Comments (6)
Hey @9mido,
Here is an example of what it looks like as far as I remember.
middleware.py
WHITELISTED_PATHS = [
"/api",
"/assets",
"/js",
"/css"
{...other paths that you load when logging in}
]
class TwoFactorMiddleware(AllauthTwoFactorMiddleware):
def process_request(self, request):
permit_request = any(request.path.startswith(path) for path in WHITELISTED_PATHS)
if permit_request:
return
super(TwoFactorMiddleware, self).process_request(request)
Something like this should work. Just use default allauth_2fa URLs, and include this middleware class on your middleware list.
To get the list of all whitelisted paths, disable the 2FA temporarily, and while logging in check your network tab on the console.
from django-allauth-2fa.
Hey @9mido,
Completely guessing, as I am not sure what your actual code looks like, but all the allauth_2fa URLs do need a trailing slash for it to work, E.g. */two-factor-authenticate/.
If you are being redirected back to the login page when using a trailing slash, I believe you have something interrupting your login flow. allauth_2fa will point you back to the login page if anything interrupts the login flow, it could be any CSS/js file or any network request.
Read more on this file: django-allauth-2fa/allauth_2fa/middleware.py
class AllauthTwoFactorMiddleware(MiddlewareMixin):
"""
Reset the login flow if another page is loaded halfway through the login.
(I.e. if the user has logged in with a username/password, but not yet
entered their two-factor credentials.) This makes sure a user does not stay
half logged in by mistake.
"""
def process_request(self, request):
match = resolve(request.path)
if not match.url_name or not match.url_name.startswith(
'two-factor-authenticate'):
try:
del request.session['allauth_2fa_user_id']
except KeyError:
pass
To fix the issue I had to write a middleware function on top of the AllauthTwoFactorMiddleware
class passing a list of allowed PATHS.
Let me know if this is the case.
from django-allauth-2fa.
@9mido What versions of Django and django-allauth-2fa and django-allauth?
It looks to me like the URL config has a slash on the end in the URLs file, but I'm unsure if that matters here.
I believe the error page shows you all the registered URL patterns? You might need to install django-debug-toolbar to do that though... I'd expect it to show up properly though if you were able to configure two-factor.
from django-allauth-2fa.
I am using the latest versions of Django, django-allauth-2fa, django-allauth, and python 3.7.3.
Yea for some reason when I tried it, the slash did not show up at the end of /two-factor-authenticate.
Here is a video:
When I add a slash to the end of /two-factor-authenticate the debugger brings me to /accounts/login/ and I am unable to login from there. However.. I am able to get to /two-factor-authenticate/ successfully only if I login from /accounts/login/ but then from the debugger instead of clicking /two-factor-authenticate from the 302 page.. if I manually type in /two-factor-authenticate/ into the URL then I can get to the page where you enter the token.
See this video:
from django-allauth-2fa.
Thanks for the reply. That is a really good analysis. Can you share your middleware function and urls.py paths that you wrote on top of the AllauthTwoFactorMiddleware class? I want to try your code and see if that makes a difference.
If I am still having problems after that, I will share my code and we could analyze it further.
from django-allauth-2fa.
@sabipu Thanks for the help. I tried everything out on a fresh install of django-allauth and django-allauth-2fa and there does not seem to be a problem anymore. There must have been a problem that was self caused when I was a beginner in django programming. Now that I am more experienced, there does not seem to be a problem anymore. I will close this issue for now but if I see it again when implementing it with my main code I will re-open this issue again.
from django-allauth-2fa.
Related Issues (20)
- Plan for a 1.0 release HOT 8
- Rename main branch to 'main' HOT 2
- Redirect-to-next breaks with certain view classes
- OTP login breaks with subclassed OTPAdapter
- TypeError at /account/two-factor-authenticate - exists again in 0.9 HOT 2
- Join jazzband? HOT 11
- When usinging allauth with email login the login screen does not navigate to totp entry HOT 1
- can someone point how to enable 2FA using email for all users? HOT 1
- Configurable redirect URLs HOT 1
- Not compatible with function-based login view HOT 4
- Disabling 2FA does not work with a backup token HOT 2
- Success social login directing to failed social login page HOT 2
- ALLAUTH_2FA_SETUP_SUCCESS_URL and ALLAUTH_2FA_REMOVE_SUCCESS_URL not used in views
- RestFul api use HOT 1
- Make it possible to disable 2fa without a token.
- Templates are not included in 0.11.0 wheel distribution HOT 1
- Missing dependabot config HOT 3
- When using with the latest version of django-allauth, 2FAย is bypassed HOT 5
- Consider where django-allauth-2fa stands now django-allauth has MFA built-in HOT 4
- user_logged_in signal from Django is executed twice
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from django-allauth-2fa.