Skip to main content

Django Rest Framework JWT 2FA

Project description

This package provides a Two Factor Authentication for Django Rest Framework using JSON Web Tokens. The implementation is based on another DRF authentication library called REST framework JWT Auth.

PyPI Test Status Coverage

Overview

The authentication flow uses two JWT tokens and a verification code:

  • First a token called Code Token is requested by providing username and password. If the username and the password are correct, a random (7 digit) verification code is generated and sent by e-mail to the user’s e-mail address. This verification code is hashed with the Django’s password hasher and the hash is included to the Code Token.

  • After the verification code is received a second token called Authentication Token can be requested. The request is done by sending the Code Token and the verification code to another endpoint. If the token and the code are correct, an authentication token is returned. This authentication token can be used to authenticate the following API requests. It is in the same format as the JWT tokens of the REST framework JWT Auth.

Requirements

  • Python 2.7, 3.4, 3.5, or 3.6

  • Django 1.11 or 2.0

  • Django Rest Framework

Installation

Install the package from PyPI with:

pip install drf-jwt-2fa

Configuration

Configure Django Rest Framework to use the provided authentication class by adding something like this to the settings:

REST_FRAMEWORK = {
    'DEFAULT_AUTHENTICATION_CLASSES': [
        'drf_jwt_2fa.authentication.Jwt2faAuthentication',
    ]
    'DEFAULT_PERMISSION_CLASSES': [
        'rest_framework.permissions.IsAuthenticated',
    ],
}

Note: Authentication token options can be configured with the JWT_AUTH configuration item as documented in REST framework JWT Auth.

The URLs for the authentication API endpoints can be configured with something like this in an urls.py:

import drf_jwt_2fa.urls
from django.conf.urls import include, url

urlpatterns = [
    url(r'^auth/', include(drf_jwt_2fa.urls), namespace='auth'),
]

or by configuring each view individually:

from django.conf.urls import include, url
from drf_jwt_2fa.views import obtain_auth_token, obtain_code_token

urlpatterns = [
    url(r'^get-code-token/', obtain_code_token),
    url(r'^get-auth-token/', obtain_auth_token),
]

Additional Settings

There are some additional settings that you can override. Here are all the available settings with their default values:

JWT2FA_AUTH = {
    # Length of the verification code (digits)
    'CODE_LENGTH': 7,

    # Characters used in the verification code
    'CODE_CHARACTERS': '0123456789',

    # Secret key to use for signing the Code Tokens
    'CODE_TOKEN_SECRET_KEY': hash_string('2fa-code-' + settings.SECRET_KEY),

    # Secret string to extend the verification code with
    'CODE_EXTENSION_SECRET': hash_string('2fa-ext-' + settings.SECRET_KEY),

    # How long the code token is valid
    'CODE_EXPIRATION_TIME': datetime.timedelta(minutes=5),

    # Throttle limit for code token requests from same IP
    'CODE_TOKEN_THROTTLE_RATE': '12/3h',

    # How much time must pass between verification attempts, i.e. to
    # request authentication token with a with the same code token and a
    # verification code
    'AUTH_TOKEN_RETRY_WAIT_TIME': datetime.timedelta(seconds=2),

    # Function that sends the verification code to the user
    'CODE_SENDER': 'drf_jwt_2fa.sending.send_verification_code_via_email',

    # From Address used by the e-mail sender
    'EMAIL_SENDER_FROM_ADDRESS': settings.DEFAULT_FROM_EMAIL,

    # Set to this to a (translated) string to override the default
    # message subject of the e-mail sender
    'EMAIL_SENDER_SUBJECT_OVERRIDE': None,

    # Set to this to a (translated) string to override the default
    # message body of the e-mail sender
    'EMAIL_SENDER_BODY_OVERRIDE': None,
}

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

drf-jwt-2fa-0.2.0.tar.gz (11.2 kB view details)

Uploaded Source

Built Distribution

drf_jwt_2fa-0.2.0-py2.py3-none-any.whl (19.4 kB view details)

Uploaded Python 2 Python 3

File details

Details for the file drf-jwt-2fa-0.2.0.tar.gz.

File metadata

  • Download URL: drf-jwt-2fa-0.2.0.tar.gz
  • Upload date:
  • Size: 11.2 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No

File hashes

Hashes for drf-jwt-2fa-0.2.0.tar.gz
Algorithm Hash digest
SHA256 75131710342cee815fc5db3cef004b5f8698ebc0143fc0d37957c64e5350e49c
MD5 e64f2a30469eaeb4a6f08f7cdc408625
BLAKE2b-256 f0c965e47d39df08a2f23be7441477892b95362a012affc001789cd2aa2f5014

See more details on using hashes here.

File details

Details for the file drf_jwt_2fa-0.2.0-py2.py3-none-any.whl.

File metadata

File hashes

Hashes for drf_jwt_2fa-0.2.0-py2.py3-none-any.whl
Algorithm Hash digest
SHA256 8b9c113f06f8c0b7018cf7e6b980d1136236656093a6e9667d4ed3c680e661b4
MD5 b1f84e4e56a8a7d5f75d47dea7e485b0
BLAKE2b-256 2ed9deae552254f9e39d10a2dee209d88145725cec71628459db627d8707f81e

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page