Comments (3)
inc-ali
commented on June 19, 2024
django-allauth-2fa package has a BaseRequire2FAMiddleware class. I'd love to see something similar for django-allauth
from django-allauth.
muazshahid
commented on June 19, 2024
@fish-not-phish Could you please provide more details about how you forced MFA on login, I am trying to do the same with an existing app which has social logins setup as well but I want to be able to use MFA for regular email/password login.
from django-allauth.
apagano-vue
commented on June 19, 2024
This is what we came up with (adapted from django-allauth-2fa's BaseRequire2FAMiddleware):
from allauth.mfa.utils import is_mfa_enabled
from django.conf import settings
from django.contrib import messages
from django.http import HttpRequest, HttpResponse
from django.shortcuts import redirect
from django.utils.deprecation import MiddlewareMixin
class AllUserRequire2FAMiddleware(MiddlewareMixin):
"""
Ensure that all users have two-factor authentication enabled before
they have access to the rest of the app.
If they don't have 2FA enabled, they will be redirected to the 2FA
enrollment page and not be allowed to access other pages.
"""
# List of URL names that the user should still be allowed to access.
allowed_pages = [
# They should still be able to log out or change password.
"account_login",
"account_logout",
"account_reauthenticate",
"account_reset_password_done",
"account_reset_password_from_key",
"account_reset_password_from_key_done",
"account_reset_password",
"account_email",
"account_email_verification_sent",
"account_confirm_email",
"mfa_activate_totp",
]
# The message to the user if they don't have 2FA enabled and must enable it.
require_2fa_message = (
"You must enable two-factor authentication before doing anything else."
)
def on_require_2fa(self, request: HttpRequest) -> HttpResponse:
"""
If the current request requires 2FA and the user does not have it
enabled, this is executed. The result of this is returned from the
middleware.
"""
# See allauth.account.adapter.DefaultAccountAdapter.add_message.
if "django.contrib.messages" in settings.INSTALLED_APPS:
# If there is already a pending message related to two-factor (likely
# created by a redirect view), simply update the message text.
storage = messages.get_messages(request)
tag = "2fa_required"
for m in storage:
if m.extra_tags == tag:
m.message = self.require_2fa_message
break
# Otherwise, create a new message.
else:
messages.error(request, self.require_2fa_message, extra_tags=tag)
# Mark the storage as not processed so they'll be shown to the user.
storage.used = False
# Redirect user to two-factor setup page.
return redirect("mfa_activate_totp")
def is_allowed_page(self, request: HttpRequest) -> bool:
return request.resolver_match.url_name in self.allowed_pages
def process_view(
self,
request: HttpRequest,
view_func,
view_args,
view_kwargs,
) -> HttpResponse | None:
# The user is not logged in, do nothing.
if request.user.is_anonymous:
return None
# If the user is on one of the allowed pages, do nothing.
if self.is_allowed_page(request):
return None
# User already has two-factor configured, do nothing.
if is_mfa_enabled(request.user):
return None
# The request required 2FA but it isn't configured!
return self.on_require_2fa(request)from django-allauth.
Related Issues (20)
- ModuleNotFoundError: No module named 'user' HOT 2
- 2FA Setup - QR Code/Secret Key Invalidation on Incorrect Token Entry HOT 3
- login_required CBV consistency HOT 1
- Signing up new users, facing username duplicate errors (0.61.1) HOT 10
- Regular accounts only HOT 1
- Get id_token for send to the URL logout keycloak
- Initial value for the SignUpForm
- what is `by_id()` replaced with? HOT 1
- Wrong 'da' translation of "Password Reset Email" /locale/da/LC_MESSAGES /django.po HOT 1
- Microsoft provider does not have extract_email_addresses function defined HOT 1
- TikTok provider needed HOT 5
- keep getting error retrieving access token for microsoft oauth and using 0.61.1 HOT 3
- About old version Document. HOT 1
- Password reset from key (email) issue - invalid link - solved HOT 2
- typo in `authentication_required` in headless RESTView HOT 1
- How to use my custom model instead of django user model?
- Closing -- see SOCIALACCOUNT_EMAIL_AUTHENTICATION. HOT 4
- Tests fail if `ACCOUNT_USER_MODEL_USERNAME_FIELD = None` HOT 2
- SAML username is generic HOT 4
- Temporarily disable MFA for a user HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from django-allauth.