Interface components to configure and manage multi factor authentication
Project description
Kleides Multi Factor Authentication
Kleides MFA provides a convenient interface to configure, manage and authenticate with multi factor authentication for django-otp plugins. Currently supported plugins are:
Static devices included in django-otp.
TOTP devices included in django-otp.
Yubikey devices using django-otp-yubikey.
U2F devices using django-otp-u2f.
Free software: GNU General Public License v3
Documentation: https://kleides-mfa.readthedocs.io.
Install
pip install kleides-mfa
Add kleides_mfa to your INSTALLED_APPS with your preferred django-otp plugins:
INSTALLED_APPS = [ ... 'django_otp', 'django_otp.plugins.otp_static', 'django_otp.plugins.otp_totp', 'kleides_mfa', ... ]
Add kleides_mfa.middleware.KleidesAuthenticationMiddleware to the MIDDLEWARE setting after the Django AuthenticationMiddleware:
MIDDLEWARE = [ ... 'django.contrib.auth.middleware.AuthenticationMiddleware', 'kleides_mfa.middleware.KleidesAuthenticationMiddleware', ... ]
Do not use django_otp.middleware.OTPMiddleware with Kleides MFA as it will not be able to load the OTP device.
Set the LOGIN_URL:
LOGIN_URL = 'kleides_mfa:login'
Include kleides_mfa.urls in your urlpatterns:
urlpatterns = [ path('', include('kleides_mfa.urls')), ]
Extending Kleides MFA
You can add or replace authentication methods using the kleides_mfa.registry.KleidesMfaPluginRegistry. Documentation is currently lacking but you can check the implementation of currently supported django-otp plugins to get a basic idea.
In short for devices using django-otp:
Register the django-otp model with the registration and verification form in the apps ready.
Device registration should be contained in the create_form_class.
Device verification should be contained in the verify_form_class.
History
0.1.10 (2020-06-09)
Restart authentication when accessing a bad device.
0.1.9 (2020-04-15)
Replace deprecated Django-3.0 functions.
Fix session cleanup after login as different user.
0.1.8 (2019-12-10)
Escape the next parameter in the “Other method” device selection.
Show device name in verification form.
0.1.7 (2019-11-18)
Actually remove django-crispy-forms as a hard dependency.
Add function to get the authentication method of a logged in user.
0.1.6 (2019-11-14)
Preserve next parameter when redirecting to verification url.
0.1.5 (2019-11-14)
Use cloudflare for all external script/style.
Remove crispy forms as a hard dependency.
0.1.4 (2019-11-12)
Add setting to disable patching of the User models.
Patch AnonymousUser to share the properties of the User model.
Add configurable redirect for users that login without 2 step authentication.
Fix 2 step test login when another user was logged in.
0.1.3 (2019-11-07)
Cleanup plugin button/table alignment.
Add Yubikey plugin for django-otp-yubikey.
Only patch AdminSite when admin is installed.
Remove python 2 compatibility classifiers.
0.1.2 (2019-11-06)
Improve and fix documentation.
0.1.1 (2019-11-04)
Set defaul device name if omitted from POST data.
0.1.0 (2019-11-04)
First release on PyPI.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for kleides_mfa-0.1.11-py2.py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 1db3dc5c94c3d2c9393ab91f140ded3fa744bb2f692974112cdd967ba4e2f0ff |
|
MD5 | b6a27a35e0c0ad2c2973ae24aaf5403e |
|
BLAKE2b-256 | 672850e502bc517f59e1434db438c6e80d9eedf34c4fccca3c63eb0f06167b59 |