kleides-mfa 0.2.4

Interface components to configure and manage multi factor authentication

Kleides Multi Factor Authentication

Kleides MFA provides a convenient interface to configure, manage and authenticate with multi factor authentication for django-otp plugins. Currently supported plugins are:

• Static devices included in django-otp.

• TOTP devices included in django-otp.

• Yubikey devices using django-otp-yubikey.

• U2F devices using django-otp-u2f.

• Free software: GNU General Public License v3

• Documentation: https://kleides-mfa.readthedocs.io.

Install

pip install kleides-mfa

Add kleides_mfa to your INSTALLED_APPS with your preferred django-otp plugins:

INSTALLED_APPS = [
    ...
    'django_otp',
    'django_otp.plugins.otp_static',
    'django_otp.plugins.otp_totp',
    'kleides_mfa',
    ...
]

Add kleides_mfa.middleware.KleidesAuthenticationMiddleware to the MIDDLEWARE setting after the Django AuthenticationMiddleware:

MIDDLEWARE = [
    ...
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'kleides_mfa.middleware.KleidesAuthenticationMiddleware',
    ...
]

Do not use django_otp.middleware.OTPMiddleware with Kleides MFA as it will not be able to load the OTP device.

Set the LOGIN_URL:

LOGIN_URL = 'kleides_mfa:login'

Include kleides_mfa.urls in your urlpatterns:

urlpatterns = [
    path('', include('kleides_mfa.urls')),
]

Extending Kleides MFA

You can add or replace authentication methods using the kleides_mfa.registry.KleidesMfaPluginRegistry. Documentation is currently lacking but you can check the implementation of currently supported django-otp plugins to get a basic idea.

In short for devices using django-otp:

• Register the django-otp model with the registration and verification form in the apps ready.

• Device registration should be contained in the create_form_class.

• Device verification should be contained in the verify_form_class.

History

0.2.4 (2025-04-08)

• Move jquery.qrcode.min.js to the path used in the default templates.

0.2.3 (2025-01-21)

• Add username in credentials to the user_login_failed signal

0.2.2 (2024-08-01)

• Only import otp models that are installed

0.2.1 (2024-03-15)

• Fix device_id url component converter

• Update test project for warnings

0.2.0 (2024-02-20)

• Deprecate KLEIDES_MFA_PATCH_ADMIN for custom AdminConfig app

• Add decorators and mixins for recent authentication checks

• Refactor app settings to enable override_settings

• Include jquery qrcode javascript

• Run ValidationService migration on routed database

0.1.17 (2022-05-17)

• Add signals to act on adding/removing MFA devices.

• Fix compatibility with Django-4.0.

• Update test matrix for supported releases only.

• Make device table responsive.

0.1.16 (2021-09-10)

• Update bootstrap, jquery and popper script tags.

0.1.15 (2021-07-13)

• Prevent single factor access to device list when multi factor is available.

• Switch to setuptools_scm for automatic git versioning.

• Move package data to setup.cfg.

• Add Python 3.9 and Django 3.2 to the support matrix.

• Remove Python 3.5 and Django 3.0 which are end of life.

• Move test dependencies to the kleides-mfa[test] extra.

• Switch to PEP517 package builder.

0.1.14 (2020-10-22)

• Configure ValidationService on the database that is being migrated.

0.1.13 (2020-09-29)

• Send user_login_failed signal on device failures.

• Test Django login signals with Kleides MFA.

0.1.12 (2020-09-23)

• Add python 3.8 and Django 3.1 to support matrix.

• Test unprintable token input.

• Remove future statements.

• Remove non-optional PATCH_USER setting.

0.1.11 (2020-06-11)

• Fix unset plugin attribute on PermissionDeniedError.

0.1.10 (2020-06-09)

• Restart authentication when accessing a bad device.

0.1.9 (2020-04-15)

• Replace deprecated Django-3.0 functions.

• Fix session cleanup after login as different user.

0.1.8 (2019-12-10)

• Escape the next parameter in the “Other method” device selection.

• Show device name in verification form.

0.1.7 (2019-11-18)

• Actually remove django-crispy-forms as a hard dependency.

• Add function to get the authentication method of a logged in user.

0.1.6 (2019-11-14)

• Preserve next parameter when redirecting to verification url.

0.1.5 (2019-11-14)

• Use cloudflare for all external script/style.

• Remove crispy forms as a hard dependency.

0.1.4 (2019-11-12)

• Add setting to disable patching of the User models.

• Patch AnonymousUser to share the properties of the User model.

• Add configurable redirect for users that login without 2 step authentication.

• Fix 2 step test login when another user was logged in.

0.1.3 (2019-11-07)

• Cleanup plugin button/table alignment.

• Add Yubikey plugin for django-otp-yubikey.

• Only patch AdminSite when admin is installed.

• Remove python 2 compatibility classifiers.

0.1.2 (2019-11-06)

• Improve and fix documentation.

0.1.1 (2019-11-04)

• Set defaul device name if omitted from POST data.

0.1.0 (2019-11-04)

• First release on PyPI.