Open PetrDlouhy opened 2 years ago
I have got this solved by storing the info about 2FA authentication in session. But I feel it is a bit hacky and unneedingly complicated.
The pipeline:
from django.shortcuts import redirect
from django.urls import reverse
from social_core.pipeline.partial import partial
from two_factor.utils import default_device
@partial
def two_factor_auth(strategy, details, *args, user=None, **kwargs):
current_partial = kwargs.get("current_partial")
request = kwargs["request"]
if request.session.get("tfa_completed", False):
return
if default_device(user):
return redirect(
reverse("two_factor_authentication") + f"?partial_token={current_partial.token}"
)
return
The view:
from django.urls import reverse
from django.views.generic import FormView
from social_django.utils import load_strategy
from two_factor.forms import AuthenticationTokenForm
from two_factor.utils import default_device
class AuthenticationView(FormView):
template_name = "two_factor/core/login.html"
form_class = AuthenticationTokenForm
def get_success_url(self):
partial = self.get_partial()
self.request.session["tfa_completed"] = True
return (
reverse("social:complete", kwargs={"backend": partial.backend})
+ f"?partial_token={partial.token}"
)
def get_partial(self):
strategy = load_strategy()
partial_token = self.request.GET.get("partial_token")
partial = strategy.partial_load(partial_token)
return partial
def get_form_kwargs(self, *args, **kwargs):
kwargs = super().get_form_kwargs(*args, **kwargs)
user = self.get_partial().kwargs["user"]
kwargs["user"] = user
kwargs["initial_device"] = default_device(user)
return kwargs
def get_context_data(self, **kwargs):
context = super().get_context_data(**kwargs)
context["step"] = "auth"
return context
I am trying to get social login working together with
django-two-factor-auth
(so that it requires additional authentication step for users with 2FA enabled). I am now stuck for several hours on this step from documentation: Partial PipelineThere is written:
I have already figured out, that it is not very precise description, because I have to pass the
partial_token
token to that URL. But I am still stuck on the fact, that the pipeline is returning to the same (two factor authentication) step again and again. To overcome this I am trying to store somewhere the information that the user has been authenticated by 2FA, but I don't know how to access the pipeline correctly or if I am not doing it completely wrong.I would be glad if this is documented more deeply, possibly with some examples. I could also help to extend the documentation if I know how to implement this correctly.