Complete Two-Factor Authentication for Django
Complete Two-Factor Authentication for Django. Built on top of the one-time password framework django-otp and Django’s built-in authentication framework django.contrib.auth for providing the easiest integration into most Django projects. Inspired by the user experience of Google’s Two-Step Authentication, allowing users to authenticate through call, text messages (SMS), by using a token generator app like Google Authenticator or a YubiKey hardware token generator (optional).
I would love to hear your feedback on this package. If you run into problems, please file an issue on GitHub, or contribute to the project by forking the repository and sending some pull requests. The package is translated into English, Dutch and other languages. Please contribute your own language using Transifex.
Test drive this app through the online example app, hosted by Heroku. It demos most features except the Twilio integration. The example also includes django-user-sessions for providing Django sessions with a foreign key to the user. Although the package is optional, it improves account security control over django.contrib.sessions.
Compatible with all supported Django versions. At the moment of writing that’s including 1.8, 1.10 and 1.11 on Python 2.7, 3.4, 3.5 and 3.6. Documentation is available at readthedocs.org.
Installation with pip:
$ pip install django-two-factor-auth
Add the following apps to the INSTALLED_APPS:
INSTALLED_APPS = ( ... 'django_otp', 'django_otp.plugins.otp_static', 'django_otp.plugins.otp_totp', 'two_factor', )
Add django_otp.middleware.OTPMiddleware to MIDDLEWARE_CLASSES. It must be installed after AuthenticationMiddleware:
MIDDLEWARE_CLASSES = [ 'django.middleware.common.CommonMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware', 'django.middleware.csrf.CsrfViewMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware', 'django_otp.middleware.OTPMiddleware', 'django.contrib.messages.middleware.MessageMiddleware', ]
Configure a few urls in settings.py:
from django.core.urlresolvers import reverse_lazy LOGIN_URL = 'two_factor:login'
Add the url routes to the project in urls.py:
urlpatterns = [ url(r'', include('two_factor.urls', 'two_factor')), ]
Be sure to remove any other login routes, otherwise the two-factor authentication might be circumvented. The admin interface should be automatically patched to use the new login method.
Support for YubiKey is disabled by default, but enabling is easy. Please refer to the documentation for instructions.
This project aims for full code-coverage, this means that your code should be well-tested. Also test branches for hardened code. You can run the full test suite with:
Or run a specific test with:
make test TARGET=tests.tests.TwilioGatewayTest
For Python compatibility, tox is used. You can run the full test suite, covering all supported Python and Django version with:
The following actions are required to push a new version:
Update release notes
If any new translations strings were added, push the new source language to Transifex. Make sure translators have sufficient time to translate those new strings:
python example/manage.py makemigrations two_factor git commit two_factor/migrations -m "Added migrations"
Package and upload:
bumpversion [major|minor|patch] git push && git push --tags python setup.py sdist bdist_wheel twine upload dist/*
The project is licensed under the MIT license.
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
|File Name & Checksum SHA256 Checksum Help||Version||File Type||Upload Date|
|django_two_factor_auth-1.6.1-py2.py3-none-any.whl (220.5 kB) Copy SHA256 Checksum SHA256||py2.py3||Wheel||May 11, 2017|
|django-two-factor-auth-1.6.1.tar.gz (86.1 kB) Copy SHA256 Checksum SHA256||–||Source||May 11, 2017|