Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(auth): add two-factor authentication #12173

Merged
merged 14 commits into from
Aug 8, 2024
Merged

feat(auth): add two-factor authentication #12173

merged 14 commits into from
Aug 8, 2024

Conversation

nijel
Copy link
Member

@nijel nijel commented Aug 1, 2024
edited
Loading

Proposed changes

  • Implemented using django-otp and django-otp-webauthn
  • Support for TOTP, WebAuthn and recovery codes

Fixes #1681

Checklist

Pending tasks:

  • Lint and unit tests pass locally with my changes.
  • I have added tests that prove my fix is effective or that my feature works.
  • I have added documentation to describe my feature.
  • I have squashed my commits into logic units.
  • I have described the changes in the commit messages.

Other information

@nijel nijel force-pushed the twofactor branch 3 times, most recently from 0e825c6 to 349e05a Compare August 1, 2024 12:58
@nijel nijel self-assigned this Aug 1, 2024
@nijel nijel force-pushed the twofactor branch 2 times, most recently from b7e3472 to 0cd82d9 Compare August 1, 2024 13:49
@nijel nijel added this to the 5.7 milestone Aug 1, 2024
accesslint[bot]
accesslint bot reviewed Aug 2, 2024
View reviewed changes
Copy link

@accesslint accesslint bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There are accessibility issues in these changes.

weblate/static/loader-bootstrap.js Outdated Show resolved Hide resolved
@nijel nijel force-pushed the twofactor branch 2 times, most recently from d49a42f to 24a95e5 Compare August 2, 2024 13:24
@Stormheg
Copy link

Stormheg commented Aug 2, 2024

Hi, creator of django-otp-webauthn here 👋

Very cool to see my package being put to good use. It's pretty new, and has yet to prove itself in the context of a production site. Please keep me updated on any issues encountered 👍

@nijel
Copy link
Member Author

nijel commented Aug 2, 2024
edited
Loading

I was originally thinking about two_factor, but it turned out to be too opinionated for our use-case, so I ended up trying django-otp-webauthn.

@nijel nijel force-pushed the twofactor branch 2 times, most recently from a40fce4 to 171a6e0 Compare August 2, 2024 15:49
github-advanced-security[bot]
github-advanced-security bot found potential problems Aug 2, 2024
View reviewed changes
weblate/accounts/views.py Fixed Show fixed Hide fixed
@nijel nijel force-pushed the twofactor branch 2 times, most recently from c5c5e16 to cd790ac Compare August 2, 2024 18:22
@codecov Codecov
Copy link

codecov bot commented Aug 2, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 87.15203% with 60 lines in your changes missing coverage. Please review.

Project coverage is 91.12%. Comparing base (6aee586) to head (4fe490a).
Report is 3005 commits behind head on main.

Files Patch % Lines
weblate/accounts/utils.py 45.94% 17 Missing and 3 partials ⚠️
weblate/accounts/views.py 91.32% 11 Missing and 6 partials ⚠️
weblate/accounts/forms.py 86.48% 8 Missing and 2 partials ⚠️
weblate/accounts/pipeline.py 46.15% 6 Missing and 1 partial ⚠️
weblate/accounts/models.py 85.71% 2 Missing and 2 partials ⚠️
weblate/accounts/tasks.py 80.00% 0 Missing and 1 partial ⚠️
weblate/accounts/templatetags/authnames.py 87.50% 1 Missing ⚠️
Additional details and impacted files

