Interface components to configure and manage multi factor authentication
Project description
Kleides Multi Factor Authentication
Kleides MFA provides a convenient interface to configure, manage and authenticate with multi factor authentication for django-otp plugins. Currently supported plugins are:
Static devices included in django-otp.
TOTP devices included in django-otp.
Yubikey devices using django-otp-yubikey.
U2F devices using django-otp-u2f.
Free software: GNU General Public License v3
Documentation: https://kleides-mfa.readthedocs.io.
Install
pip install kleides-mfa
Add kleides_mfa to your INSTALLED_APPS with your preferred django-otp plugins:
INSTALLED_APPS = [ ... 'django_otp', 'django_otp.plugins.otp_static', 'django_otp.plugins.otp_totp', 'kleides_mfa', ... ]
Add kleides_mfa.middleware.KleidesAuthenticationMiddleware to the MIDDLEWARE setting after the Django AuthenticationMiddleware:
MIDDLEWARE = [ ... 'django.contrib.auth.middleware.AuthenticationMiddleware', 'kleides_mfa.middleware.KleidesAuthenticationMiddleware', ... ]
Do not use django_otp.middleware.OTPMiddleware with Kleides MFA as it will not be able to load the OTP device.
Set the LOGIN_URL:
LOGIN_URL = 'kleides_mfa:login'
Include kleides_mfa.urls in your urlpatterns:
urlpatterns = [ path('', include('kleides_mfa.urls')), ]
Extending Kleides MFA
You can add or replace authentication methods using the kleides_mfa.registry.KleidesMfaPluginRegistry. Documentation is currently lacking but you can check the implementation of currently supported django-otp plugins to get a basic idea.
In short for devices using django-otp:
Register the django-otp model with the registration and verification form in the apps ready.
Device registration should be contained in the create_form_class.
Device verification should be contained in the verify_form_class.
History
0.1.12 (2020-09-23)
Add python 3.8 and Django 3.1 to support matrix.
Test unprintable token input.
Remove future statements.
Remove non-optional PATCH_USER setting.
0.1.11 (2020-06-11)
Fix unset plugin attribute on PermissionDeniedError.
0.1.10 (2020-06-09)
Restart authentication when accessing a bad device.
0.1.9 (2020-04-15)
Replace deprecated Django-3.0 functions.
Fix session cleanup after login as different user.
0.1.8 (2019-12-10)
Escape the next parameter in the “Other method” device selection.
Show device name in verification form.
0.1.7 (2019-11-18)
Actually remove django-crispy-forms as a hard dependency.
Add function to get the authentication method of a logged in user.
0.1.6 (2019-11-14)
Preserve next parameter when redirecting to verification url.
0.1.5 (2019-11-14)
Use cloudflare for all external script/style.
Remove crispy forms as a hard dependency.
0.1.4 (2019-11-12)
Add setting to disable patching of the User models.
Patch AnonymousUser to share the properties of the User model.
Add configurable redirect for users that login without 2 step authentication.
Fix 2 step test login when another user was logged in.
0.1.3 (2019-11-07)
Cleanup plugin button/table alignment.
Add Yubikey plugin for django-otp-yubikey.
Only patch AdminSite when admin is installed.
Remove python 2 compatibility classifiers.
0.1.2 (2019-11-06)
Improve and fix documentation.
0.1.1 (2019-11-04)
Set defaul device name if omitted from POST data.
0.1.0 (2019-11-04)
First release on PyPI.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for kleides_mfa-0.1.12-py2.py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | b45d967fcef9f54ce04fd279d73f6fb70d4a0c161da000bf59f549ef2a6f90e0 |
|
MD5 | 381f51c161c829999d2239dfc4466365 |
|
BLAKE2b-256 | a0592cfff145119570de17eed8bb6509511036f29331a897f3697efc50633d95 |