search

wger-project / wger

Self hosted FLOSS fitness/workout, nutrition and weight tracker
https://wger.de
GNU Affero General Public License v3.0
3.14k stars 578 forks source link

Add MFA for account security #944

Open jinyeow opened 2 years ago

jinyeow commented 2 years ago

Use case

I would like to have MFA/2FA for extra security on accounts.

Proposal

Allow me to use an MFA/2FA method/app to increase user account security.

rolandgeider commented 2 years ago

This is a good idea. There seems to be a Django app for this, so the web app would probably be easy to change, but we probably will need to do some manual work for the flutter app that uses the API

https://django-two-factor-auth.readthedocs.io/

kaniket7209 commented 2 years ago

Hey @jinyeow I think I can solve this issue.. By adding an extra layer. Will update you soon after commiting the same.

rolandgeider commented 2 years ago

@kaniket7209 great! if you need any help from me, just ping me

kaniket7209 commented 2 years ago

@rolandgeider Can you Please help me out to locate the function or region where authentication is implemented . It will help me out to do that quickly rather wasting time finding that one.

rolandgeider commented 2 years ago

@kaniket7209 We are using django's auth views, we just have some custom template around it. You can take a look at login in wger/core/views/user.py

kaniket7209 commented 2 years ago

Hey friend can you help me setting it up. Because m having issue setting it up.. So pls let me know if you are free to help and at what time

On Tue, 18 Jan, 2022, 3:37 pm Roland Geider, @.***> wrote:

@kaniket7209 https://github.com/kaniket7209 We are using django's auth views, we just have some custom template around it. You can take a look at login in wger/core/views/user.py

— Reply to this email directly, view it on GitHub https://github.com/wger-project/wger/issues/944#issuecomment-1015255725, or unsubscribe https://github.com/notifications/unsubscribe-auth/ARLXABGYMMVREOWITWWOV43UWU3UNANCNFSM5MCN2ECA . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.

You are receiving this because you were mentioned.Message ID: @.***>

rolandgeider commented 2 years ago

What problems are you having? And how are you trying to install the application?

kaniket7209 commented 2 years ago

Having issues while running the setup.py file

On Thu, 20 Jan, 2022, 3:50 am Roland Geider, @.***> wrote:

What problems are you having? And how are you trying to install the application?

— Reply to this email directly, view it on GitHub https://github.com/wger-project/wger/issues/944#issuecomment-1016925320, or unsubscribe https://github.com/notifications/unsubscribe-auth/ARLXABAMT26F4W73WJIQJO3UW42LPANCNFSM5MCN2ECA . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.

You are receiving this because you were mentioned.Message ID: @.***>

rolandgeider commented 2 years ago

try doing pip3 install -e . (or just pip) instead of setup.py develop

troyphillips commented 2 years ago

I'm taking a Software Development Methodology course at University right now, and one of our projects is to make meaningful contributions to opensource projects. Could I be assigned this issue if kaniket7209 isn't able to get setup?

kaniket7209 commented 2 years ago

@troyphillips I am on it buddy so let me be on it.. I was engaged with some others projects too which caused me this time.

troyphillips commented 2 years ago

Haha yea no worries.. just let me know if you change your mind

kaniket7209 commented 2 years ago

Ok sure

On Fri, 21 Jan, 2022, 1:19 am troyphillips, @.***> wrote:

Haha yea no worries.. just let me know if you change your mind

— Reply to this email directly, view it on GitHub https://github.com/wger-project/wger/issues/944#issuecomment-1017863908, or unsubscribe https://github.com/notifications/unsubscribe-auth/ARLXABHKU3TCQYM3UOUE2CLUXBRM7ANCNFSM5MCN2ECA . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.

You are receiving this because you were mentioned.Message ID: @.***>

rolandgeider commented 2 years ago

@troyphillips if you still want to contribute, one thing we are not lacking are things to do 😅 You can ping me on discord if you want to chat about what topic you want to work on

kaniket7209 commented 2 years ago

If you are now active ping me here in mail and come will discuss it over zoom or via whatapp if u wish

rolandgeider commented 2 years ago

@kaniket7209 you can send me your contact details to roland [at] geider [dot] net

kaniket7209 commented 2 years ago

Ok

BadCo-NZ commented 1 year ago

One year later, how is progress going with MFA/2FA?

I am trying to keep anything internet facing secure by having MFA/2FA enabled by default.

Thanks, and keep up the great work on the project!

kaykayehnn commented 1 year ago

As an alternative, if you opt for a SSO solution like Authelia you can have MFA for any HTTP service.

BadCo-NZ commented 1 year ago

As an alternative, if you opt for a SSO solution like Authelia you can have MFA for any HTTP service.

Authelia is definitely an option, but built in would be preferred :+1: