#25612: django.contrib.auth should include support for 2fa out of the box
------------------------------+-------------------------------------
Reporter: Alex Gaynor | Owner: mlevental
Type: New feature | Status: assigned
Component: contrib.auth | Version: master
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
------------------------------+-------------------------------------
Comment (by mlevental):
It should be distinguishable if a user is authenticated with 1 factor or
2, e.g. for checking if the user is already authenticated with the
required number of factors so relogging can be omitted. Therefore a field
like {{{is_two_factor_authenticated}}} can be added to the {{{User}}}
model.
But then it would be unclear whether the existing field
{{{is_authenticated}}} means the user is authenticated with 1 or 2
factors.
To find that out one would have to additionally check for the value of
{{{is_two_factor_authenticated}}} and this would be cumbersome.
For convenience another field like {{{is_one_factor_authenticated}}} could
be introduced. And to make {{{is_authenticated}}} behave correctly it
should return {{{True}}} if either {{{is_one_factor_authenticated}}} or
{{{is_two_factor_authenticated}}} is {{{True}}}.
What are your thoughts on that?
--
Ticket URL: <https://code.djangoproject.com/ticket/25612#comment:7>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/062.fd5a6439b6b524a0980b6e226a394347%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.