From 67221f0c7c6791c0d1d5320055e49a89dfa4d8e6 Mon Sep 17 00:00:00 2001 From: Luke Rogers Date: Mon, 2 Sep 2024 12:14:09 +1200 Subject: [PATCH] Start migrating to allauth internal MFA --- .isort.cfg | 2 +- apps/accounts/authentication.py | 4 ++-- .../migrations/0003_alter_user_first_name.py | 18 ++++++++++++++++++ apps/accounts/templates/account_nav.html | 2 +- .../migrations/0004_alter_page_options.py | 17 +++++++++++++++++ .../migrations/0009_alter_character_options.py | 17 +++++++++++++++++ docker-compose.yml | 2 +- foxtail/settings.py | 15 ++++++++++----- foxtail/urls.py | 1 - requirements.txt | 3 ++- 10 files changed, 69 insertions(+), 12 deletions(-) create mode 100644 apps/accounts/migrations/0003_alter_user_first_name.py create mode 100644 apps/content/migrations/0004_alter_page_options.py create mode 100644 apps/directory/migrations/0009_alter_character_options.py diff --git a/.isort.cfg b/.isort.cfg index 9f71b756..6888946c 100644 --- a/.isort.cfg +++ b/.isort.cfg @@ -3,6 +3,6 @@ line_length=100 skip_glob = */node_modules/*,*/.tox/*,*/.git/*,*/storage/* known_django = django known_first_party = foxtail_blog,foxtail_contact -known_third_party = allauth,allauth_2fa,captcha,cjswidget,crispy_forms,csp_helpers,django_cleanup,django_rq,environ,factory,faker,markdownfield,oidc_provider,published,pymdownx,pytest,pytest_factoryboy,pytz,rules,selenium,slugger,storages,structured_data,taggit,the_big_username_blacklist,versatileimagefield +known_third_party = allauth,captcha,cjswidget,crispy_forms,csp_helpers,django_cleanup,django_rq,environ,factory,faker,markdownfield,oidc_provider,published,pymdownx,pytest,pytest_factoryboy,pytz,rules,selenium,slugger,storages,structured_data,taggit,the_big_username_blacklist,versatileimagefield balanced_wrapping = True sections=FUTURE,STDLIB,DJANGO,THIRDPARTY,FIRSTPARTY,LOCALFOLDER diff --git a/apps/accounts/authentication.py b/apps/accounts/authentication.py index f57ebe6d..7f1c8015 100644 --- a/apps/accounts/authentication.py +++ b/apps/accounts/authentication.py @@ -1,12 +1,12 @@ from datetime import datetime +from allauth.account.adapter import DefaultAccountAdapter from allauth.account.utils import user_email, user_field, user_username from allauth.socialaccount.adapter import DefaultSocialAccountAdapter from allauth.utils import valid_email_or_none -from allauth_2fa.adapter import OTPAdapter -class AccountAdapter(OTPAdapter): +class AccountAdapter(DefaultAccountAdapter): def populate_username(self, request, user): """ overrides the base populate_username to not make use of first_name and last_name diff --git a/apps/accounts/migrations/0003_alter_user_first_name.py b/apps/accounts/migrations/0003_alter_user_first_name.py new file mode 100644 index 00000000..dcd30916 --- /dev/null +++ b/apps/accounts/migrations/0003_alter_user_first_name.py @@ -0,0 +1,18 @@ +# Generated by Django 4.2.15 on 2024-09-01 23:57 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ('accounts', '0002_add_username_blacklist'), + ] + + operations = [ + migrations.AlterField( + model_name='user', + name='first_name', + field=models.CharField(blank=True, max_length=150, verbose_name='first name'), + ), + ] diff --git a/apps/accounts/templates/account_nav.html b/apps/accounts/templates/account_nav.html index ea3a93f0..36f91be5 100644 --- a/apps/accounts/templates/account_nav.html +++ b/apps/accounts/templates/account_nav.html @@ -8,7 +8,7 @@ Email - + 2FA diff --git a/apps/content/migrations/0004_alter_page_options.py b/apps/content/migrations/0004_alter_page_options.py new file mode 100644 index 00000000..8397d0ca --- /dev/null +++ b/apps/content/migrations/0004_alter_page_options.py @@ -0,0 +1,17 @@ +# Generated by