2FA authentication for CKAN
Project description
This extension partially based on the ckanext-security
The extension provides a 2FA authentication mechanism for CKAN.
There are two methods of 2FA available:
- TOTP (Time-based One-Time Password) with authenticator apps like Google Authenticator, Authy, etc.
Requirements
This extension uses Redis, so it must be configured for CKAN.
Compatibility with core CKAN versions:
| CKAN version | Compatible? |
|---|---|
| 2.9 and earlier | no |
| 2.10+ | yes |
If you want to add compatibility with CKAN 2.9 and earlier, you can contact me and I'll help you with that.
Installation
To install ckanext-auth:
-
Activate your CKAN virtual environment, for example:
. /usr/lib/ckan/default/bin/activate -
Clone the source and install it on the virtualenv
git clone https://github.com//ckanext-auth.git cd ckanext-auth pip install -e . pip install -r requirements.txt -
Add
authto theckan.pluginssetting in your CKAN config file (by default the config file is located at/etc/ckan/default/ckan.ini). -
Restart CKAN. For example if you've deployed CKAN with Apache on Ubuntu:
sudo service apache2 reload
Config settings
There are several configuration settings available for this extension:
- key: ckanext.auth.2fa_enabled
default: true
type: bool
description: Enable two-factor authentication for users
- key: ckanext.auth.2fa_method
default: email
description: The method to use for two-factor authentication. Options are email or authenticator.
- key: ckanext.auth.2fa_email_interval
default: 600
type: int
description: TTL for the authentication code sent via email in seconds. Default is 10 minutes.
- key: ckanext.auth.2fa_login_timeout
default: 900
type: int
description: Login timeout in seconds after N failed attempted. Default is 15 minutes.
- key: ckanext.auth.2fa_login_max_attempts
default: 10
type: int
description: Number of failed login attempts before the login timeout is triggered.
If you have the ckanext-admin-panel installed, the configuration settings will be available in the admin panel too.
How to
- If you want to change the email for email 2FA, you can do it by creating a new template file at
auth/emails/verification_code.html.
Tests
To run the tests, do:
pytest --ckan-ini=test.ini
License
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file ckanext_auth-0.1.31.tar.gz.
File metadata
- Download URL: ckanext_auth-0.1.31.tar.gz
- Upload date:
- Size: 39.5 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/5.1.1 CPython/3.8.10
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | ec00f6f3166b58b5d324ad4ea6fa668ada5ab339f3a1ea357fc40b30fad00c35 |
|
| MD5 | 375d913dce6685a1b8b30996925e88a5 |
|
| BLAKE2b-256 | 281cb3cf3904e203fb06612f9d8d68d994e7b5ed7f17ead58a44ca9ab7a3363c |
File details
Details for the file ckanext_auth-0.1.31-py3-none-any.whl.
File metadata
- Download URL: ckanext_auth-0.1.31-py3-none-any.whl
- Upload date:
- Size: 46.0 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/5.1.1 CPython/3.8.10
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 61ba1a7594d70bad0d86f4f0b4f9b7a2f5c28c5db4be79b6cef23bca0c3fc5f1 |
|
| MD5 | 603aad1f28678fe91db54782ee8b0d0e |
|
| BLAKE2b-256 | c0541f109070b9429ad10ac7faca209ba029e0bdfea28fe92976b305a5851753 |
