Comments (4)
Without digging in deeper, one simple solution/workaround that comes to mind would be to serve /sw.js
from a middleware before the 2FA middleware.
from django-allauth-2fa.
Login also breaks if you happen to do any sort of request in between login and two-factor-authentication, e.g., pulling latest news for a sidebar widget via ajax etc. Therefore, I don't think the above mentioned approach solves this issue for good. I propose the solution in the pull request, which tries to remove allauth_2fa_user_id
in two places:
- After a successful login and two-factor-authentication of a user that has 2FA enabled. After the initial login (with username and passwort only), an already present
allauth_2fa_user_id
will be overwritten anyway. So we only need to take care of it after authentication. - After a successful login of a user that does not have 2FA enabled. We could also clear it before the login - however, this is out of this app's scope.
The only time an artifact of allauth_2fa_user_id
can remain in the session is between an abortion of the 2fa-flow and the user's next successful login (which will clear or overwrite it).
Please note: I just commented out the old tests. Before merging, the code should be cleaned up properly. Just let me know, if this approach is fine for you and I'll clean it up properly and update the docs.
from django-allauth-2fa.
@simonkern I don't think the codebase maintainers are all that active about this project.
I did ran into the same problem a while ago and this is what I did to work around it.
#93 (comment)
from django-allauth-2fa.
Any chance of getting this or what @sabipu mentioned merged?
from django-allauth-2fa.
Related Issues (20)
- New release?
- Reinstate running CI on bleeding-edge versions
- Fix up Codecov
- Adapter subclassing breaks allauth_2fa
- Django 4.0 compatibility HOT 13
- Plan for a 1.0 release HOT 8
- Rename main branch to 'main' HOT 2
- Redirect-to-next breaks with certain view classes
- OTP login breaks with subclassed OTPAdapter
- TypeError at /account/two-factor-authenticate - exists again in 0.9 HOT 2
- Join jazzband? HOT 11
- When usinging allauth with email login the login screen does not navigate to totp entry HOT 1
- can someone point how to enable 2FA using email for all users? HOT 1
- Configurable redirect URLs HOT 1
- Not compatible with function-based login view HOT 4
- Disabling 2FA does not work with a backup token HOT 2
- Success social login directing to failed social login page HOT 2
- ALLAUTH_2FA_SETUP_SUCCESS_URL and ALLAUTH_2FA_REMOVE_SUCCESS_URL not used in views
- RestFul api use HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from django-allauth-2fa.