Disable totp authentication, if needed

data-govt-nz / ckanext-security

A CKAN extension to hold various security improvements for CKAN

GNU Affero General Public License v3.0

25 stars 33 forks source link

Disable totp authentication, if needed #52

Closed RabiaSajjad closed 7 months ago

RabiaSajjad commented 2 years ago

In response to https://github.com/data-govt-nz/ckanext-security/issues/40.

Add option to disable totp using ckanext.security.enable_totp = false in configurations. The default value for the flag is True if the option is not set in configurations.

jguo144 commented 1 year ago

Seems like /user/snippets/login_form.html should also be updated. {% if h.security_enable_totp() %} should be used to check if the MFA form and javascript is needed on login.

{% if h.security_enable_totp() %}
  {% if h.check_ckan_version('2.9') %}
    {% asset 'security/mfa_login' %}
...

{% if h.security_enable_totp() %}
  <div id="mfa-form" style="display: none;">
...

rjruizes commented 9 months ago

This would be a great feature and a must for us to use the plugin.