Django 4.2.15 on 2024-09-01 23:57 + +from django.db import migrations + + +class Migration(migrations.Migration): + + dependencies = [ + ('content', '0003_remove_fields'), + ] + + operations = [ + migrations.AlterModelOptions( + name='page', + options={'verbose_name': 'page', 'verbose_name_plural': 'pages'}, + ), + ] diff --git a/apps/directory/migrations/0009_alter_character_options.py b/apps/directory/migrations/0009_alter_character_options.py new file mode 100644 index 00000000..c14f86b2 --- /dev/null +++ b/apps/directory/migrations/0009_alter_character_options.py @@ -0,0 +1,17 @@ +# Generated by Django 4.2.15 on 2024-09-01 23:57 + +from django.db import migrations + + +class Migration(migrations.Migration): + + dependencies = [ + ('directory', '0008_dob_privacy'), + ] + + operations = [ + migrations.AlterModelOptions( + name='character', + options={'verbose_name': 'character', 'verbose_name_plural': 'characters'}, + ), + ] diff --git a/docker-compose.yml b/docker-compose.yml index d46d2558..fa0b1237 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -8,7 +8,7 @@ networks: services: db: - image: postgres:16 + image: postgres:15 networks: - primary environment: diff --git a/foxtail/settings.py b/foxtail/settings.py index cf76f985..ad848624 100644 --- a/foxtail/settings.py +++ b/foxtail/settings.py @@ -76,9 +76,9 @@ 'foxtail_contact', 'allauth', 'allauth.account', + 'allauth.mfa', 'allauth.socialaccount', 'allauth.socialaccount.providers.google', - 'allauth.socialaccount.providers.twitter', 'allauth.socialaccount.providers.discord', 'allauth.socialaccount.providers.github', 'anymail', @@ -86,7 +86,6 @@ 'django_otp.plugins.otp_totp', 'django_otp.plugins.otp_static', 'mail_templated_simple', - 'allauth_2fa', 'taggit', 'webpack_loader', 'crispy_forms', @@ -115,7 +114,6 @@ 'django.contrib.auth.middleware.AuthenticationMiddleware', 'allauth.account.middleware.AccountMiddleware', 'django_otp.middleware.OTPMiddleware', - 'allauth_2fa.middleware.AllauthTwoFactorMiddleware', 'django.contrib.messages.middleware.MessageMiddleware', 'django.contrib.sites.middleware.CurrentSiteMiddleware', 'oidc_provider.middleware.SessionManagementMiddleware', @@ -236,8 +234,15 @@ } } -# allauth 2FA -ALLAUTH_2FA_ALWAYS_REVEAL_BACKUP_TOKENS = False +# allauth-mfa + +MFA_FORMS = { + 'authenticate': 'allauth.mfa.base.forms.AuthenticateForm', + 'reauthenticate': 'allauth.mfa.base.forms.AuthenticateForm', + 'activate_totp': 'allauth.mfa.totp.forms.ActivateTOTPForm', + 'deactivate_totp': 'allauth.mfa.totp.forms.DeactivateTOTPForm', + 'generate_recovery_codes': 'allauth.mfa.recovery_codes.forms.GenerateRecoveryCodesForm', +} # OpenID Connect Provider # diff --git a/foxtail/urls.py b/foxtail/urls.py index 1cd10ad3..bc61cdec 100644 --- a/foxtail/urls.py +++ b/foxtail/urls.py @@ -42,7 +42,6 @@ path('admin/', admin.site.urls), path('openid/', include('oidc_provider.urls', namespace='oidc_provider')), path('accounts/', include('apps.accounts.urls')), - path('accounts/', include('allauth_2fa.urls')), path('accounts/', include('allauth.urls')), path('directory/', include('apps.directory.urls')), path('events/', include('apps.events.urls')), diff --git a/requirements.txt b/requirements.txt index cbd05c73..68905485 100644 --- a/requirements.txt +++ b/requirements.txt @@ -4,7 +4,7 @@ bleach==6.1.0 crispy-bootstrap5==2024.2 django==4.2.15 django-allauth==64.2.0 -django-allauth-2fa==0.11.1 +django-allauth[mfa]==64.2.0 django-anymail[mailgun]==11.1 django-braces==1.15.0 django-cjswidget==0.4.1 @@ -30,6 +30,7 @@ django-versatileimagefield==3.1 django-webpack-loader==3.1.1 factory-boy==3.3.1 faker==28.1.0 +fido2==1.1.3 foxtail-blog>=0.24.2 foxtail-contact>=0.6.0 whitenoise==6.7.0