2.1 KiB
Installation & Configuration
- Install the package
pip install django-mfa2
-
in your settings.py add the application to your installed apps
INSTALLED_APPS=( '......', 'mfa', '......') -
Add the following settings to your file
MFA_UNALLOWED_METHODS=() # Methods that shouldn't be allowed for the user MFA_LOGIN_CALLBACK="" # A function that should be called by username to login the user in session MFA_RECHECK=True # Allow random rechecking of the user MFA_RECHECK_MIN=10 # Minimum interval in seconds MFA_RECHECK_MAX=30 # Maximum in seconds MFA_QUICKLOGIN=True # Allow quick login for returning users by provide only their 2FA TOKEN_ISSUER_NAME="PROJECT_NAME" #TOTP Issuer name U2F_APPID="https://localhost" #URL For U2 FIDO_SERVER_ID=u"localehost" # Server rp id for FIDO2, it the full domain of your project FIDO_SERVER_NAME=u"PROJECT_NAME" FIDO_LOGIN_URL=BASE_URLMethod Names
- U2F
- FIDO2
- TOTP
- Trusted_Devices
Note: Starting version 1.1,
FIDO_LOGIN_URLisn't required for FIDO2 anymore. -
Add mfa to urls.py
import mfa import mfa.TrustedDevice urls_patterns= [ '...', url(r'^mfa/', include('mfa.urls')), url(r'devices/add$', mfa.TrustedDevice.add,name="mfa_add_new_trusted_device"), # This short link to add new trusted device '....', ] -
Provide
mfa_auth_base.htmlin your templaes with block called 'head' and 'content' The template will be included during the user login. If you will use Email Token method, then you have to provide template namedmfa_email_token_template.htmlthat will content the format of the email with parameter nameduserandotp. -
To match the look and feel of your project, MFA includes
base.htmlbut it needs blocks namedhead&contentto added its content to it. -
Somewhere in your app, add a link to 'mfa_home'
<li><a href="{% url 'mfa_home' %}">Security</a> </li>
Next, you need to change your login code