From f808dcd8209544f31179c71aad28d3344ac1a58a Mon Sep 17 00:00:00 2001 From: Santos Gallegos Date: Thu, 22 Aug 2024 11:12:23 -0500 Subject: [PATCH] Allauth: 2FA (#11524) * Authenticated: Two-factor authentication Closes https://github.com/readthedocs/readthedocs.org/issues/3523 * Merge --- readthedocs/settings/base.py | 3 ++- requirements/deploy.txt | 16 +++++++++++++++- requirements/docker.txt | 16 +++++++++++++++- requirements/pip.in | 2 +- requirements/pip.txt | 13 +++++++++++-- requirements/testing.txt | 16 +++++++++++++++- 6 files changed, 59 insertions(+), 7 deletions(-) diff --git a/readthedocs/settings/base.py b/readthedocs/settings/base.py index c65e19e28dc..7bea4a9433d 100644 --- a/readthedocs/settings/base.py +++ b/readthedocs/settings/base.py @@ -287,6 +287,7 @@ def INSTALLED_APPS(self): # noqa "allauth.socialaccount.providers.github", "allauth.socialaccount.providers.gitlab", "allauth.socialaccount.providers.bitbucket_oauth2", + "allauth.mfa", "cacheops", ] if ext: @@ -661,7 +662,7 @@ def DOCKER_LIMITS(self): ) return limits - # All auth + # Allauth ACCOUNT_ADAPTER = "readthedocs.core.adapters.AccountAdapter" ACCOUNT_EMAIL_REQUIRED = True diff --git a/requirements/deploy.txt b/requirements/deploy.txt index 3b1c802f02d..75725203d0a 100644 --- a/requirements/deploy.txt +++ b/requirements/deploy.txt @@ -83,6 +83,7 @@ cron-descriptor==1.4.3 cryptography==43.0.0 # via # -r requirements/pip.txt + # fido2 # pyjwt cssselect==1.2.0 # via @@ -120,7 +121,7 @@ django==4.2.15 # django-timezone-field # djangorestframework # jsonfield -django-allauth[saml,socialaccount]==64.0.0 +django-allauth[mfa,saml,socialaccount]==64.0.0 # via -r requirements/pip.txt django-annoying==0.10.7 # via -r requirements/pip.txt @@ -205,6 +206,10 @@ exceptiongroup==1.2.2 # via ipython executing==2.0.1 # via stack-data +fido2==1.1.3 + # via + # -r requirements/pip.txt + # django-allauth filelock==3.15.4 # via # -r requirements/pip.txt @@ -312,6 +317,10 @@ pyjwt[crypto]==2.9.0 # via # -r requirements/pip.txt # django-allauth +pypng==0.20220715.0 + # via + # -r requirements/pip.txt + # qrcode pyquery==2.0.0 # via -r requirements/pip.txt python-crontab==3.2.0 @@ -334,6 +343,10 @@ pytz==2024.1 # celery pyyaml==6.0.2 # via -r requirements/pip.txt +qrcode==7.4.2 + # via + # -r requirements/pip.txt + # django-allauth redis==5.0.8 # via # -r requirements/pip.txt @@ -414,6 +427,7 @@ typing-extensions==4.12.2 # ipython # psycopg # psycopg-pool + # qrcode tzdata==2024.1 # via # -r requirements/pip.txt diff --git a/requirements/docker.txt b/requirements/docker.txt index 91e589cdd08..d5c075b11e5 100644 --- a/requirements/docker.txt +++ b/requirements/docker.txt @@ -89,6 +89,7 @@ cron-descriptor==1.4.3 cryptography==43.0.0 # via # -r requirements/pip.txt + # fido2 # pyjwt cssselect==1.2.0 # via @@ -130,7 +131,7 @@ django==4.2.15 # django-timezone-field # djangorestframework # jsonfield -django-allauth[saml,socialaccount]==64.0.0 +django-allauth[mfa,saml,socialaccount]==64.0.0 # via -r requirements/pip.txt django-annoying==0.10.7 # via -r requirements/pip.txt @@ -217,6 +218,10 @@ executing==2.0.1 # via stack-data fancycompleter==0.9.1 # via pdbpp +fido2==1.1.3 + # via + # -r requirements/pip.txt + # django-allauth filelock==3.15.4 # via # -r requirements/pip.txt @@ -338,6 +343,10 @@ pyjwt[crypto]==2.9.0 # via # -r