Hey Pablo,

Here is the diff of the commit we added django-otp in:

(venv) haki@haki ~/src/app (master) $ git show 0263374fapp/admin: require two-factor authentication - step 1

This adds the support, but does not yet require it. First we need to
rollout the support and add everyone, only then we'll enforce it.
diff --git a/app/requirements.txt b/app/requirements.txt
index 8116ad3b..1db6a3f2 100644
--- a/app/requirements.txt
+++ b/app/requirements.txt
@@ -30,3 +30,5 @@ django-storages==1.5.2
+django-otp==0.4.0.1
+qrcode==5.3 # via django-otp

diff --git a/app/app/admin_urls.py b/app/app/admin_urls.py
index c56e6462..7bb310b9 100644
--- a/app/app/admin_urls.py
+++ b/app/app/admin_urls.py
@@ -3,6 +3,7 @@ from django.conf.urls.i18n import i18n_patterns
from django.conf.urls import include, url
from django.contrib import admin
from django.conf import settings
+# from django_otp.admin import OTPAdminSite

import app.urls.static as app_static_urls
from transaction.urls.static import urlpatterns as transaction_static_urls
@@ -11,6 +12,11 @@ from transaction.urls.static import urlpatterns as transaction_static_urls

+# Change the default site to behave like an OTPAdminSite.
+# Unverified users are not allowed.
+# TODO: Uncomment this once all staff configured 2FA.
+# admin.site.__class__ = OTPAdminSite
+


diff --git a/app/app/settings.py b/app/app/settings.py
index e375e8ab..d4f9c63f 100644
--- a/app/app/settings.py
+++ b/app/app/settings.py
@@ -73,6 +73,8 @@ INSTALLED_APPS = (
+ 'django_otp',
+ 'django_otp.plugins.otp_totp',

)
if config['debug']:
INSTALLED_APPS += (
@@ -103,6 +105,8 @@ SERVER_EMAIL = 'App Errors <root@localhost>'

+OTP_TOTP_ISSUER = 'App - {}'.format(ENVIRONMENT_NAME)
+

# Middleware
if is_admin:
@@ -112,6 +116,7 @@ if is_admin:
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
+ 'django_otp.middleware.OTPMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
)
else:

Written by

Full Stack Developer, Team Leader, Independent. More from me at https://hakibenita.com

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store