Impacted file tree graph

@@            Coverage Diff             @@
##             main   #12173      +/-   ##
==========================================
+ Coverage   90.82%   91.12%   +0.30%     
==========================================
  Files         554      586      +32     
  Lines       57306    60072    +2766     
  Branches     9122     9502     +380     
==========================================
+ Hits        52046    54743    +2697     
- Misses       3640     3696      +56     
- Partials     1620     1633      +13
Files Coverage Δ
...s/0012_alter_auditlog_activity_profile_last_2fa.py 100.00% <100.00%> (ø)
weblate/accounts/tests/test_twofactor.py 100.00% <100.00%> (ø)
weblate/accounts/urls.py 69.23% <100.00%> (+2.56%) ⬆️
weblate/accounts/tasks.py 88.97% <80.00%> (+0.45%) ⬆️
weblate/accounts/templatetags/authnames.py 90.47% <87.50%> (+5.18%) ⬆️
weblate/accounts/models.py 86.80% <85.71%> (-0.37%) ⬇️
weblate/accounts/pipeline.py 78.81% <46.15%> (-2.98%) ⬇️
weblate/accounts/forms.py 90.09% <86.48%> (-0.58%) ⬇️
weblate/accounts/views.py 84.32% <91.32%> (+0.90%) ⬆️
weblate/accounts/utils.py 72.47% <45.94%> (-13.44%) ⬇️

... and 396 files with indirect coverage changes

@nijel nijel force-pushed the twofactor branch 9 times, most recently from 36288ae to ee4e088 Compare August 4, 2024 06:26
@nijel nijel marked this pull request as ready for review August 5, 2024 08:23
@nijel nijel requested a review from orangesunny as a code owner August 5, 2024 08:23
github-advanced-security[bot]
github-advanced-security bot found potential problems Aug 5, 2024
View reviewed changes
weblate/static/loader-bootstrap.js

const form = document.getElementById("link-post");

form.setAttribute("action", action);

Check warning

Code scanning / CodeQL

DOM text reinterpreted as HTML Medium

DOM text
Loading
is reinterpreted as HTML without escaping meta-characters.
@nijel nijel force-pushed the twofactor branch 2 times, most recently from f6bdf70 to 421e1f2 Compare August 5, 2024 12:55
@nijel nijel mentioned this pull request Aug 5, 2024
Merged
5 tasks
@nijel nijel mentioned this pull request Aug 6, 2024
Closed
nijel and others added 3 commits August 8, 2024 14:43
@nijel
feat(auth): add two-factor authentication
0e70c81 
- Implemented using django-otp and django-otp-webauthn
- Support for TOTP, WebAuthn and recovery codes

Fixes WeblateOrg#1681
@orangesunny @nijel
Update changes.rst
d9a3c55
@orangesunny @nijel
Update webauthn.html
58f28b4
orangesunny
orangesunny approved these changes Aug 8, 2024
View reviewed changes
Copy link
Member

@orangesunny orangesunny left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good to go like this

@nijel nijel merged commit 69d534f into WeblateOrg:main Aug 8, 2024
26 of 29 checks passed
@nijel nijel deleted the twofactor branch August 8, 2024 17:15
@sentry-io Sentry.io
Copy link

sentry-io bot commented Aug 9, 2024
edited
Loading

Suspect Issues

This pull request was deployed and Sentry observed the following issues:

  • ‼️ InvalidEmail: Email couldn't be validated /accounts/complete/{backend}/ View Issue
  • ‼️ AuthMissingParameter: Missing needed parameter state /accounts/complete/{backend}/ View Issue
  • ‼️ AuthStateMissing: Session value state missing. /accounts/complete/{backend}/ View Issue
  • ‼️ AuthMissingParameter: Missing needed parameter user /accounts/complete/{backend}/ View Issue
  • ‼️ AuthMissingParameter: Missing needed parameter user /accounts/complete/{backend}/ View Issue

Did you find this useful? React with a 👍 or 👎

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@accesslint AccessLint AccessLint left review comments

@orangesunny orangesunny orangesunny approved these changes

@gersona gersona Awaiting requested review from gersona

@harriebird harriebird Awaiting requested review from harriebird

Assignees

@nijel nijel

Labels
None yet
Projects
None yet
Milestone
5.7
Development

Successfully merging this pull request may close these issues.

Add support for two-factor authentication
3 participants
@nijel @Stormheg @orangesunny