Two factor authentication for Wagtail

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for blurrah from gravatar.com blurrah Avatar for labdigital from gravatar.com labdigital Avatar for mikedingjan from gravatar.com mikedingjan Avatar for mvt from gravatar.com mvt Avatar for nnist from gravatar.com nnist

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License (MIT)
  • Author: Lab Digital
  • Requires: Python >=3.8
  • Provides-Extra: docs , test
Classifiers
Report project as malware

Project description

This Django app adds two factor authentication to Wagtail. Behind the scenes it use django-otp which supports Time-based One-Time Passwords (TOTP). This allows you to use various apps like Authy, Google Authenticator, or 1Password.

Installation

pip install wagtail-2fa

Then add the following lines to the INSTALLED_APPS list in your Django settings:

INSTALLED_APPS = [
    # ...
    'wagtail_2fa',
    'django_otp',
    'django_otp.plugins.otp_totp',
    # ...
]

Next add the required middleware to the MIDDLEWARE. It should come after the AuthenticationMiddleware:

MIDDLEWARE = [
    # .. other middleware
    # 'django.contrib.auth.middleware.AuthenticationMiddleware',

    'wagtail_2fa.middleware.VerifyUserMiddleware',

    # 'wagtail.core.middleware.SiteMiddleware',
    # .. other middleware
]

Migrate your database:

python manage.py migrate

Settings

The following settings are available (Set via your Django settings):

  • WAGTAIL_2FA_REQUIRED (default False): When set to True all staff, superuser and other users with access to the Wagtail Admin site are forced to login using two factor authentication.

  • WAGTAIL_2FA_OTP_TOTP_NAME (default: False): The issuer name to identify which site is which in your authenticator app. If not set and WAGTAIL_SITE_NAME is defined it uses this. sets OTP_TOTP_ISSUER under the hood.

Making 2FA optional

With the default VerifyUserMiddleware middleware, 2FA is enabled for every user. To make 2FA optional, use the VerifyUserPermissionsMiddleware middleware instead.

To do so, use the VerifyUserPermissionsMiddleware middleware instead of the VerifyUserMiddleware in your Django settings:

MIDDLEWARE = [
    # ...
    # 'wagtail_2fa.middleware.VerifyUserMiddleware',
    'wagtail_2fa.middleware.VerifyUserPermissionsMiddleware',
    # ...
]

When this middleware is used, a checkbox is added to the group permissions and 2FA can be enabled or disabled per group.

2FA is always enabled for superusers, regardless of the middleware used.

Sandbox

First create a new virtualenv with Python 3.8 and activate it. Then run the following commands:

make sandbox

You can then visit http://localhost:8000/admin/ and login with the following credentials:

  • E-mail: superuser@example.com

  • Password: testing

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for blurrah from gravatar.com blurrah Avatar for labdigital from gravatar.com labdigital Avatar for mikedingjan from gravatar.com mikedingjan Avatar for mvt from gravatar.com mvt Avatar for nnist from gravatar.com nnist

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License (MIT)
  • Author: Lab Digital
  • Requires: Python >=3.8
  • Provides-Extra: docs , test
Classifiers

Release history Release notifications | RSS feed

This version

1.7.1

1.6.9

1.6.8

1.6.7

1.6.6

1.6.5

1.6.3

1.6.0

1.5.0

1.4.2

1.4.1

1.4.0

1.3.4

1.3.3

1.3.2

1.3.1

1.3.0

1.2.0

1.1.0

1.0.1

1.0.0

0.1.0

0.0.3

0.0.2

0.0.1

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

wagtail-2fa-1.7.1.tar.gz (19.1 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

wagtail_2fa-1.7.1-py3-none-any.whl (25.3 kB view details)

Uploaded Python 3

File details

Details for the file wagtail-2fa-1.7.1.tar.gz.

File metadata

  • Download URL: wagtail-2fa-1.7.1.tar.gz
  • Upload date:
  • Size: 19.1 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.1.0 CPython/3.12.9

File hashes

Hashes for wagtail-2fa-1.7.1.tar.gz
Algorithm Hash digest
SHA256 cbffe7c0fe939428e3aa41ca356d152a1e108cb6afc910102ec390d7a0255711
MD5 9411ead9b90e965da32127124b7d29a0
BLAKE2b-256 e5b4903d1962cdc7ad0ec268ad12ab0b1097a79586e88be4836b5dfee6e114f2

See more details on using hashes here.

File details

Details for the file wagtail_2fa-1.7.1-py3-none-any.whl.

File metadata

  • Download URL: wagtail_2fa-1.7.1-py3-none-any.whl
  • Upload date:
  • Size: 25.3 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.1.0 CPython/3.12.9

File hashes

Hashes for wagtail_2fa-1.7.1-py3-none-any.whl
Algorithm Hash digest
SHA256 98f8d2f1815420933b674745768b56f57579d8a0ee3e2ea1b077e89adeae36c2
MD5 93a9e4b286491bec012914e3493eca44
BLAKE2b-256 6c33275ccb8152319f4a40dbf1b9411fe830d74c27e059521763c0f0cd72f8b8

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page