Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support two factor auth #3523

Open
agjohnson opened this issue Jan 16, 2018 · 6 comments

Comments

Projects
None yet
3 participants
@agjohnson
Copy link
Contributor

commented Jan 16, 2018

We should enable 2fa for dashboard users. I keep wanting to add site admin features to the dashboard, but then think about the security aspects of adding these features and find myself also wanting 2fa. There are some libraries that do handle a 2fa workflow for standard django logins, but i don't know if this extends to django + allauth or django + mamacas.

I'm sure we're probably in agreement of this being an important feature, but I'm not sure we can gauge the importance of 2fa for users. I'm sure community users would use a feature like this, and site admins would use this feature -- I doubt this is in high demand for commercial hosting customers though.

The following thoughts come to mind:

  • Is this too hard? Does allauth play well with a 2fa workflow?
  • Is there any reason besides complicating login that we shouldn't?
@ericholscher

This comment has been minimized.

Copy link
Member

commented Mar 27, 2018

I'm +0 on adding it. I don't think RTD is so sensitive that we are a common attack vector. I'm much more worried about building authoring features before building something like this, unless it's simple to do with a pluggable Django app. Unless users are specifically asking for this, I don't see it as a high priority (sadly).

@agjohnson

This comment has been minimized.

Copy link
Contributor Author

commented Mar 29, 2018

Yeah, i agree on priority here. This is a feature that i consider more important for commercial hosting, but I also haven't had any requests for this feature though.

@agjohnson

This comment has been minimized.

Copy link
Contributor Author

commented Mar 29, 2018

Also, I think a lot of what I want to add would probably be more applicable as a django admin action instead of an on site admin only feature.

@stale

This comment has been minimized.

Copy link

commented Jan 10, 2019

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@stale stale bot added the Status: stale label Jan 10, 2019

@ericholscher

This comment has been minimized.

Copy link
Member

commented Jan 10, 2019

Accepted 👍

@stale stale bot removed Status: stale labels Jan 10, 2019

@dojutsu-user

This comment has been minimized.

Copy link
Member

commented Feb 2, 2019

@agjohnson

more applicable as a django admin action instead of an on site admin only feature

I am a little confused on this line on what this means?
Also the Needed: design decision tag is removed. Can it be made clear on what needs to be done?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.