.. image:: https://cybersecurity-excellence-awards.com/wp-content/uploads/2021/06/badges_2022_Silver.png :target: https://cybersecurity-excellence-awards.com/candidates/merixstudio-django-trench-multi-factor-authentication-set/
.. image:: https://github.com/merixstudio/django-trench/actions/workflows/django-package.yml/badge.svg :target: https://github.com/merixstudio/django-trench/actions/workflows/django-package.yml
.. image:: https://codecov.io/gh/merixstudio/django-trench/branch/master/graph/badge.svg?token=U4yDiXUDkb :target: https://codecov.io/gh/merixstudio/django-trench
.. image:: https://readthedocs.org/projects/django-trench/badge/?version=latest :target: https://django-trench.readthedocs.io/en/latest/?badge=latest
.. image:: https://img.shields.io/pypi/v/django-trench :target: https://pypi.org/project/django-trench/
| django-trench provides a set of REST API endpoints to supplement django-rest-framework_ with multi-factor authentication (MFA, 2FA). It supports both standard built-in authentication methods, as well as JWT (JSON Web Token).
| We deliver a couple of sample secondary authentication methods including sending OTP based code by:
YubiKey_| Developers can easily add their own authentication backends supporting any communication channel.
Features
django-rest-framework_backends_Supported versions
| If you are going to use JWT authentication:
djangorestframework-simplejwt_ >= 4.3.0Quick Start
.. code-block:: python
pip install django-trench
or add it to your requirements file.
trench library to INSTALLED_APPS in your app settings file:.. code-block:: python
INSTALLED_APPS = (
...,
'rest_framework',
'rest_framework.authtoken', # In case of implementing Token Based Authentication
...,
'trench',
)
3. Run migrations
| Read further in: installation_.
Translation
Trench uses Transifex service to translate our package into other languages.
We will appreciate your help with translation.
https://www.transifex.com/merixstudio/django-trench/dashboard/
.. _backends: https://django-trench.readthedocs.io/en/latest/backends.html .. _installation: https://django-trench.readthedocs.io/en/latest/installation.html .. _django-rest-framework: http://www.django-rest-framework.org .. _djoser: https://github.com/sunscrapers/djoser .. _django-rest-framework-jwt: https://github.com/GetBlimp/django-rest-framework-jwt .. _djangorestframework-simplejwt: https://github.com/davesque/django-rest-framework-simplejwt .. _YubiKey: https://www.yubico.com/
Local development
Clone the repo.
Crete virtual environment named e.g. :code:.venv:
.. code-block:: shell
virtualenv .venv
Activate the virtual environment:
.. code-block:: shell
source .venv/bin/activate
Install dependencies:
.. code-block:: shell
pip install black mypy
pip install -r testproject/requirements.txt
Set environment variables:
.. code-block:: shell
export PYTHONPATH=./testproject
export DJANGO_SETTINGS_MODULE=settings
export SECRET_KEY=YOURsecretGOEShere
Create a symbolic link to the :code:trench/ module inside the :code:testproject/ directory to emulate the :code:trench package being installed.
.. code-block:: shell
# make sure you run this command from the root directory of this project
ln -s $(pwd)/trench/ $(pwd)/testproject/trench
Check whether the tests are passing:
.. code-block:: shell
pytest --cov=testproject/trench testproject/tests/
Remember - anytime you change something in the :code:django-trench source code you need to re-build and re-install
the package (steps 6-7) for the changes to be present during e.g. running the tests.
[OPTIONAL] To make the tests run faster you can try to execute them in parallel.
To do so you need to install the :code:pytest-xdist package and run the tests
with additional parameter of :code:-n 8 where :code:8 stands for the number
of threads that will be spawned for executing the tests. Depending on the machine
you're using using this tool can speed up the test execution process up to 5 times.
.. code-block:: shell
pytest -n 8 --cov=testproject/trench testproject/tests/
FAQs
REST Multi-factor authentication package for Django
We found that django-trench demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Elastic’s return to open source with the AGPL license has been met with skepticism, as many developers see it as a strategic move rather than a genuine effort to restore user trust and freedoms.
Security News
A new "revival hijack" supply chain attack targets deleted Python packages, with an estimated 22K packages at risk. Socket can detect and block hijacked packages that have added malicious code.
Product
We're introducing a new Analytics feature in the Socket dashboard so you can view changes in your organization's and repositories' alerts over time.