From 22e99502cb75745f305535de5cd156b1b3c327ce Mon Sep 17 00:00:00 2001 From: Jake Howard Date: Thu, 1 Sep 2022 08:53:54 +0100 Subject: [PATCH] Add 2FA This should only be required in production, but we'll see how it goes. It doesn't work quite how I expected it to. --- requirements/base.in | 1 + requirements/base.txt | 9 ++++++--- requirements/dev.txt | 9 ++++++--- website/settings.py | 5 +++++ 4 files changed, 18 insertions(+), 6 deletions(-) diff --git a/requirements/base.in b/requirements/base.in index d9216cf..4708fc6 100644 --- a/requirements/base.in +++ b/requirements/base.in @@ -22,6 +22,7 @@ django-plausible sentry-sdk wagtail-favicon django-sri +wagtail-2fa # Pinned due to lack of Wagtail 3 support git+https://github.com/wagtail/wagtail-autocomplete@03f46a0c256989690d0a43fc21fe0f37f9ede765 diff --git a/requirements/base.txt b/requirements/base.txt index 6d473a6..9fd03c1 100644 --- a/requirements/base.txt +++ b/requirements/base.txt @@ -15,11 +15,12 @@ click==8.1.3 # via rq coreapi==2.3.3 # via drf-yasg coreschema==0.0.4 # via coreapi, drf-yasg deprecated==1.2.13 # via redis -django==4.0.6 # via -r requirements/base.in, django-filter, django-htmx, django-modelcluster, django-permissionedforms, django-plausible, django-redis, django-rq, django-sri, django-taggit, django-treebeard, djangorestframework, drf-yasg, wagtail +django==4.0.6 # via -r requirements/base.in, django-filter, django-htmx, django-modelcluster, django-otp, django-permissionedforms, django-plausible, django-redis, django-rq, django-sri, django-taggit, django-treebeard, djangorestframework, drf-yasg, wagtail, wagtail-2fa django-environ==0.9.0 # via -r requirements/base.in django-filter==21.1 # via wagtail django-htmx==1.12.1 # via -r requirements/base.in django-modelcluster==6.0 # via wagtail +django-otp==1.1.3 # via wagtail-2fa django-permissionedforms==0.1 # via wagtail django-plausible==0.3.0 # via -r requirements/base.in django-redis==5.2.0 # via -r requirements/base.in @@ -49,20 +50,22 @@ psycopg2==2.9.3 # via -r requirements/base.in pygments==2.13.0 # via -r requirements/base.in pyparsing==3.0.9 # via packaging pytz==2022.1 # via django-modelcluster, djangorestframework, drf-yasg, l18n +qrcode==7.3.1 # via wagtail-2fa redis==4.3.4 # via django-redis, django-rq, rq requests==2.28.1 # via -r requirements/base.in, coreapi, wagtail, wagtail-generic-chooser rq==1.10.1 # via django-rq ruamel-yaml==0.17.21 # via drf-yasg ruamel-yaml-clib==0.2.6 # via ruamel-yaml sentry-sdk==1.9.5 # via -r requirements/base.in -six==1.16.0 # via html5lib, l18n +six==1.16.0 # via html5lib, l18n, wagtail-2fa soupsieve==2.3.2.post1 # via beautifulsoup4 sqlparse==0.4.2 # via django tablib[xls,xlsx]==3.2.1 # via wagtail telepath==0.2 # via wagtail uritemplate==4.1.1 # via coreapi, drf-yasg urllib3==1.26.11 # via requests, sentry-sdk -wagtail==3.0.1 # via -r requirements/base.in, wagtail-autocomplete, wagtail-draftail-snippet, wagtail-metadata +wagtail==3.0.1 # via -r requirements/base.in, wagtail-2fa, wagtail-autocomplete, wagtail-draftail-snippet, wagtail-metadata +wagtail-2fa==1.6.0 # via -r requirements/base.in wagtail-autocomplete @ git+https://github.com/wagtail/wagtail-autocomplete@03f46a0c256989690d0a43fc21fe0f37f9ede765 # via -r requirements/base.in wagtail-draftail-snippet==0.4.1 # via -r requirements/base.in wagtail-favicon==0.2.0 # via -r requirements/base.in diff --git a/requirements/dev.txt b/requirements/dev.txt index 2dd0c64..a677aef 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -20,13 +20,14 @@ coreschema==0.0.4 # via -r requirements/base.txt, coreapi, drf-yasg coverage==6.4.4 # via -r requirements/dev.in curlylint==0.13.1 # via -r requirements/dev.in deprecated==1.2.13 # via -r requirements/base.txt, redis -django==4.0.6 # via -r requirements/base.txt, django-browser-reload, django-debug-toolbar, django-filter, django-htmx, django-modelcluster, django-permissionedforms, django-plausible, django-redis, django-rq, django-sri, django-taggit, django-treebeard, djangorestframework, drf-yasg, wagtail +django==4.0.6 # via -r requirements/base.txt, django-browser-reload, django-debug-toolbar, django-filter, django-htmx, django-modelcluster, django-otp, django-permissionedforms, django-plausible, django-redis, django-rq, django-sri, django-taggit, django-treebeard, djangorestframework, drf-yasg, wagtail, wagtail-2fa django-browser-reload==1.6.0 # via -r requirements/dev.in django-debug-toolbar==3.5.0 # via -r requirements/dev.in django-environ==0.9.0 # via -r requirements/base.txt django-filter==21.1 # via -r requirements/base.txt, wagtail django-htmx==1.12.1 # via -r requirements/base.txt django-modelcluster==6.0 # via -r requirements/base.txt, wagtail +django-otp==1.1.3 # via -r requirements/base.txt, wagtail-2fa django-permissionedforms==0.1 # via -r requirements/base.txt, wagtail django-plausible==0.3.0 # via -r requirements/base.txt django-redis==5.2.0 # via -r requirements/base.txt @@ -73,13 +74,14 @@ pygments==2.13.0 # via -r requirements/base.txt pyparsing==3.0.9 # via -r requirements/base.txt, packaging python-dateutil==2.8.2 # via faker pytz==2022.1 # via -r requirements/base.txt, django-modelcluster, djangorestframework, drf-yasg, l18n +qrcode==7.3.1 # via -r requirements/base.txt, wagtail-2fa redis==4.3.4 # via -r requirements/base.txt, django-redis, django-rq, rq requests==2.28.1 # via -r requirements/base.txt, coreapi, wagtail, wagtail-generic-chooser rq==1.10.1 # via -r requirements/base.txt, django-rq ruamel-yaml==0.17.21 # via -r requirements/base.txt, drf-yasg ruamel-yaml-clib==0.2.6 # via -r requirements/base.txt, ruamel-yaml sentry-sdk==1.9.5 # via -r requirements/base.txt -six==1.16.0 # via -r requirements/base.txt, html5lib, l18n, python-dateutil +six==1.16.0 # via -r requirements/base.txt, html5lib, l18n, python-dateutil, wagtail-2fa soupsieve==2.3.2.post1 # via -r requirements/base.txt, beautifulsoup4 sqlparse==0.4.2 # via -r requirements/base.txt, django, django-debug-toolbar tablib[xls,xlsx]==3.2.1 # via -r requirements/base.txt, wagtail @@ -91,7 +93,8 @@ types-urllib3==1.26.17 # via types-requests typing-extensions==4.3.0 # via mypy uritemplate==4.1.1 # via -r requirements/base.txt, coreapi, drf-yasg urllib3==1.26.11 # via -r requirements/base.txt, requests, sentry-sdk -wagtail==3.0.1 # via -r requirements/base.txt, wagtail-autocomplete, wagtail-draftail-snippet, wagtail-factories, wagtail-metadata +wagtail==3.0.1 # via -r requirements/base.txt, wagtail-2fa, wagtail-autocomplete, wagtail-draftail-snippet, wagtail-factories, wagtail-metadata +wagtail-2fa==1.6.0 # via -r requirements/base.txt wagtail-autocomplete @ git+https://github.com/wagtail/wagtail-autocomplete@03f46a0c256989690d0a43fc21fe0f37f9ede765 # via -r requirements/base.txt wagtail-draftail-snippet==0.4.1 # via -r requirements/base.txt wagtail-factories==3.1.0 # via -r requirements/dev.in diff --git a/website/settings.py b/website/settings.py index 654d047..dd19c2b 100644 --- a/website/settings.py +++ b/website/settings.py @@ -69,6 +69,9 @@ INSTALLED_APPS = [ "plausible", "plausible.contrib.wagtail", "sri", + "wagtail_2fa", + "django_otp", + "django_otp.plugins.otp_totp", "django.contrib.auth", "django.contrib.contenttypes", "django.contrib.sessions", @@ -87,6 +90,7 @@ MIDDLEWARE = [ "django.contrib.sessions.middleware.SessionMiddleware", "django.middleware.csrf.CsrfViewMiddleware", "django.contrib.auth.middleware.AuthenticationMiddleware", + "wagtail_2fa.middleware.VerifyUserMiddleware", "django.contrib.messages.middleware.MessageMiddleware", "wagtail.contrib.redirects.middleware.RedirectMiddleware", "django_htmx.middleware.HtmxMiddleware", @@ -143,6 +147,7 @@ USE_L10N = True USE_TZ = True +WAGTAIL_2FA_REQUIRED = not DEBUG # Static files (CSS, JavaScript, Images) # https://docs.djangoproject.com/en/4.0/howto/static-files/