Built-in two-factor authentication support #72
Comments
|
+1 I love this. I've implemented something similar in the past, but it was really annoying to subclass users way back without the nicer get_user_model() stuff ^^ |
|
Initial working version is at @5713598453ec2330188759d26aa201f01d44a409 Deciding whether or not we want to add a default view or URL configuration here. At the moment, any creation of a new user will send a verification SMS through the Leaving it completely empty means other developers can build around the authentication procedure and provide their own views and URL stuff, but I'm tempted to provide at least a template or "default". The downside to adding this in means it can break the flows or restrict how people might want to implement stuff. |
|
TODO:
|
|
Hey @phalt I realize we're over 3 years past your last message here, but is this still something you and others might appreciate? It seems cool, and entirely optional, too. |
Let's add two-factor authentication support to django-twilio as a "dropin" feature.
Basic flow
2FAUsersubclasses the standard Django user model with the following extra attributes:phone_number- the user's phone number2fa_code- a randomly generated 5 character string2fa_id- a randomly generated 20 character string for the verification view.verified- a boolean. True if user has entered their correct 2FA code, false if not. Default is False.2FAUseris created (i.e. - a user signs up), a Twilio sms message is sent to thephone_numberof the user with the2fa_codein it (options to set a custom message is also possible)./user/verify/{2fa_id}with an input form that takes the code sent via SMS, which can setverifiedtoTrueand redirects to a default page.The text was updated successfully, but these errors were encountered: