This Django app adds two factor authentication to Wagtail. Behind the scenes it use django-otp_ which supports Time-based One-Time Passwords (TOTP). This allows you to use various apps like Authy, Google Authenticator, or 1Password.
.. _django-otp: https://django-otp-official.readthedocs.io
.. code-block:: shell
pip install wagtail-2fa
Then add the following lines to the INSTALLED_APPS list in your Django
settings:
.. code-block:: python
INSTALLED_APPS = [
# ...
'wagtail_2fa',
'django_otp',
'django_otp.plugins.otp_totp',
# ...
]
Next add the required middleware to the MIDDLEWARE. It should come
after the AuthenticationMiddleware:
.. code-block:: python
MIDDLEWARE = [
# .. other middleware
# 'django.contrib.auth.middleware.AuthenticationMiddleware',
'wagtail_2fa.middleware.VerifyUserMiddleware',
# 'wagtail.core.middleware.SiteMiddleware',
# .. other middleware
]
Migrate your database:
.. code-block:: shell
python manage.py migrate
The following settings are available (Set via your Django settings):
WAGTAIL_2FA_REQUIRED (default False): When set to True all
staff, superuser and other users with access to the Wagtail Admin site
are forced to login using two factor authentication.WAGTAIL_2FA_OTP_TOTP_NAME (default: False): The issuer name to
identify which site is which in your authenticator app. If not set and
WAGTAIL_SITE_NAME is defined it uses this. sets OTP_TOTP_ISSUER
under the hood.With the default VerifyUserMiddleware middleware, 2FA is enabled for every user.
To make 2FA optional, use the VerifyUserPermissionsMiddleware middleware instead.
To do so, use the VerifyUserPermissionsMiddleware middleware instead of the VerifyUserMiddleware in your Django settings:
.. code-block:: python
MIDDLEWARE = [
# ...
# 'wagtail_2fa.middleware.VerifyUserMiddleware',
'wagtail_2fa.middleware.VerifyUserPermissionsMiddleware',
# ...
]
When this middleware is used, a checkbox is added to the group permissions and 2FA can be enabled or disabled per group.
2FA is always enabled for superusers, regardless of the middleware used.
First create a new virtualenv with Python 3.8 and activate it. Then run the following commands:
.. code-block:: shell
make sandbox
You can then visit http://localhost:8000/admin/ and login with the following credentials:
superuser@example.comtestingFAQs
Two factor authentication for Wagtail
We found that wagtail-2fa demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 5 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
vlt's new "reproduce" tool verifies npm packages against their source code, outperforming traditional provenance adoption in the JavaScript ecosystem.
Research
Security News
Socket researchers uncovered a malicious PyPI package exploiting Deezer’s API to enable coordinated music piracy through API abuse and C2 server control.
Research
The Socket Research Team discovered a malicious npm package, '@ton-wallet/create', stealing cryptocurrency wallet keys from developers and users in the TON ecosystem.