Adding in MFA

Fixes #2201
2024-08-30 18:33:04 +00:00 · 2021-10-27 21:35:00 +02:00 · 2021-10-27 21:35:00 +02:00 · aa7b78f41d
commit aa7b78f41d
parent 5cd9be6845
3 changed files with 13 additions and 2 deletions
--- a/InvenTree/InvenTree/settings.py
+++ b/InvenTree/InvenTree/settings.py
@ -284,6 +284,12 @@ INSTALLED_APPS = [
    'allauth',                              # Base app for SSO
    'allauth.account',                      # Extend user with accounts
    'allauth.socialaccount',                # Use 'social' providers
+
+    'django_otp',                           # OTP is needed for MFA - base package
+    'django_otp.plugins.otp_totp',          # Time based OTP
+    'django_otp.plugins.otp_static',        # Backup codes
+
+    'allauth_2fa',                          # MFA flow for allauth
 ]

 MIDDLEWARE = CONFIG.get('middleware', [
@ -294,6 +300,8 @@ MIDDLEWARE = CONFIG.get('middleware', [
    'django.middleware.csrf.CsrfViewMiddleware',
    'corsheaders.middleware.CorsMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
+    'django_otp.middleware.OTPMiddleware',                      # MFA support
+    'allauth_2fa.middleware.AllauthTwoFactorMiddleware',        # Flow control for allauth
    'django.contrib.messages.middleware.MessageMiddleware',
    'django.middleware.clickjacking.XFrameOptionsMiddleware',
    'InvenTree.middleware.AuthRequiredMiddleware'
@ -689,7 +697,8 @@ ACCOUNT_FORMS = {
 }

 SOCIALACCOUNT_ADAPTER = 'InvenTree.forms.CustomSocialAccountAdapter'
-ACCOUNT_ADAPTER = 'InvenTree.forms.CustomAccountAdapter'
+# ACCOUNT_ADAPTER = 'InvenTree.forms.CustomAccountAdapter'  # TODO monkey-patch adapter
+ACCOUNT_ADAPTER = 'allauth_2fa.adapter.OTPAdapter'

 # Markdownx configuration
 # Ref: https://neutronx.github.io/django-markdownx/customization/
--- a/InvenTree/InvenTree/urls.py
+++ b/InvenTree/InvenTree/urls.py
@ -167,7 +167,8 @@ urlpatterns = [
    url(r'^accounts/email/', CustomEmailView.as_view(), name='account_email'),
    url(r'^accounts/social/connections/', CustomConnectionsView.as_view(), name='socialaccount_connections'),
    url(r"^accounts/password/reset/key/(?P<uidb36>[0-9A-Za-z]+)-(?P<key>.+)/$", CustomPasswordResetFromKeyView.as_view(), name="account_reset_password_from_key"),
-    url(r'^accounts/', include('allauth.urls')),  # included urlpatterns
+    url(r'^accounts/', include('allauth_2fa.urls')),    # MFA support
+    url(r'^accounts/', include('allauth.urls')),        # included urlpatterns
 ]

 # Server running in "DEBUG" mode?
--- a/requirements.txt
+++ b/requirements.txt
@ -7,6 +7,7 @@ coveralls==2.1.2                # Coveralls linking (for Travis)
 cryptography==3.4.8             # Cryptography support
 django-admin-shell==0.1.2       # Python shell for the admin interface
 django-allauth==0.45.0          # SSO for external providers via OpenID
+django-allauth-2fa==0.8         # MFA / 2FA
 django-cleanup==5.1.0           # Manage deletion of old / unused uploaded files
 django-cors-headers==3.2.0      # CORS headers extension for DRF
 django-crispy-forms==1.11.2     # Form helpers