Is anyone working on a two-step login for auth? (Sometimes called two factor authentication)
293 views
Skip to first unread message
Cliff Kachinske
unread,
May 1, 2013, 4:36:43 PM5/1/13
Reply to author
Sign in to reply to author
Forward
Sign in to forward
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to web...@googlegroups.com
If so, can you share the code?
If not, I will put it on my todo list, but there are a lot of things in front of it.
Thanks,
Cliff Kachinske
PN
unread,
Apr 24, 2014, 2:29:52 PM4/24/14
Reply to author
Sign in to reply to author
Forward
Sign in to forward
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to web...@googlegroups.com
I just implemented two-factor authentication in an app that I am working on. Unfortunately it required changing the login() method of the gluon/tools.py file directly, there was no mechanism that would allow a secondary login requirements. Is this still useful? If someone is more experienced in web2py authentication and can point me in the right direction, I can try to make a patch for it.
If there is interest, I can clean out the customer/private information from the code and upload a version somewhere.
Massimo Di Pierro
unread,
Apr 24, 2014, 10:01:08 PM4/24/14
Reply to author
Sign in to reply to author
Forward
Sign in to forward
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to web...@googlegroups.com
Very much useful. Is should go in web2py
Michele Comitini
unread,
Apr 25, 2014, 6:16:15 AM4/25/14
Reply to author
Sign in to reply to author
Forward
Sign in to forward
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to web...@googlegroups.com
@PN can you make a fork on github and create a pull request with your
modifications? I agree with Massimo that it is very useful for
web2py!
2014-04-25 4:01 GMT+02:00 Massimo Di Pierro <massimo....@gmail.com>:
> Very much useful. Is should go in web2py
>
The two-step verification in this pull can be activated on a per-user basis by adding the user to a group named 'web2py Two-Step Authentication'. This string is hard-coded in the code. If a user logs in successfully with their username and password, and they are a part of this group, then the two-step functionality is enabled. The server sends an email to the user's registered email address with a random code. The user has 4 tries to enter this code before they are logged out and must enter username/password again.
Possible future enhancements:
Add some ability to customize. Let people create their own two-step auth methods (like the extended_login functionality)
Add TOTP based two-factor authentication instead of sending email (there is already a MOTP plugin for web2py that can be used as base)
On Wednesday, May 1, 2013 4:36:43 PM UTC-4, Cliff Kachinske wrote:
pallav
unread,
Apr 27, 2014, 10:10:07 PM4/27/14
Reply to author
Sign in to reply to author
Forward
Sign in to forward
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to web...@googlegroups.com
For anyone wondering on the status, my code causes the unit tests for web services to break. I plan on looking into it over the next couple of days.
thehuman trashcan
unread,
Apr 29, 2014, 4:57:49 AM4/29/14
Reply to author
Sign in to reply to author
Forward
Sign in to forward
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to web...@googlegroups.com
Thanks for working on this! I think it is important and look forward to implementing it.
All the best
pallav
unread,
May 14, 2014, 2:18:59 PM5/14/14
Reply to author
Sign in to reply to author
Forward
Sign in to forward
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to web...@googlegroups.com
Another update - submitted the fixed code as a pull request. This fixes the issue that was causing unit tests to fail. Waiting to hear back from the team.
PN
unread,
Sep 2, 2014, 1:34:57 PM9/2/14
Reply to author
Sign in to reply to author
Forward
Sign in to forward
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to web...@googlegroups.com
Update. The code is part of web2py starting at version 2.9.6