Skip to content

labd/wagtail-2fa

master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
14 branches 23 tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
.github
 
 
docs
 
 
sandbox
 
 
src/wagtail_2fa
 
 
tests
 
 
.editorconfig
 
 
.gitignore
 
 
CHANGES
 
 
LICENSE
 
 
MANIFEST.in
 
 
Makefile
 
 
README.rst
 
 
setup.cfg
 
 
setup.py
 
 
tox.ini
 
 
wagtail-2fa Installation Settings Making 2FA optional Sandbox

README.rst

http://codecov.io/github/labd/wagtail-2fa/coverage.svg?branch=master https://readthedocs.org/projects/wagtail-2fa/badge/?version=stable https://img.shields.io/github/stars/labd/wagtail-2fa.svg?style=social&logo=github

wagtail-2fa

This Django app adds two factor authentication to Wagtail. Behind the scenes it use django-otp which supports Time-based One-Time Passwords (TOTP). This allows you to use various apps like Authy, Google Authenticator, or 1Password.

Installation

pip install wagtail-2fa

Then add the following lines to the INSTALLED_APPS list in your Django settings:

INSTALLED_APPS = [
    # ...
    'wagtail_2fa',
    'django_otp',
    'django_otp.plugins.otp_totp',
    # ...
]

Next add the required middleware to the MIDDLEWARE. It should come after the AuthenticationMiddleware:

MIDDLEWARE = [
    # .. other middleware
    # 'django.contrib.auth.middleware.AuthenticationMiddleware',

    'wagtail_2fa.middleware.VerifyUserMiddleware',

    # 'wagtail.core.middleware.SiteMiddleware',
    # .. other middleware
]

Migrate your database:

python manage.py migrate

Settings

The following settings are available (Set via your Django settings):

  • WAGTAIL_2FA_REQUIRED (default False): When set to True all staff, superuser and other users with access to the Wagtail Admin site are forced to login using two factor authentication.
  • WAGTAIL_2FA_OTP_TOTP_NAME (default: False): The issuer name to identify which site is which in your authenticator app. If not set and WAGTAIL_SITE_NAME is defined it uses this. sets OTP_TOTP_ISSUER under the hood.

Making 2FA optional

With the default VerifyUserMiddleware middleware, 2FA is enabled for every user. To make 2FA optional, use the VerifyUserPermissionsMiddleware middleware instead.

To do so, use the VerifyUserPermissionsMiddleware middleware instead of the VerifyUserMiddleware in your Django settings:

MIDDLEWARE = [
    # ...
    # 'wagtail_2fa.middleware.VerifyUserMiddleware',
    'wagtail_2fa.middleware.VerifyUserPermissionsMiddleware',
    # ...
]

When this middleware is used, a checkbox is added to the group permissions and 2FA can be enabled or disabled per group.

2FA is always enabled for superusers, regardless of the middleware used.

Sandbox

First create a new virtualenv with Python 3.8 and activate it. Then run the following commands:

make sandbox

You can then visit http://localhost:8000/admin/ and login with the following credentials:

  • E-mail: superuser@example.com
  • Password: testing

About

2 Factor Authentication for Wagtail

wagtail-2fa.readthedocs.io/en/latest/

Topics

python django wagtail 2fa

Resources

Readme

License

MIT license

Stars

76 stars

Watchers

10 watching

Forks

29 forks

Releases 6

1.6.5 Latest
Feb 1, 2023
+ 5 releases

Packages

No packages published

Contributors 22

+ 11 contributors

Languages