Conversation
|
@Bouke Please check if the following change is required or not. If yes, Please share if you want any modifications as well. |
Codecov Report
@@ Coverage Diff @@
## master #284 +/- ##
==========================================
- Coverage 96.52% 95.84% -0.69%
==========================================
Files 39 40 +1
Lines 1640 1660 +20
Branches 116 118 +2
==========================================
+ Hits 1583 1591 +8
- Misses 35 47 +12
Partials 22 22
Continue to review full report at Codecov.
|
moggers87
left a comment
moggers87
left a comment
There was a problem hiding this comment.
As well as my comments, there are also no tests.
| """Wrap around actual Admin calls.""" | ||
| response = self.get_response(request) | ||
| if resolve(request.path).app_name == 'two_factor' or ( | ||
| resolve(request.path).url_name == 'logout'): |
There was a problem hiding this comment.
How do we know the logout URL is called logout?
two_factor/middleware/enforce2fa.py
Outdated
There was a problem hiding this comment.
This code won't limit itself to just the admin site as it makes no such check. Either code needs to do what the comment says or the comment needs changing.
two_factor/middleware/enforce2fa.py
Outdated
There was a problem hiding this comment.
This package still supports Python 2.7 for Django 1.11, so that should be a subclass of object.
2 participants
Description
As far as I know, The current 2FA enforcement involves admin intervention. With the following change, people can directly include middleware in the settings file and things will work out of the box.
Motivation and Context
We are using this software for in our django app. We wanted to enforce 2FA. But the existing solution doesn't allowed the free movement and stopped the user from moving forward if the user has not enabled 2FA.
We wanted it differently, we wanted the users to move forward but only to the urls where the user can either
logoutor enable 2FA.How Has This Been Tested?
Screenshots (if appropriate):
Types of changes
Checklist: