13

  • Support fido2 0.6-0.8.
  • Add support for python 3.8.
  • Fixup annotations.

0.12

  • Fix dependencies (add webpack-cli).

0.11

  • Fix webpack output path.

0.10

  • Fix dependencies (add webpack).

0.9

  • Refactor JS code.
  • Update setup.
  • Add bumpversion.

0.8

  • Fix JS translation lazynes.
  • For empty values, submit button reload page.

0.7

  • Add credential ID field.
  • Drop credential_data field.
  • Update error messages.
  • Mark django-fido as typed.
  • Add JS hooks.

0.6

  • Use FIDO 2 instead of U2F.
  • Drop python 2.7.
  • Add annotations and mypy check.
  • Move repository to a CZ.NIC account.

0.5

  • Fix JS translation lazynes

0.4

  • Update JS messages.
  • Drop unused polint environment in tox.

0.3

  • Store attestation certificate in database #6
  • Install package data #7

0.2

  • Accept any arguments in BaseU2fRequestView.get
  • Add czech translations
  • Fix links in README

0.1

  • Initial version

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

django-fido-0.37.tar.gz (496.1 kB view details)

Uploaded Source

Built Distribution

django_fido-0.37-py3-none-any.whl (528.3 kB view details)

Uploaded Python 3

File details

Details for the file django-fido-0.37.tar.gz.

File metadata

  • Download URL: django-fido-0.37.tar.gz
  • Upload date:
  • Size: 496.1 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.8.0 pkginfo/1.8.2 readme-renderer/32.0 requests/2.27.1 requests-toolbelt/0.9.1 urllib3/1.26.8 tqdm/4.62.3 importlib-metadata/4.10.1 keyring/23.5.0 rfc3986/2.0.0 colorama/0.4.4 CPython/3.10.2

File hashes

Hashes for django-fido-0.37.tar.gz
Algorithm Hash digest
SHA256 31e76c0a4cda113bc3159c9627425e763b07ed651d11145291df428b508b0fb1
MD5 e5fb34c6659a87a2aaab4b1a54afdfaa
BLAKE2b-256 e667270b4864a29e3614a1be6f82f49d8b50264689fe8e50c6b2c015b265cb3d

See more details on using hashes here.

File details

Details for the file django_fido-0.37-py3-none-any.whl.

File metadata

  • Download URL: django_fido-0.37-py3-none-any.whl
  • Upload date:
  • Size: 528.3 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.8.0 pkginfo/1.8.2 readme-renderer/32.0 requests/2.27.1 requests-toolbelt/0.9.1 urllib3/1.26.8 tqdm/4.62.3 importlib-metadata/4.10.1 keyring/23.5.0 rfc3986/2.0.0 colorama/0.4.4 CPython/3.10.2

File hashes

Hashes for django_fido-0.37-py3-none-any.whl
Algorithm Hash digest
SHA256 c2adeb91813de5b129beef44c9f3255bd64b39ba5065eef5722352cf32bbfbf0
MD5 bc93ea8ef8fa965c2644cf388eb9a7ca
BLAKE2b-256 a377fa1aebb2c0c44b78210cfab20fbcf8bd389349f68b6f3bc7aa35268c2a5b

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page