-
Notifications
You must be signed in to change notification settings - Fork 155
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feature: Improve 2FA #101
feature: Improve 2FA #101
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The views did change quite a bit, glad I didn't start writing tests. I think this is good to merge.
@baurt thanks for your review. I incorporated your ideas. Will merge after that. thanks for sticking with this and hopefully this isn't causing you too much work. |
A rather large refactor with 2 main goals: 1) remove sending personal info as part of initialization during signup 2) implement opt-in in addition to 2FA required mode. While the basic flow and forms didn't change - there were many changes: - A new configuration variable SECURITY_TWO_FACTOR_REQUIRED (default False) If you want old behavior of requiring 2FA - this must be set. - Contents of session cookie are completely different. - CHANGED: Signal names: - 'user-two-factored' -> 'tf_code_confirmed' - 'two_factor_method_changed' -> 'tf_profile_changed' - 2 New signals introduced: 'tf_disabled' and 'tf_security_token_sent' - Code for most 2FA views changed dramatically, however the actual flow should be compatible. - CHANGE: if call /tf-setup and haven't re-confirmed password - now redirect to two_factor_confirm_url rather than login_url. - CHANGED: as part of naming rationalization - the context processor names changed: - two_factor_change_method_password_confirmation_context_processor -> tf_password_verify_context_processor - two_factor_setup_context_processor -> tf_setup_context_processor - two_factor_token_validation_context_processor -> tf_token_validation_context_processor Various bugs and doc improvements: - The two factor _VALIDITY configuration variables were fixed to reflect prior changes which meant these values are now in seconds. - A new message TWO_FACTOR_DISABLED was introduced Testing Improvements: - view_scaffold.py was introduced that makes it easy to test forms. This is a real Flask application that can be run, and using a normal browser can interact with various workflows.
@jwag956 No worries. I enjoy looking at it and helping improve the library. |
A rather large refactor with 2 main goals:
While the basic flow and forms didn't change - there were many changes:
If you want old behavior of requiring 2FA - this must be set.
should be compatible.
two_factor_confirm_url rather than login_url.
Various bugs and doc improvements:
which meant these values are now in seconds.
Testing Improvements:
Flask application that can be run, and using a normal browser can interact with
various workflows.
Closes #95