initial setup of 2fa

issues: * middleware temporarily removed, prevents login * generated QR code has wrong issuer * require OTP for /admin login not working (yet)
2017-12-28 16:22:26 +01:00 · 2017-12-28 16:22:26 +01:00 · f313935e6f
parent a0c646e1cf
commit f313935e6f
9 changed files with 142 additions and 0 deletions
--- a/src/bornhack/admin.py
+++ b/src/bornhack/admin.py
@ -0,0 +1,7 @@
+from django.contrib import admin
+from django.contrib.auth.decorators import login_required
+
+# Ensure users go through the allauth workflow when logging into admin.
+admin.site.login = login_required(admin.site.login)
+# Run the standard admin set-up.
+admin.autodiscover()
--- a/src/bornhack/settings.py
+++ b/src/bornhack/settings.py
@ -12,6 +12,7 @@ DJANGO_BASE_PATH = os.path.dirname(os.path.dirname(__file__))
 WSGI_APPLICATION = 'bornhack.wsgi.application'
 ROOT_URLCONF = 'bornhack.urls'

+ACCOUNT_ADAPTER = 'allauth_2fa.adapter.OTPAdapter'

 SITE_ID = 1

@ -48,6 +49,10 @@ INSTALLED_APPS = [

    'allauth',
    'allauth.account',
+    'allauth_2fa',
+    'django_otp',
+    'django_otp.plugins.otp_totp',
+    'django_otp.plugins.otp_static',
    'bootstrap3',
    'django_extensions',
 ]
@ -109,6 +114,7 @@ MIDDLEWARE = [
    'django.middleware.common.CommonMiddleware',
    'django.middleware.csrf.CsrfViewMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
+    'django_otp.middleware.OTPMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
    'django.middleware.clickjacking.XFrameOptionsMiddleware',
 ]
--- a/src/bornhack/urls.py
+++ b/src/bornhack/urls.py
@ -63,6 +63,7 @@ urlpatterns = [
        name='general-terms'
    ),
    url(r'^accounts/', include('allauth.urls')),
+    url(r'^accounts/', include('allauth_2fa.urls')),
    url(r'^admin/', include(admin.site.urls)),

    url(
--- a/src/profiles/templates/allauth_2fa/authenticate.html
+++ b/src/profiles/templates/allauth_2fa/authenticate.html
@ -0,0 +1,24 @@
+{% extends 'base.html' %}
+
+{% load bootstrap3 %}
+{% load i18n %}
+
+{% block content %}
+  <div class="row">
+    <div class="col-md-6 col-md-offset-3">
+      <h1 class="text-center">
+        {% trans "Two-Factor Authentication" %}
+      </h1>
+
+      <form method="post">
+        {% csrf_token %}
+        {% bootstrap_form form %}
+
+        <button type="submit"
+                class="btn btn-black form-control">
+          {% trans 'Authenticate' %}
+        </button>
+      </form>
+    </div>
+  </div>
+{% endblock %}
--- a/src/profiles/templates/allauth_2fa/backup_tokens.html
+++ b/src/profiles/templates/allauth_2fa/backup_tokens.html
@ -0,0 +1,35 @@
+{% extends 'profile_base.html' %}
+
+{% load account %}
+{% load bootstrap3 %}
+{% load i18n %}
+
+{% block profile_content %}
+  <div class="row">
+    <div class="col-md-12">
+      <h1>
+        {% trans "Two-Factor Authentication Backup Tokens" %}
+      </h1>
+
+      <ul>
+        {% for token in backup_tokens %}
+        <li>{{ token.token }}</li>
+
+        {% empty %}
+        {% trans 'No tokens. Press the button below to generate some.' %}
+
+        {% endfor %}
+      </ul>
+
+      <form method="post">
+        {% csrf_token %}
+        <div class="buttonHolder">
+          <button class="btn btn-black" type="submit">
+          {% trans 'Generate backup tokens' %}
+          </button>
+          <a class="btn btn-warning" href="{% url 'two-factor-remove' %}">Disable Two-Factor</a>
+        </div>
+      </form>
+    </div>
+  </div>
+{% endblock %}
--- a/src/profiles/templates/allauth_2fa/remove.html
+++ b/src/profiles/templates/allauth_2fa/remove.html
@ -0,0 +1,24 @@
+{% extends 'profile_base.html' %}
+
+{% load account %}
+{% load bootstrap3 %}
+{% load i18n %}
+
+{% block profile_content %}
+  <div class="row">
+    <div class="col-md-12">
+      <h1>
+        {% trans "Disable Two-Factor Authentication" %}
+      </h1>
+
+      <p>{% trans "Are you sure?" %}</p>
+
+      <form method="post">
+        {% csrf_token %}
+        <button class="btn btn-danger" type="submit">
+          {% trans 'Disable Two-Factor' %}
+        </button>
+      </form>
+    </div>
+  </div>
+{% endblock %}
--- a/src/profiles/templates/allauth_2fa/setup.html
+++ b/src/profiles/templates/allauth_2fa/setup.html
@ -0,0 +1,41 @@
+{% extends 'profile_base.html' %}
+
+{% load account %}
+{% load bootstrap3 %}
+{% load i18n %}
+
+{% block profile_content %}
+  <div class="row">
+    <div class="col-md-12">
+      <h1>
+        {% trans "Setup Two-Factor Authentication" %}
+      </h1>
+
+      <h4>
+        {% trans 'Step 1' %}:
+      </h4>
+
+      <p>
+        {% trans 'Scan the QR code below with a token generator of your choice (for instance Google Authenticator).' %}
+      </p>
+
+      <img src="{% url 'two-factor-qr-code' %}" />
+
+      <h4>
+        {% trans 'Step 2' %}:
+      </h4>
+
+      <p>
+        {% trans 'Input a token generated by the app:' %}
+      </p>
+
+      <form method="post">
+        {% csrf_token %}
+        {% bootstrap_form form %}
+        <button class="btn btn-black" type="submit">
+          {% trans 'Verify' %}
+        </button>
+      </form>
+    </div>
+  </div>
+{% endblock %}
--- a/src/profiles/templates/profile_base_buttons.html
+++ b/src/profiles/templates/profile_base_buttons.html
@ -4,6 +4,9 @@
    <a href="{% url 'account_change_password' %}" class="btn btn-black">
      Password
    </a>
+    <a href="{% url 'two-factor-setup' %}" class="btn btn-black">
+      Two-Factor settings
+    </a>
    <a href="{% url 'account_email' %}" class="btn btn-black">
      Manage emails
    </a>
--- a/src/requirements.txt
+++ b/src/requirements.txt
@ -17,6 +17,7 @@ git+https://github.com/tykling/channels@master

 defusedxml==0.4.1
 django-allauth==0.30.0
+django-allauth-2fa==0.5
 django-bleach==0.3.0
 django-bootstrap3==8.2.2
 django-debug-toolbar==1.6