Re: Should contrib.auth include support for 2fa out of the box?

2017-06-13 Thread m . levental
I would like to explain a potential solution I have been working on (See commit https://github.com/mlevental/django/commit/51dbaa6748076e06d91b361c2fa60ecf24f5c27e

Re: Should contrib.auth include support for 2fa out of the box?

2017-06-13 Thread m . levental
I would like to explain a potential solution I have been working on (See commit https://github.com/mlevental/django/tree/ticket_25612). I think it's not complete but I don't have the time to continue working on it. *Overview:* - In order to check if a user is authenticated with one or two fa

Re: Should contrib.auth include support for 2fa out of the box?

2016-10-03 Thread Aymeric Augustin
Hello, FYI django-two-factor-auth builds upon django-otp; they aren't alternatives. This is an ambitious project. I suggest to start by getting a better understanding of what these libraries do, what the different scenarios for two factor authentication are, and writing a DEP to describe the A

Re: Should contrib.auth include support for 2fa out of the box?

2016-10-03 Thread m . levental
I would like to work on this ticket. As for the implementation there doesn't seem to be much choice. The implementation with the most features is from Bouke . It supports U2F, TOTP, SMS and phone call (with Twilio by default). Beside that one onl

Re: Should contrib.auth include support for 2fa out of the box?

2015-10-27 Thread bliyanage
+1 This sounds like a great feature, depending on the implementation. On Monday, October 26, 2015 at 10:22:46 AM UTC-7, Tim Graham wrote: > > On Trac [1], Alex says, "Django did a tremendous service to its users by > making strong password hashing be the default. The world is pushing > forward,

Re: Should contrib.auth include support for 2fa out of the box?

2015-10-27 Thread Florian Apolloner
On Tuesday, October 27, 2015 at 12:46:47 AM UTC+1, Joey Wilhelm wrote: > > Fwiw, 2fa is on my short list of things to implement into my current > project. It's a fairly important feature to me, as this is a financial > project. And that particular implementation is precisely what I was looking

Re: Should contrib.auth include support for 2fa out of the box?

2015-10-27 Thread Florian Apolloner
Yes, I would like to see that in contrib.auth, which will require rewriting the backends and introduce a auth pipeline ala django-social-auth (has/had) -- I was planning to get some thoughts about that on DUTH. Also see this (short) twitter discussion: https://twitter.com/jacobian/status/651527

Re: Should contrib.auth include support for 2fa out of the box?

2015-10-26 Thread Dheerendra Rathor
Other then u2f and TOTP, I'll favour for email and sms (using external api like twilio) based OTP as well. Keeping different pluggable backends will be better in my opinion. On Tue, 27 Oct 2015 at 07:01 Russell Keith-Magee wrote: > > +1. Sounds like a great idea to me. > > Russ %-) > > On Tue, O

Re: Should contrib.auth include support for 2fa out of the box?

2015-10-26 Thread Russell Keith-Magee
+1. Sounds like a great idea to me. Russ %-) On Tue, Oct 27, 2015 at 1:22 AM, Tim Graham wrote: > On Trac [1], Alex says, "Django did a tremendous service to its users by > making strong password hashing be the default. The world is pushing > forward, and now 2fa is the next standard that many

Re: Should contrib.auth include support for 2fa out of the box?

2015-10-26 Thread Joey Wilhelm
Fwiw, 2fa is on my short list of things to implement into my current project. It's a fairly important feature to me, as this is a financial project. And that particular implementation is precisely what I was looking to use. I would happily contribute money and/or time toward this implementation, es

Re: Should contrib.auth include support for 2fa out of the box?

2015-10-26 Thread Josh Smeaton
Having pluggable 2fa backends is a great idea. Many sites that allow 2fa have it as an option per user. I would think Django would allow the same. Allow admins to force 2fa, or allow Users to choose if they'd like it enabled. There'd have to be ORM/Model support (presumably) for user choices. A

Re: Should contrib.auth include support for 2fa out of the box?

2015-10-26 Thread Aymeric Augustin
On 26 oct. 2015, at 18:22, Tim Graham wrote: > What do you think? I would very much like Django to have 2FA out of the box. Let’s bring django.contrib.auth kicking and screaming into the 2010’s ;-) I even considered crowdfunding it but that didn’t go much beyond idle thoughts. -- Aymeric. --

Re: Should contrib.auth include support for 2fa out of the box?

2015-10-26 Thread Donald Stufft
I agree with Alex, no idea about that particular implementation though. It supports a lot of different implementations of two factor, though I suspect Django wouldn’t need all of those things. I think it would be reasonable to define something like auth_backends, but for 2fa and just ship u2f an

Should contrib.auth include support for 2fa out of the box?

2015-10-26 Thread Tim Graham
On Trac [1], Alex says, "Django did a tremendous service to its users by making strong password hashing be the default. The world is pushing forward, and now 2fa is the next standard that many sites fail to meet. Django should include support for 2fa out of the box, ideally with support for b