initial setup of 2fa

issues:
* middleware temporarily removed, prevents login
* generated QR code has wrong issuer
* require OTP for /admin login not working (yet)
This commit is contained in:
Jeppe Ernst 2017-12-28 16:22:26 +01:00
parent a0c646e1cf
commit f313935e6f
9 changed files with 142 additions and 0 deletions

7
src/bornhack/admin.py Normal file
View file

@ -0,0 +1,7 @@
from django.contrib import admin
from django.contrib.auth.decorators import login_required
# Ensure users go through the allauth workflow when logging into admin.
admin.site.login = login_required(admin.site.login)
# Run the standard admin set-up.
admin.autodiscover()

View file

@ -12,6 +12,7 @@ DJANGO_BASE_PATH = os.path.dirname(os.path.dirname(__file__))
WSGI_APPLICATION = 'bornhack.wsgi.application'
ROOT_URLCONF = 'bornhack.urls'
ACCOUNT_ADAPTER = 'allauth_2fa.adapter.OTPAdapter'
SITE_ID = 1
@ -48,6 +49,10 @@ INSTALLED_APPS = [
'allauth',
'allauth.account',
'allauth_2fa',
'django_otp',
'django_otp.plugins.otp_totp',
'django_otp.plugins.otp_static',
'bootstrap3',
'django_extensions',
]
@ -109,6 +114,7 @@ MIDDLEWARE = [
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django_otp.middleware.OTPMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
]

View file

@ -63,6 +63,7 @@ urlpatterns = [
name='general-terms'
),
url(r'^accounts/', include('allauth.urls')),
url(r'^accounts/', include('allauth_2fa.urls')),
url(r'^admin/', include(admin.site.urls)),
url(

View file

@ -0,0 +1,24 @@
{% extends 'base.html' %}
{% load bootstrap3 %}
{% load i18n %}
{% block content %}
<div class="row">
<div class="col-md-6 col-md-offset-3">
<h1 class="text-center">
{% trans "Two-Factor Authentication" %}
</h1>
<form method="post">
{% csrf_token %}
{% bootstrap_form form %}
<button type="submit"
class="btn btn-black form-control">
{% trans 'Authenticate' %}
</button>
</form>
</div>
</div>
{% endblock %}

View file

@ -0,0 +1,35 @@
{% extends 'profile_base.html' %}
{% load account %}
{% load bootstrap3 %}
{% load i18n %}
{% block profile_content %}
<div class="row">
<div class="col-md-12">
<h1>
{% trans "Two-Factor Authentication Backup Tokens" %}
</h1>
<ul>
{% for token in backup_tokens %}
<li>{{ token.token }}</li>
{% empty %}
{% trans 'No tokens. Press the button below to generate some.' %}
{% endfor %}
</ul>
<form method="post">
{% csrf_token %}
<div class="buttonHolder">
<button class="btn btn-black" type="submit">
{% trans 'Generate backup tokens' %}
</button>
<a class="btn btn-warning" href="{% url 'two-factor-remove' %}">Disable Two-Factor</a>
</div>
</form>
</div>
</div>
{% endblock %}

View file

@ -0,0 +1,24 @@
{% extends 'profile_base.html' %}
{% load account %}
{% load bootstrap3 %}
{% load i18n %}
{% block profile_content %}
<div class="row">
<div class="col-md-12">
<h1>
{% trans "Disable Two-Factor Authentication" %}
</h1>
<p>{% trans "Are you sure?" %}</p>
<form method="post">
{% csrf_token %}
<button class="btn btn-danger" type="submit">
{% trans 'Disable Two-Factor' %}
</button>
</form>
</div>
</div>
{% endblock %}

View file

@ -0,0 +1,41 @@
{% extends 'profile_base.html' %}
{% load account %}
{% load bootstrap3 %}
{% load i18n %}
{% block profile_content %}
<div class="row">
<div class="col-md-12">
<h1>
{% trans "Setup Two-Factor Authentication" %}
</h1>
<h4>
{% trans 'Step 1' %}:
</h4>
<p>
{% trans 'Scan the QR code below with a token generator of your choice (for instance Google Authenticator).' %}
</p>
<img src="{% url 'two-factor-qr-code' %}" />
<h4>
{% trans 'Step 2' %}:
</h4>
<p>
{% trans 'Input a token generated by the app:' %}
</p>
<form method="post">
{% csrf_token %}
{% bootstrap_form form %}
<button class="btn btn-black" type="submit">
{% trans 'Verify' %}
</button>
</form>
</div>
</div>
{% endblock %}

View file

@ -4,6 +4,9 @@
<a href="{% url 'account_change_password' %}" class="btn btn-black">
Password
</a>
<a href="{% url 'two-factor-setup' %}" class="btn btn-black">
Two-Factor settings
</a>
<a href="{% url 'account_email' %}" class="btn btn-black">
Manage emails
</a>

View file

@ -17,6 +17,7 @@ git+https://github.com/tykling/channels@master
defusedxml==0.4.1
django-allauth==0.30.0
django-allauth-2fa==0.5
django-bleach==0.3.0
django-bootstrap3==8.2.2
django-debug-toolbar==1.6