django_tfa

0.1 GPL (GNU General Public License)    
  UNRATED

  137 downloads

Two factor authentication support for Django projects (Time based tokens)

description

download

specs

django_tfa is a Django app that implements Two-Factor authentication based on Django's contrib.auth.

One Time Tokens are generated using Tomasz's onetimepass (https://github.com/tadeck/onetimepass). This module is already included in this distribution (file: otp.py). Django_tfa uses TOTPs (Time-based One Time Passwords) with base32 encoded secrets. It's fully compatible with Google Authenticator (download from http://code.google.com/p/google-authenticator/) and maybe other apps.

Installation

Devel:

git clone git://github.com/lusentis/django_tfa.git
sudo python setup.py install


Stable:

sudo easy_install django_tfa

Setup

1. Add twofactor to your INSTALLED_APPS list.

 INSTALLED_APPS = ( ... 'twofactor', ... )

2. Sync database (optional: use south)

 # no south:
 ./manage.py syncdb

 # south (recomended):
 ./manage.py schemamigration --initial twofactor
 ./manage.py syncdb
 ./manage.py migrate


1. Add some settings (optional, defaults are shown)

 from twofactor.callbacks import everyone_must_have_otp
 TWOFACTOR_ENABLED_CALLBACK = everyone_must_have_otp
 TWOFACTOR_ENABLE_AT_FIRST_LOGIN = True
 TWOFACTOR_TOKEN_LENGTH = 32


1. Add login and logout templates (the same you use with contrib.auth)

2. Add twofactor urls to your root urls.py

 url(r'^login/$', 'twofactor.views.login_view', {'template_name':'login.html'},
 name='login'),
 url(r'^login/tfa$', 'twofactor.views.login_twofactor', {'template_name':'login_twofactor.html'},
 name='login_twofactor'),
 url(r'^login/tfa/enable$', 'twofactor.views.twofactor_enable',
 name='login_twofactor_enable'),


You need to replace your existing /login/ url from django.contrib.auth.

1. Add some users from Django admin or ./manage.py shell

Bugs

- Post-login redirect is not handled correctly, so you should have a urlpattern named "home" that is where you want to be reidrected after the login.

- Putting twofactor's urls in a separate file (eg: twofactor.urls) breaks the urlconf reverse function... why?

Sample


Clone this repo and run:

./manage.py syncdb
./manage.py runserver


and point your browser to http://localhost:8000
read more   
Last updated on January 6th, 2012

#Two-Factor authentication #time based tokens #Django #Two-Factor #authentication #tokens

0 User reviews so far.

SUBMIT