Start migrating to allauth internal MFA

dmptrluke · Sep 2, 2024 · 67221f0 · 67221f0
1 parent 4899027
commit 67221f0
Show file tree

Hide file tree

Showing 10 changed files with 69 additions and 12 deletions.
diff --git a/.isort.cfg b/.isort.cfg
@@ -3,6 +3,6 @@ line_length=100
 skip_glob = */node_modules/*,*/.tox/*,*/.git/*,*/storage/*
 known_django = django
 known_first_party = foxtail_blog,foxtail_contact
-known_third_party = allauth,allauth_2fa,captcha,cjswidget,crispy_forms,csp_helpers,django_cleanup,django_rq,environ,factory,faker,markdownfield,oidc_provider,published,pymdownx,pytest,pytest_factoryboy,pytz,rules,selenium,slugger,storages,structured_data,taggit,the_big_username_blacklist,versatileimagefield
+known_third_party = allauth,captcha,cjswidget,crispy_forms,csp_helpers,django_cleanup,django_rq,environ,factory,faker,markdownfield,oidc_provider,published,pymdownx,pytest,pytest_factoryboy,pytz,rules,selenium,slugger,storages,structured_data,taggit,the_big_username_blacklist,versatileimagefield
 balanced_wrapping = True
 sections=FUTURE,STDLIB,DJANGO,THIRDPARTY,FIRSTPARTY,LOCALFOLDER
diff --git a/apps/accounts/authentication.py b/apps/accounts/authentication.py
@@ -1,12 +1,12 @@
 from datetime import datetime
 
+from allauth.account.adapter import DefaultAccountAdapter
 from allauth.account.utils import user_email, user_field, user_username
 from allauth.socialaccount.adapter import DefaultSocialAccountAdapter
 from allauth.utils import valid_email_or_none
-from allauth_2fa.adapter import OTPAdapter
 
 
-class AccountAdapter(OTPAdapter):
+class AccountAdapter(DefaultAccountAdapter):
     def populate_username(self, request, user):
         """
         overrides the base populate_username to not make use of first_name and last_name

diff --git a/apps/accounts/migrations/0003_alter_user_first_name.py b/apps/accounts/migrations/0003_alter_user_first_name.py
@@ -0,0 +1,18 @@
+# Generated by Django 4.2.15 on 2024-09-01 23:57
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('accounts', '0002_add_username_blacklist'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='user',
+            name='first_name',
+            field=models.CharField(blank=True, max_length=150, verbose_name='first name'),
+        ),
+    ]
diff --git a/apps/accounts/templates/account_nav.html b/apps/accounts/templates/account_nav.html
@@ -8,7 +8,7 @@
     <a class="nav-item nav-link{% if request.resolver_match.url_name == "account_email" %} active{% endif %}" href="{% url 'account_email' %}">
         Email
     </a>
-    <a class="nav-item nav-link{% if 'two-factor' in request.resolver_match.url_name %} active{% endif %}" href="{% url 'two-factor-setup' %}">
+    <a class="nav-item nav-link{% if 'two-factor' in request.resolver_match.url_name %} active{% endif %}" href="">
         2FA
     </a>
     <a class="nav-item nav-link{% if 'account_application' in request.resolver_match.url_name %} active{% endif %}" href="{% url 'account_application_list' %}">

diff --git a/apps/content/migrations/0004_alter_page_options.py b/apps/content/migrations/0004_alter_page_options.py
@@ -0,0 +1,17 @@
+# Generated by Django 4.2.15 on 2024-09-01 23:57
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('content', '0003_remove_fields'),
+    ]
+
+    operations = [
+        migrations.AlterModelOptions(
+            name='page',
+            options={'verbose_name': 'page', 'verbose_name_plural': 'pages'},
+        ),
+    ]
diff --git a/apps/directory/migrations/0009_alter_character_options.py b/apps/directory/migrations/0009_alter_character_options.py
@@ -0,0 +1,17 @@
+# Generated by Django 4.2.15 on 2024-09-01 23:57
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('directory', '0008_dob_privacy'),
+    ]
+
+    operations = [
+        migrations.AlterModelOptions(
+            name='character',
+            options={'verbose_name': 'character', 'verbose_name_plural': 'characters'},
+        ),
+    ]
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -8,7 +8,7 @@ networks:
 
 services:
   db:
-    image: postgres:16
+    image: postgres:15
     networks:
       - primary
     environment:

diff --git a/foxtail/settings.py b/foxtail/settings.py
@@ -76,17 +76,16 @@
     'foxtail_contact',
     'allauth',
     'allauth.account',
+    'allauth.mfa',
     'allauth.socialaccount',
     'allauth.socialaccount.providers.google',
-    'allauth.socialaccount.providers.twitter',
     'allauth.socialaccount.providers.discord',
     'allauth.socialaccount.providers.github',
     'anymail',
     'django_otp',
     'django_otp.plugins.otp_totp',
     'django_otp.plugins.otp_static',
     'mail_templated_simple',
-    'allauth_2fa',
     'taggit',
     'webpack_loader',
     'crispy_forms',
@@ -115,7 +114,6 @@
     'django.contrib.auth.middleware.AuthenticationMiddleware',
     'allauth.account.middleware.AccountMiddleware',
     'django_otp.middleware.OTPMiddleware',
-    'allauth_2fa.middleware.AllauthTwoFactorMiddleware',
     'django.contrib.messages.middleware.MessageMiddleware',
     'django.contrib.sites.middleware.CurrentSiteMiddleware',
     'oidc_provider.middleware.SessionManagementMiddleware',
@@ -236,8 +234,15 @@
     }
 }
 
-# allauth 2FA
-ALLAUTH_2FA_ALWAYS_REVEAL_BACKUP_TOKENS = False
+# allauth-mfa
+
+MFA_FORMS = {
+    'authenticate': 'allauth.mfa.base.forms.AuthenticateForm',
+    'reauthenticate': 'allauth.mfa.base.forms.AuthenticateForm',
+    'activate_totp': 'allauth.mfa.totp.forms.ActivateTOTPForm',
+    'deactivate_totp': 'allauth.mfa.totp.forms.DeactivateTOTPForm',
+    'generate_recovery_codes': 'allauth.mfa.recovery_codes.forms.GenerateRecoveryCodesForm',
+}
 
 # OpenID Connect Provider
 # <https://django-oidc-provider.readthedocs.io/en/latest/>

diff --git a/foxtail/urls.py b/foxtail/urls.py
@@ -42,7 +42,6 @@
     path('admin/', admin.site.urls),
     path('openid/', include('oidc_provider.urls', namespace='oidc_provider')),
     path('accounts/', include('apps.accounts.urls')),
-    path('accounts/', include('allauth_2fa.urls')),
     path('accounts/', include('allauth.urls')),
     path('directory/', include('apps.directory.urls')),
     path('events/', include('apps.events.urls')),

diff --git a/requirements.txt b/requirements.txt
@@ -4,7 +4,7 @@ bleach==6.1.0
 crispy-bootstrap5==2024.2
 django==4.2.15
 django-allauth==64.2.0
-django-allauth-2fa==0.11.1
+django-allauth[mfa]==64.2.0
 django-anymail[mailgun]==11.1
 django-braces==1.15.0
 django-cjswidget==0.4.1
@@ -30,6 +30,7 @@ django-versatileimagefield==3.1
 django-webpack-loader==3.1.1
 factory-boy==3.3.1
 faker==28.1.0
+fido2==1.1.3
 foxtail-blog>=0.24.2
 foxtail-contact>=0.6.0
 whitenoise==6.7.0