jwag956
commented
2 years ago Missed this - 2FA is implemented in flask-security-too - to which I believe you should direct this question: https://github.com/Flask-Middleware/flask-security/discussions
and yes - it would require a new feature/configuration variable.
In our application, we would like to disable 2FA for certain IP addresses (located in the corporate network). It seems to me that this is impossible with the current implementation of 2FA in flask-security.
It seems to me that it would require adding another setting (
SECURITY_TWO_FACTOR_IP_WHITELIST?) and updating this condition:flask_security/views.py:164
to check whether the IP address of the request is on the whitelist.
What do you think?