Add 2 factor authentication to login #4657
Conversation
perryr16
added
the
Feature
|
@perryr16, this is great! Documenting a few issues I ran into:
This is the old login screen: And the new ones: ![Screenshot 2024-05-14 at 4 16 01 PM](https://github.com/SEED-platform/seed/assets/ Maybe if you just turn "Create my account" into "Forgot my password" it might be good enough? thanks! |
… into 4581-django-2fa
* Speed up ali tree * Fix Tests
* Automate ugprading a database from 12 to 14. * parameterize source conversion and target test database service versions. --------- Co-authored-by: Damon Haley <damon.haley@nrel.gov>
Added documentation for upgrading Postgres and TimescaleDB to the latest version
* Fix email * Fix * Fix * Fix package.json * map from property_view_id not id --------- Co-authored-by: Katherine Fleming <2205659+kflemin@users.noreply.github.com> Co-authored-by: Nicholas Long <1907354+nllong@users.noreply.github.com> Co-authored-by: Nicholas Long <nicholas.long@nrel.gov>
* new stats table * commitment sqft added to goal * actions to goal stats table * stats table, actions dropdown * stats, create goal_notes for newly uploaded properties * add current cycle property ids to goal get * actions dropdown and base for bulk goalnote edit * bulk update goalnote * bulk update historical note * rename * precommit * permissions and tests * lint * permission refactor * permission refactor * lint * phrasing * small language update and added translations --------- Co-authored-by: kflemin <2205659+kflemin@users.noreply.github.com>
Any background context you want to provide?
What's this PR do?
Uses an open source, well rated, free library django-two-factor-auth to add token authentication via any authenticator app (google authenticator, microsoft authenticator, etc...) or via email.
Users will only be prompted to enable 2FA on their first login following the introduction of this code. Opting in or out is at the user level and users can always access the 2FA settings from /profile > Two Factor.
If a user chooses "Token Generator" then a QR code is displayed and can be scanned by any number of auth apps. Once scanned, users can enter the token to login
If a user chooses "Email" then a token will be sent via email to the associated account.
The UI for this library uses Django templates and does not enter the angular layer. To customize the Django templates they have been imported into the seed/landing/templates/two_factor directory and edited. To make navigation changes to the response from django-2-f-a, the response must be caught in a custom django view (see /CustomLoginView.py)
How should this be manually tested?
With token generator
Login with any user > Enable 2Fa > Select "Token Generator "
Scan QR code with auth app of choice and enter token
User should be logged in
With email
Go to profile > Two Factor > disable two factor authentication
then re-enable two factor and select "Email". An email will be sent out, if testing locally it will likely be found in the seed_web logs.
Enter the token
User should be logged in
Go to profile > two factor > disable two factor authentication
log out
log in
user should be logged in without 2FA prompts.
What are the relevant tickets?
#4657
Screenshots (if appropriate)