Closed maxcanada closed 7 years ago
I figured that for me to have what I want, I have to override the LoginView the core.py
I must change this line:
form_list = (
('auth', AuthenticationForm),
('token', AuthenticationTokenForm),
('backup', BackupTokenForm),
)
Into this
form_list = (
('token', AuthenticationTokenForm),
('backup', BackupTokenForm),
)
And override the method get_user() to have this:
def get_user(self):
"""
Returns the user authenticated by the AuthenticationForm. Returns False
if not a valid user; see also issue #65.
"""
self.request.user.backend = 'django.contrib.auth.backends.ModelBackend'
return self.request.user
Any suggestion on how to do that in clean way?
If a user has enabled two factor, it will always ask the user to enter their second factor. There is no conditional logic depending on the page that's requested. The reasoning behind this is to secure the user's account -- not the page being visited per se.
There is no clean way to change how this works, as that is currently not supported by this package.
Hello!
I am implementing Django two-factor-auth on my website and I would love to have some views protected by two-FA, and some other not.
In order to do so, I use the decorator @otp_required which works great, but unfortunately asks the users to input their credentials again (to handle user sessions, I use the registration module).
Would you be able to give me a good to way to hack the form in order to just ask the user to input the token (skipping a step of the form, basically) ?
Thanks a lot,