New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Email 2fa #423
Email 2fa #423
Conversation
Fix and update tests Fixes after code review Move user.save() in rigth place Remove unnecessary import
Hi @pickfire, Thanks for reviving this and continuing the effort from #267. I am in the midst of considering bolting on a custom implementation using email, however would prefer to adjust/extend the use of this package, so if this is merged, it would greatly help. It looks like a review is required and is the blocker at the moment. Perhaps you could add @Atterratio as the reviewer? Thanks again! |
I cannot since I don't have permission but I don't think he will review it since he is not active in the original patch as well. |
Hi @pickfire, thanks for this. Perhaps @moggers87 could take a look at this since it is a continuation from the previous PRs work (#267) and seems the most likely contributor to know what is required to get this over the line. |
I have requested a review from @moggers87 |
This is awesome, and exactly what we were looking for! Thank you very much for picking this enhancement back up and running with it. We would love to apply this to our production environment and wanted to see if there is any chance this could be reviewed and merged? |
I am waiting for reviewer, not sure if the maintainers are still active. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A few changes required, otherwise good 👍
two_factor/models.py
Outdated
|
||
number = PhoneNumberField() | ||
drift_range = () |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
drift_range
should be set to None
here. That way if someone forgets to set it, they'll get an error.
two_factor/models.py
Outdated
if totp(self.bin_key, drift=drift, digits=totp_digits()) == token: | ||
return True | ||
return False | ||
|
||
def get_throttle_factor(self): | ||
return getattr(settings, 'TWO_FACTOR_PHONE_THROTTLE_FACTOR', 1) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This should not be in the mixin and there should be a TWO_FACTOR_EMAIL_THROTTLE_FACTOR
setting for EmailDevice
I hoped that #331 would be merged before any new capability addition. The more we wait the more it will be difficult to change the module structure. |
@claudep that's a slightly bigger change, which is why I keep delaying merging it 😆 |
Actually nothing can get merged yet anyway because Travis is down and I need to complete #425 to fix that. |
Suggested by moggers87
Hello, I'm following this pull request as I'm looking to use emails for the authorization too. Are there any updates on this? :) Thanks! |
I am also interested in email support. And I am guessing it's a feature that would be in demand. Can I ask what is holding this PR up at the moment? Original PR is from 2018. @moggers87 it looks like @pickfire has applied your requested changes (admit I haven't looked at the code) Do you have time for this? As things stand we might try to implement the PR directly ourselves but we would be more relaxed about it if this PR was merged :) Thanks to everyone for their work on this. |
@moggers87 (CC @pickfire) I'm also interested in having this merged. |
FYI I'm currently trying to refresh this patch based on the new plugin-based method. |
The new version is now in #475. |
Revive #267 thanks to @Atterratio for the initial patch. I did some changes based on the reviews on the original pull requests and some doc style fixes.
Description
Make possible two-factor authorization using emails.
Motivation and Context
Although this way of two-factor authentication is not very reliable, it can be preferable for some users.
How Has This Been Tested?
Tested in a local project. Not fully tested but I tried it out. Didn't look closely at old PR.
Screenshots (if appropriate):
Types of changes
Checklist: