Skip to main content

Two factor authentication for Wagtail

Project description

This Django app adds two factor authentication to Wagtail. Behind the scenes it use django-otp which supports Time-based One-Time Passwords (TOTP). This allows you to use various apps like Authy, Google Authenticator, or 1Password.

Installation

pip install wagtail-2fa

Then add the following lines to the INSTALLED_APPS list in your Django settings:

INSTALLED_APPS = [
    # ...
    'wagtail_2fa',
    'django_otp',
    'django_otp.plugins.otp_totp',
    # ...
]

Next add the required middleware to the MIDDLEWARE. It should come after the AuthenticationMiddleware:

MIDDLEWARE = [
    # .. other middleware
    # 'django.contrib.auth.middleware.AuthenticationMiddleware',

    'wagtail_2fa.middleware.VerifyUserMiddleware',

    # 'wagtail.core.middleware.SiteMiddleware',
    # .. other middleware
]

Migrate your database:

python manage.py migrate

Settings

The following settings are available (Set via your Django settings):

  • WAGTAIL_2FA_REQUIRED (default False): When set to True all staff, superuser and other users with access to the Wagtail Admin site are forced to login using two factor authentication.

  • WAGTAIL_2FA_OTP_TOTP_NAME (default: False): The issuer name to identify which site is which in your authenticator app. If not set and WAGTAIL_SITE_NAME is defined it uses this. sets OTP_TOTP_ISSUER under the hood.

Making 2FA optional

With the default VerifyUserMiddleware middleware, 2FA is enabled for every user. To make 2FA optional, use the VerifyUserPermissionsMiddleware middleware instead.

To do so, use the VerifyUserPermissionsMiddleware middleware instead of the VerifyUserMiddleware in your Django settings:

MIDDLEWARE = [
    # ...
    # 'wagtail_2fa.middleware.VerifyUserMiddleware',
    'wagtail_2fa.middleware.VerifyUserPermissionsMiddleware',
    # ...
]

When this middleware is used, a checkbox is added to the group permissions and 2FA can be enabled or disabled per group.

2FA is always enabled for superusers, regardless of the middleware used.

Sandbox

First create a new virtualenv with Python 3.8 and activate it. Then run the following commands:

make sandbox

You can then visit http://localhost:8000/admin/ and login with the following credentials:

  • E-mail: superuser@example.com

  • Password: testing

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

wagtail-2fa-1.6.9.tar.gz (17.8 kB view details)

Uploaded Source

Built Distribution

wagtail_2fa-1.6.9-py3-none-any.whl (24.1 kB view details)

Uploaded Python 3

File details

Details for the file wagtail-2fa-1.6.9.tar.gz.

File metadata

  • Download URL: wagtail-2fa-1.6.9.tar.gz
  • Upload date:
  • Size: 17.8 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/4.0.2 CPython/3.11.7

File hashes

Hashes for wagtail-2fa-1.6.9.tar.gz
Algorithm Hash digest
SHA256 568c29f042f237000698e956375e26d599a79e299d5daa1618788b4583ab22b4
MD5 a39cb2b0ea1784d13bb78beffe79019e
BLAKE2b-256 068340e50a73c3025dc8e50daf74f0fac08dfe24baa01f3ce4fbe6c884a665c0

See more details on using hashes here.

File details

Details for the file wagtail_2fa-1.6.9-py3-none-any.whl.

File metadata

  • Download URL: wagtail_2fa-1.6.9-py3-none-any.whl
  • Upload date:
  • Size: 24.1 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/4.0.2 CPython/3.11.7

File hashes

Hashes for wagtail_2fa-1.6.9-py3-none-any.whl
Algorithm Hash digest
SHA256 7793d2fb69dd004ef07f0c7dded8f63aedff29857c5c5c7a237039bdc0093356
MD5 07481ebb30d878614a7011ad2339fe00
BLAKE2b-256 33480c310ec1d0a75946c2722d9206a3152abf60e8367b1d00310797eeadb0f0

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page