Two factor authentication for Wagtail
Project description
This Django app add’s two factor authentication to Wagtail. Behind the scenes it use django-otp which supports Time-based One-Time Passwords (TOTP). This allows you to use various apps like Authy, Google Authenticator, or 1Password.
Installation
pip install wagtail-2faThen add the following lines to the INSTALLED_APPS list in your Django settings:
INSTALLED_APPS = [
# ...
'wagtail_2fa',
'django_otp',
'django_otp.plugins.otp_totp',
# ...
]Add the following line to the MIDDLEWARE list in your Django settings:
MIDDLEWARE = [
# ...
'wagtail_2fa.middleware.VerifyUserMiddleware',
# ...
]Migrate your database:
python manage.py migrateNext add the required middleware to the MIDDLEWARE. It should come after the AuthenticationMiddleware:
MIDDLEWARE = [
# .. other middleware
# 'django.contrib.auth.middleware.AuthenticationMiddleware',
'wagtail_2fa.middleware.VerifyUserMiddleware',
# 'wagtail.core.middleware.SiteMiddleware',
# .. other middleware
]Settings
The following settings are available (Set via your Django settings):
WAGTAIL_2FA_REQUIRED (default False): When set to True all staff, superuser and other users with access to the Wagtail Admin site are forced to login using two factor authentication.
WAGTAIL_MOUNT_PATH (default: ''): The uWSGI mount point that Wagtail is running at. Ex. /wagtail
WAGTAIL_2FA_OTP_TOTP_NAME (default: False): The issuer name to identify which site is which in your authenticator app. If not set and WAGTAIL_SITE_NAME is defined it uses this. sets OTP_TOTP_ISSUER under the hood.
Making 2FA optional
With the default VerifyUserMiddleware middleware, 2FA is enabled for every user. To make 2FA optional, use the VerifyUserPermissionsMiddleware middleware instead.
To do so, use the VerifyUserPermissionsMiddleware middleware instead of the VerifyUserMiddleware in your Django settings:
MIDDLEWARE = [
# ...
# 'wagtail_2fa.middleware.VerifyUserMiddleware',
'wagtail_2fa.middleware.VerifyUserPermissionsMiddleware',
# ...
]When this middleware is used, a checkbox is added to the group permissions and 2FA can be enabled or disabled per group.
2FA is always enabled for superusers, regardless of the middleware used.
Sandbox
First create a new virtualenv with Python 3.6.1 and activate it. Then run the following commands:
make sandbox
You can then visit http://localhost:8000/admin/ and login with the following credentials:
E-mail: superuser@example.com
Password: testing
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file wagtail-2fa-1.3.1.tar.gz.
File metadata
- Download URL: wagtail-2fa-1.3.1.tar.gz
- Upload date:
- Size: 16.3 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.1.0 pkginfo/1.5.0.1 requests/2.22.0 setuptools/40.8.0 requests-toolbelt/0.9.1 tqdm/4.39.0 CPython/3.7.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 27a1a5fa0decc7a996c1743579ca06ff995799b407b3bc26d3830c62e0295f10 |
|
| MD5 | 031c6436db375452b6193f0bc2c10d74 |
|
| BLAKE2b-256 | 6a70acaee66fd0664b605eb6faa1dea9610025e1c30ef90ece0653c8e864ba3f |
File details
Details for the file wagtail_2fa-1.3.1-py3-none-any.whl.
File metadata
- Download URL: wagtail_2fa-1.3.1-py3-none-any.whl
- Upload date:
- Size: 21.7 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.1.0 pkginfo/1.5.0.1 requests/2.22.0 setuptools/40.8.0 requests-toolbelt/0.9.1 tqdm/4.39.0 CPython/3.7.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | bdb409de1c93802313319f13e3e24f51379148447b2a6ee71d1870b1cc8ea65f |
|
| MD5 | dc87b223c62127bcc3c65258ebed0e93 |
|
| BLAKE2b-256 | e8fcd213f7a0a212d58cec6f8c4c3eb59640bfd9654c57e67270bb43107997e5 |
