From a702739d01d37d58a52ba4fea68be1d54016e6aa Mon Sep 17 00:00:00 2001 From: Spitap Date: Wed, 7 Sep 2022 17:17:25 +0200 Subject: [PATCH] Documentation changes, test_db to .gitignore --- .gitignore | 1 + EXAMPLE.md | 12 +++++++++++- README.md | 11 +++++------ ...{requiremnts.txt => example-ssl-requirements.txt} | 1 - requirements.txt | 2 +- 5 files changed, 18 insertions(+), 9 deletions(-) rename example/{requiremnts.txt => example-ssl-requirements.txt} (54%) diff --git a/.gitignore b/.gitignore index b6d98ff..f3d5cc3 100644 --- a/.gitignore +++ b/.gitignore @@ -104,3 +104,4 @@ venv.bak/ # mypy .mypy_cache/ +example/test_db diff --git a/EXAMPLE.md b/EXAMPLE.md index b38b93a..c80bce9 100644 --- a/EXAMPLE.md +++ b/EXAMPLE.md @@ -4,5 +4,15 @@ `virtualenv venv` 1. activate env `source venv/bin/activate` 1. install requirements `pip install -r requirements.txt` +1. cd to example project `cd example` 1. migrate `python manage.py migrate` -1. create super user 'python manage.py createsuperuser' \ No newline at end of file +1. create super user `python manage.py createsuperuser` +1. start the serveur `python manage.py runserver` + +# Notes for SSL + +To test FIDO2 you need to use HTTPS, after the above steps are done: + +1. stop the server +1. install requirements `pip install -r example-ssl-requirements.txt` +1. start the ssl server `python manage.py runsslserver` diff --git a/README.md b/README.md index e113f1e..d584832 100644 --- a/README.md +++ b/README.md @@ -68,7 +68,7 @@ Depends on ```python from django.conf.global_settings import PASSWORD_HASHERS as DEFAULT_PASSWORD_HASHERS #Preferably at the same place where you import your other modules - MFA_UNALLOWED_METHODS=() # Methods that shouldn't be allowed for the user + MFA_UNALLOWED_METHODS=() # Methods that shouldn't be allowed for the user e.g ('TOTP','U2F',) MFA_LOGIN_CALLBACK="" # A function that should be called by username to login the user in session MFA_RECHECK=True # Allow random rechecking of the user MFA_REDIRECT_AFTER_REGISTRATION="mfa_home" # Allows Changing the page after successful registeration @@ -80,16 +80,15 @@ Depends on MFA_RENAME_METHODS={} #Rename the methods in a more user-friendly way e.g {"RECOVERY":"Backup Codes"} (Added in 2.6.0) MFA_HIDE_DISABLE=('FIDO2',) # Can the user disable his key (Added in 1.2.0). MFA_OWNED_BY_ENTERPRISE = FALSE # Who owns security keys - PASSWORD_HASHERS = DEFAULT_PASSWORD_HASHERS #Comment if PASSWORD_HASHER already set - PASSWORD_HASHERS += ['mfa.recovery.Hash'] + PASSWORD_HASHERS = DEFAULT_PASSWORD_HASHERS # Comment if PASSWORD_HASHER already set in your settings.py + PASSWORD_HASHERS += ['mfa.recovery.Hash'] RECOVERY_ITERATION = 350000 #Number of iteration for recovery code, higher is more secure, but uses more resources for generation and check... TOKEN_ISSUER_NAME="PROJECT_NAME" #TOTP Issuer name U2F_APPID="https://localhost" #URL For U2F - FIDO_SERVER_ID=u"localehost" # Server rp id for FIDO2, it the full domain of your project + FIDO_SERVER_ID=u"localehost" # Server rp id for FIDO2, it is the full domain of your project FIDO_SERVER_NAME=u"PROJECT_NAME" - FIDO_LOGIN_URL=BASE_URL ``` **Method Names** * U2F @@ -105,7 +104,7 @@ Depends on * Starting version 2.2.0 * Added: `MFA_SUCCESS_REGISTRATION_MSG` & `MFA_REDIRECT_AFTER_REGISTRATION` Start version 2.6.0 - * Added: `MFA_ALWAYS_GO_TO_LAST_METHOD`, & `MFA_RENAME_METHODS` + * Added: `MFA_ALWAYS_GO_TO_LAST_METHOD`, `MFA_RENAME_METHODS`, `MFA_ENFORCE_RECOVERY_METHOD` & `RECOVERY_ITERATION` 4. Break your login function Usually your login function will check for username and password, log the user in if the username and password are correct and create the user session, to support mfa, this has to change diff --git a/example/requiremnts.txt b/example/example-ssl-requirements.txt similarity index 54% rename from example/requiremnts.txt rename to example/example-ssl-requirements.txt index 5809842..373b09d 100644 --- a/example/requiremnts.txt +++ b/example/example-ssl-requirements.txt @@ -1,2 +1 @@ -django >= 2.2 django-sslserver diff --git a/requirements.txt b/requirements.txt index 08f8d07..ba3a23f 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,4 +1,4 @@ -django >= 2.0 +django >= 2.2 jsonfield simplejson pyotp