Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

More complete instructions for setting up 2FA on custom admin #740

Closed
sjpriest opened this issue Oct 7, 2024 · 2 comments
Closed

More complete instructions for setting up 2FA on custom admin #740

sjpriest opened this issue Oct 7, 2024 · 2 comments

Comments

@sjpriest
Copy link

sjpriest commented Oct 7, 2024

Hi! I don't have any issues to report at the moment, but wanted to make a small suggestion regarding the documentation. I think this could also be a patch that redirects to 'two-factor:setup' as in the 'done' method of the LoginView.

It seems like no one else is encountering this problem, so maybe I took a wrong turn somewhere, but examining the OTP admin classes I found no redirect to the setup page for working admin accounts.

Expected Behavior

I expected to install the package, implement a 2FA admin site, and be redirected to 2FA setup. I have a custom admin account that I only use for the admin page.

Current Behavior

Using AdminSiteOTPRequired to create a custom admin class, the user is continuously redirected to the admin login page when logging in with correct credentials prior to setting up a 2FA device. Ultimately, I simply navigated to /account/two_factor/setup/ in the browser and successfully set up 2FA.

Possible Solution

Change the documentation to indicate how to setup initial 2FA when only applying it a custom admin page.

Steps to Reproduce (for bugs)

  1. Install package and follow installation instructions as normal.
  2. Implement a custom admin such as class OTPAdminSite(AdminSiteOTPRequired), otp_admin_site = OTPAdminSite(name='otp_admin'), with path('admin/', otp_admin_site.urls) in urls
  3. Navigate to /admin and login with working credentials
  4. You will be redirected to /admin with no additional information, as you are not yet verified.

Context

I was trying to implement 2FA on a custom admin page and it took me a long time to figure out that there was no automated 2FA setup for this use case.

Your Environment

  • Browser and version: Chrome, Version 129.0.6668.71
  • Python version: 3.11.9
  • Django version: 5.0.7
  • django-otp version: Version: 1.5.4
  • django-two-factor-auth version: 1.17.0
  • Link to your project: akashialpha.com
@moggers87
Copy link
Collaborator

I think what you're looking for is covered here: #219 (comment)

There was a PR made to fix this, but there were some issues with tests IIRC: #370

Closing this as a duplicate of #219

@sjpriest
Copy link
Author

sjpriest commented Oct 8, 2024

Ah, yup! Looks like that does cover it. If the pull request is held up maybe some mention of the issue could be made in the documentation? That's a much quicker and easier path to a lot less frustration.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@moggers87 @sjpriest