feature: Improve 2FA #101
Merged
feature: Improve 2FA #101
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
TillerBurr
reviewed
Jun 10, 2019
TillerBurr
reviewed
Jun 10, 2019
TillerBurr
reviewed
Jun 10, 2019
TillerBurr
previously approved these changes
Jun 10, 2019
|
@baurt thanks for your review. I incorporated your ideas. Will merge after that. thanks for sticking with this and hopefully this isn't causing you too much work. |
A rather large refactor with 2 main goals: 1) remove sending personal info as part of initialization during signup 2) implement opt-in in addition to 2FA required mode. While the basic flow and forms didn't change - there were many changes: - A new configuration variable SECURITY_TWO_FACTOR_REQUIRED (default False) If you want old behavior of requiring 2FA - this must be set. - Contents of session cookie are completely different. - CHANGED: Signal names: - 'user-two-factored' -> 'tf_code_confirmed' - 'two_factor_method_changed' -> 'tf_profile_changed' - 2 New signals introduced: 'tf_disabled' and 'tf_security_token_sent' - Code for most 2FA views changed dramatically, however the actual flow should be compatible. - CHANGE: if call /tf-setup and haven't re-confirmed password - now redirect to two_factor_confirm_url rather than login_url. - CHANGED: as part of naming rationalization - the context processor names changed: - two_factor_change_method_password_confirmation_context_processor -> tf_password_verify_context_processor - two_factor_setup_context_processor -> tf_setup_context_processor - two_factor_token_validation_context_processor -> tf_token_validation_context_processor Various bugs and doc improvements: - The two factor _VALIDITY configuration variables were fixed to reflect prior changes which meant these values are now in seconds. - A new message TWO_FACTOR_DISABLED was introduced Testing Improvements: - view_scaffold.py was introduced that makes it easy to test forms. This is a real Flask application that can be run, and using a normal browser can interact with various workflows.
|
@jwag956 No worries. I enjoy looking at it and helping improve the library. |
TillerBurr
approved these changes
Jun 10, 2019
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
A rather large refactor with 2 main goals:
While the basic flow and forms didn't change - there were many changes:
If you want old behavior of requiring 2FA - this must be set.
should be compatible.
two_factor_confirm_url rather than login_url.
Various bugs and doc improvements:
which meant these values are now in seconds.
Testing Improvements:
Flask application that can be run, and using a normal browser can interact with
various workflows.
Closes #95