[Django] #25612: django.contrib.auth should include support for 2fa out of the box

47 views
Skip to first unread message

Django

unread,
Oct 26, 2015, 12:40:27 PM10/26/15
to django-...@googlegroups.com
#25612: django.contrib.auth should include support for 2fa out of the box
----------------------------------------+------------------------
Reporter: alex | Owner: nobody
Type: New feature | Status: new
Component: contrib.auth | Version: master
Severity: Normal | Keywords:
Triage Stage: Unreviewed | Has patch: 0
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 | Easy pickings: 0
UI/UX: 0 |
----------------------------------------+------------------------
Django did a tremendous service to its users by making strong password
hashing be the default. The world is pushing forward, and now 2fa is the
next standard that many sites fail to meet.

Django should include support for 2fa out of the box, ideally with support
for both u2f and TOTP (Google Authenticator).

--
Ticket URL: <https://code.djangoproject.com/ticket/25612>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

Django

unread,
Oct 26, 2015, 1:23:33 PM10/26/15
to django-...@googlegroups.com
#25612: django.contrib.auth should include support for 2fa out of the box
------------------------------+-----------------------------------------

Reporter: alex | Owner: nobody
Type: New feature | Status: new
Component: contrib.auth | Version: master
Severity: Normal | Resolution:
Keywords: | Triage Stage: Someday/Maybe

Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
------------------------------+-----------------------------------------
Changes (by timgraham):

* stage: Unreviewed => Someday/Maybe


Comment:

[https://groups.google.com/d/topic/django-
developers/T-kBSvry6z0/discussion django-developers] discussion.

--
Ticket URL: <https://code.djangoproject.com/ticket/25612#comment:1>

Django

unread,
Oct 27, 2015, 10:57:53 AM10/27/15
to django-...@googlegroups.com
#25612: django.contrib.auth should include support for 2fa out of the box
------------------------------+------------------------------------

Reporter: alex | Owner: nobody
Type: New feature | Status: new
Component: contrib.auth | Version: master
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted

Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
------------------------------+------------------------------------
Changes (by timgraham):

* stage: Someday/Maybe => Accepted


Comment:

The reception on the mailing list has been positive.

--
Ticket URL: <https://code.djangoproject.com/ticket/25612#comment:2>

Django

unread,
Oct 29, 2015, 6:31:21 PM10/29/15
to django-...@googlegroups.com
#25612: django.contrib.auth should include support for 2fa out of the box
------------------------------+------------------------------------

Reporter: alex | Owner: nobody
Type: New feature | Status: new
Component: contrib.auth | Version: master
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
------------------------------+------------------------------------
Changes (by MoritzS):

* cc: moritz.sichert@… (added)


--
Ticket URL: <https://code.djangoproject.com/ticket/25612#comment:3>

Django

unread,
Oct 29, 2015, 10:40:56 PM10/29/15
to django-...@googlegroups.com
#25612: django.contrib.auth should include support for 2fa out of the box
------------------------------+------------------------------------

Reporter: alex | Owner: nobody
Type: New feature | Status: new
Component: contrib.auth | Version: master
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
------------------------------+------------------------------------
Changes (by DheerendraRathor):

* cc: dheeru.rathor14@… (added)


--
Ticket URL: <https://code.djangoproject.com/ticket/25612#comment:4>

Django

unread,
May 19, 2016, 6:59:55 PM5/19/16
to django-...@googlegroups.com
#25612: django.contrib.auth should include support for 2fa out of the box
------------------------------+------------------------------------

Reporter: alex | Owner: nobody
Type: New feature | Status: new
Component: contrib.auth | Version: master
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
------------------------------+------------------------------------
Changes (by edmorley):

* cc: emorley@… (added)


--
Ticket URL: <https://code.djangoproject.com/ticket/25612#comment:5>

Django

unread,
Oct 3, 2016, 10:17:49 AM10/3/16
to django-...@googlegroups.com
#25612: django.contrib.auth should include support for 2fa out of the box
------------------------------+-------------------------------------
Reporter: Alex Gaynor | Owner: mlevental
Type: New feature | Status: assigned
Component: contrib.auth | Version: master

Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
------------------------------+-------------------------------------
Changes (by mlevental):

* cc: m.levental@… (added)
* status: new => assigned
* owner: nobody => mlevental


