Django-mfa (Multi Factor Authentication) is a simple package to add extra layer of security to your django web application. It gives web app a randomly changing password as an extra protection.
Clone or download
gregkster and ashwin31 Improved security of remember-my-browser cookie (#32)
* Make it work with Django 2.0.7

* No need to specify the namespace when including django-mfa urls

* Once MFA is successfuly enabled redirect to LOGIN_REDIRECT_URL
Pass optional settings.MFA_ISSUER_NAME to the Authenticator app via QR code

* Added remember-my-browser, a feature allowing to use cookie to remember that
a code has already been entered successfully on a browser and not ask again
for a defined number of days

* Use redirect to LOGIN_REDIRECT_URL instead of HttpResponseRedirect to support
both url path and urlpattern name

* Don't set the remember-my-browser cookie when MFA is enabled.  Make the user
enter the code on next login
Set cookie secure flag based on DEBUG

* Delete the remember-my-browser cookie when disabling MFA

* Fixed required django version in setup.py to >=1.10
Formatting fix in Readme.rst

* Using a fixed salt for Remember-my-browser cookie signing is insecure.
Better to use different salt for different users.  Derive the salt from user's
OTP secret.

* changed python to 3.5

* removed test cases temp
Latest commit 274e9d6 Jan 1, 2019

README.rst

django-mfa

Documentation Status https://travis-ci.org/MicroPyramid/django-mfa.svg?branch=master Latest Release https://coveralls.io/repos/github/MicroPyramid/django-mfa/badge.svg?branch=master Code Health

Django-mfa(Multi-factor Authentication) is a simple django package to add extra layer of security to your web application. Django-mfa is providing easiest integration to enable Multi factor authentication to your django applications. Inspired by the user experience of Google's Authentication, django-mfa allows users to authenticate through text message(SMS) or by using token generator app like google authenticator.

We welcome your feedback on this package. If you run into problems, please raise an issue or contribute to the project by forking the repository and sending some pull requests.

This Package is compatible with Django versions >=1.10 (including at least Django 2.0.7) Documentation is available at readthedocs(http://django-mfa.readthedocs.io/en/latest/)

Quick start

Installation

The Git repository can be cloned with this command:

git clone https://github.com/MicroPyramid/django-mfa

The django_mfa package, included in the distribution, should be placed on the PYTHONPATH.

Otherwise you can just easy_install -Z django-mfa or pip install django-mfa.

Settings

  1. Add app name in settings.py:

    INSTALLED_APPS = [
       '..................',
       'django_mfa',
       '..................'
    ]
    
  2. Add 'django_mfa.middleware.MfaMiddleware' to your project middlewares:

    MIDDLEWARE = [
       '....................................',
       'django_mfa.middleware.MfaMiddleware',
       '....................................',
    ]
    
  3. Optional issuer name. This name will be shown in the Authenticator App along with the username

    MFA_ISSUER_NAME = "Cool Django App"

  4. Optionally enable remember-my-browser. If enabled, the browser will be trusted for specified number of days after the user enters the code once:

    MFA_REMEMBER_MY_BROWSER = True
    MFA_REMEMBER_DAYS = 90
    

Urls

Add the following to your root urls.py file.

urlpatterns = [
    ...

    url(r'^settings/', include('django_mfa.urls')),
]

Done. With these settings you have now, you will get the MFA features.

You can try it by hosting on your own or deploy to Heroku with a button click.

Visit our Django web development page Here

We welcome your feedback and support, raise github ticket if you want to report a bug. Need new features? Contact us here