Metadata-Version: 2.1
Name: wagtail-2fa
Version: 1.3.3
Summary: Two factor authentication for Wagtail
Home-page: https://github.com/LabD/wagtail-2fa
Author: Lab Digital
Author-email: opensource@labdigital.nl
License: MIT
Platform: UNKNOWN
Classifier: Development Status :: 3 - Alpha
Classifier: Environment :: Web Environment
Classifier: Framework :: Django
Classifier: Framework :: Django :: 1.11
Classifier: Framework :: Django :: 2.0
Classifier: License :: OSI Approved :: MIT License
Classifier: Programming Language :: Python
Classifier: Programming Language :: Python :: 3.6
Requires-Dist: Django (>=1.11.26)
Requires-Dist: Wagtail (>=2.1)
Requires-Dist: django-otp (>=0.7.4)
Requires-Dist: six (>=1.1)
Requires-Dist: qrcode (>=6.1)
Provides-Extra: docs
Requires-Dist: sphinx (>=1.4.0) ; extra == 'docs'
Requires-Dist: sphinx-rtd-theme (>=0.4.3) ; extra == 'docs'
Provides-Extra: test
Requires-Dist: coverage (==.4.2) ; extra == 'test'
Requires-Dist: pytest (==3.6.0) ; extra == 'test'
Requires-Dist: pytest-cov (==2.5.1) ; extra == 'test'
Requires-Dist: pytest-django (==3.7.0) ; extra == 'test'
Requires-Dist: isort (==4.2.5) ; extra == 'test'
Requires-Dist: flake8 (==3.0.3) ; extra == 'test'
Requires-Dist: flake8-blind-except (==0.1.1) ; extra == 'test'
Requires-Dist: flake8-debugger (==1.4.0) ; extra == 'test'



===========
wagtail-2fa
===========

This Django app add's two factor authentication to Wagtail. Behind the scenes
it use django-otp_ which supports Time-based One-Time Passwords (TOTP). This
allows you to use various apps like Authy, Google Authenticator, or
1Password.


.. _django-otp: https://django-otp-official.readthedocs.io


Installation
============

.. code-block:: shell

   pip install wagtail-2fa


Then add the following lines to the ``INSTALLED_APPS`` list in your Django
settings:

.. code-block:: python

    INSTALLED_APPS = [
        # ...
        'wagtail_2fa',
        'django_otp',
        'django_otp.plugins.otp_totp',
        # ...
    ]

Add the following line to the ``MIDDLEWARE`` list in your Django settings:

.. code-block:: python

    MIDDLEWARE = [
        # ...
        'wagtail_2fa.middleware.VerifyUserMiddleware',
        # ...
    ]

Migrate your database:

.. code-block:: shell

   python manage.py migrate

Next add the required middleware to the ``MIDDLEWARE``. It should come
after the AuthenticationMiddleware:

.. code-block:: python

    MIDDLEWARE = [
        # .. other middleware
        # 'django.contrib.auth.middleware.AuthenticationMiddleware',

        'wagtail_2fa.middleware.VerifyUserMiddleware',

        # 'wagtail.core.middleware.SiteMiddleware',
        # .. other middleware
    ]


Settings
========

The following settings are available (Set via your Django settings):

    - ``WAGTAIL_2FA_REQUIRED`` (default ``False``): When set to True all
      staff, superuser and other users with access to the Wagtail Admin site
      are forced to login using two factor authentication.
    - ``WAGTAIL_MOUNT_PATH`` (default: ``''``): The uWSGI mount point that
      Wagtail is running at. Ex. ``/wagtail``
    - ``WAGTAIL_2FA_OTP_TOTP_NAME`` (default: ``False``): The issuer name to
      identify which site is which in your authenticator app. If not set and
      ``WAGTAIL_SITE_NAME`` is defined it uses this. sets ``OTP_TOTP_ISSUER``
      under the hood.


Making 2FA optional
===================

With the default ``VerifyUserMiddleware`` middleware, 2FA is enabled for every user.
To make 2FA optional, use the ``VerifyUserPermissionsMiddleware`` middleware instead.

To do so, use the ``VerifyUserPermissionsMiddleware`` middleware instead of the ``VerifyUserMiddleware`` in your Django settings:

.. code-block:: python

    MIDDLEWARE = [
        # ...
        # 'wagtail_2fa.middleware.VerifyUserMiddleware',
        'wagtail_2fa.middleware.VerifyUserPermissionsMiddleware',
        # ...
    ]

When this middleware is used, a checkbox is added to the group permissions
and 2FA can be enabled or disabled per group.

2FA is always enabled for superusers, regardless of the middleware used.

Sandbox
=======
First create a new virtualenv with Python 3.6.1 and activate it. Then run
the following commands:

    - make sandbox

You can then visit http://localhost:8000/admin/ and login with the following
credentials:

    - E-mail: superuser@example.com
    - Password: testing