--
Ticket URL: <https://code.djangoproject.com/ticket/25612#comment:6>

Django

unread,
Nov 22, 2016, 12:10:34 PM11/22/16
to django-...@googlegroups.com
#25612: django.contrib.auth should include support for 2fa out of the box
------------------------------+-------------------------------------
Reporter: Alex Gaynor | Owner: mlevental
Type: New feature | Status: assigned
Component: contrib.auth | Version: master

Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
------------------------------+-------------------------------------

Comment (by mlevental):

It should be distinguishable if a user is authenticated with 1 factor or
2, e.g. for checking if the user is already authenticated with the
required number of factors so relogging can be omitted. Therefore a field
like {{{is_two_factor_authenticated}}} can be added to the {{{User}}}
model.

But then it would be unclear whether the existing field
{{{is_authenticated}}} means the user is authenticated with 1 or 2
factors.
To find that out one would have to additionally check for the value of
{{{is_two_factor_authenticated}}} and this would be cumbersome.
For convenience another field like {{{is_one_factor_authenticated}}} could
be introduced. And to make {{{is_authenticated}}} behave correctly it
should return {{{True}}} if either {{{is_one_factor_authenticated}}} or
{{{is_two_factor_authenticated}}} is {{{True}}}.

What are your thoughts on that?

--
Ticket URL: <https://code.djangoproject.com/ticket/25612#comment:7>

Django

unread,
Nov 22, 2016, 1:25:35 PM11/22/16
to django-...@googlegroups.com
#25612: django.contrib.auth should include support for 2fa out of the box
------------------------------+-------------------------------------
Reporter: Alex Gaynor | Owner: mlevental
Type: New feature | Status: assigned
Component: contrib.auth | Version: master

Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
------------------------------+-------------------------------------

Comment (by Tim Graham):

It would be better to put together a proposal and and post it on the
DevelopersMailingList. That reaches a wider audience that the few people
following the ticket.

--
Ticket URL: <https://code.djangoproject.com/ticket/25612#comment:8>

Django

unread,
Jun 28, 2017, 3:57:42 PM6/28/17
to django-...@googlegroups.com
#25612: django.contrib.auth should include support for 2fa out of the box
------------------------------+------------------------------------
Reporter: Alex Gaynor | Owner: (none)

Type: New feature | Status: new
Component: contrib.auth | Version: master
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
------------------------------+------------------------------------
Changes (by mlevental):

* status: assigned => new
* owner: mlevental => (none)


--
Ticket URL: <https://code.djangoproject.com/ticket/25612#comment:9>

Django

unread,
May 2, 2022, 3:57:59 PM5/2/22
to django-...@googlegroups.com
#25612: django.contrib.auth should include support for 2fa out of the box
------------------------------+---------------------------------------
Reporter: Alex Gaynor | Owner: theExplorer

Type: New feature | Status: assigned
Component: contrib.auth | Version: dev

Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
------------------------------+---------------------------------------
Changes (by theExplorer):

* owner: (none) => theExplorer


* status: new => assigned


--
Ticket URL: <https://code.djangoproject.com/ticket/25612#comment:10>

Django

unread,
Sep 21, 2022, 9:11:05 AM9/21/22
to django-...@googlegroups.com
#25612: django.contrib.auth should include support for 2fa out of the box
------------------------------+---------------------------------------
Reporter: Alex Gaynor | Owner: theExplorer
Type: New feature | Status: assigned
Component: contrib.auth | Version: dev
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
------------------------------+---------------------------------------
Changes (by Mariusz Felisiak):

* cc: justinmayer (added)


--
Ticket URL: <https://code.djangoproject.com/ticket/25612#comment:11>

Django

unread,
Nov 13, 2023, 8:02:00 AM11/13/23
to django-...@googlegroups.com
#25612: django.contrib.auth should include support for 2fa out of the box
------------------------------+---------------------------------------
Reporter: Alex Gaynor | Owner: theExplorer
Type: New feature | Status: assigned
Component: contrib.auth | Version: dev
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
------------------------------+---------------------------------------
Changes (by Tom Carrick):

* cc: Tom Carrick (added)


--
Ticket URL: <https://code.djangoproject.com/ticket/25612#comment:12>

Reply all
Reply to author
Forward
0 new messages