requirements/pip.txt # django-allauth +pypng==0.20220715.0 + # via + # -r requirements/pip.txt + # qrcode pyproject-api==1.7.1 # via tox pyquery==2.0.0 @@ -364,6 +373,10 @@ pytz==2024.1 # celery pyyaml==6.0.2 # via -r requirements/pip.txt +qrcode==7.4.2 + # via + # -r requirements/pip.txt + # django-allauth redis==5.0.8 # via # -r requirements/pip.txt @@ -446,6 +459,7 @@ typing-extensions==4.12.2 # ipython # psycopg # psycopg-pool + # qrcode tzdata==2024.1 # via # -r requirements/pip.txt diff --git a/requirements/pip.in b/requirements/pip.in index 613bccd2d3b..dc637d8b8d0 100644 --- a/requirements/pip.in +++ b/requirements/pip.in @@ -84,7 +84,7 @@ django-celery-beat # TODO: remove this dependency once we upgrade Celery. It should auto-install it. tzdata -django-allauth[socialaccount,saml] +django-allauth[socialaccount,saml,mfa] requests-oauthlib diff --git a/requirements/pip.txt b/requirements/pip.txt index 5d7fb14777d..6c7554e9299 100644 --- a/requirements/pip.txt +++ b/requirements/pip.txt @@ -52,7 +52,9 @@ colorama==0.4.6 cron-descriptor==1.4.3 # via django-celery-beat cryptography==43.0.0 - # via pyjwt + # via + # fido2 + # pyjwt cssselect==1.2.0 # via pyquery distlib==0.3.8 @@ -83,7 +85,7 @@ django==4.2.15 # django-timezone-field # djangorestframework # jsonfield -django-allauth[saml,socialaccount]==64.0.0 +django-allauth[mfa,saml,socialaccount]==64.0.0 # via -r requirements/pip.in django-annoying==0.10.7 # via -r requirements/pip.in @@ -160,6 +162,8 @@ elasticsearch-dsl==8.14.0 # via # -r requirements/pip.in # django-elasticsearch-dsl +fido2==1.1.3 + # via django-allauth filelock==3.15.4 # via virtualenv funcy==2.0 @@ -218,6 +222,8 @@ pygments==2.18.0 # via -r requirements/pip.in pyjwt[crypto]==2.9.0 # via django-allauth +pypng==0.20220715.0 + # via qrcode pyquery==2.0.0 # via -r requirements/pip.in python-crontab==3.2.0 @@ -236,6 +242,8 @@ pytz==2024.1 # celery pyyaml==6.0.2 # via -r requirements/pip.in +qrcode==7.4.2 + # via django-allauth redis==5.0.8 # via # -r requirements/pip.in @@ -294,6 +302,7 @@ typing-extensions==4.12.2 # elasticsearch-dsl # psycopg # psycopg-pool + # qrcode tzdata==2024.1 # via # -r requirements/pip.in diff --git a/requirements/testing.txt b/requirements/testing.txt index 24bef5b55ec..e63bf7f9145 100644 --- a/requirements/testing.txt +++ b/requirements/testing.txt @@ -86,6 +86,7 @@ cron-descriptor==1.4.3 cryptography==43.0.0 # via # -r requirements/pip.txt + # fido2 # pyjwt cssselect==1.2.0 # via @@ -125,7 +126,7 @@ django==4.2.15 # django-timezone-field # djangorestframework # jsonfield -django-allauth[saml,socialaccount]==64.0.0 +django-allauth[mfa,saml,socialaccount]==64.0.0 # via -r requirements/pip.txt django-annoying==0.10.7 # via -r requirements/pip.txt @@ -212,6 +213,10 @@ elasticsearch-dsl==8.14.0 # django-elasticsearch-dsl exceptiongroup==1.2.2 # via pytest +fido2==1.1.3 + # via + # -r requirements/pip.txt + # django-allauth filelock==3.15.4 # via # -r requirements/pip.txt @@ -314,6 +319,10 @@ pyjwt[crypto]==2.9.0 # via # -r requirements/pip.txt # django-allauth +pypng==0.20220715.0 + # via + # -r requirements/pip.txt + # qrcode pyquery==2.0.0 # via -r requirements/pip.txt pytest==8.3.2 @@ -354,6 +363,10 @@ pyyaml==6.0.2 # via # -r requirements/pip.txt # yamale +qrcode==7.4.2 + # via + # -r requirements/pip.txt + # django-allauth redis==5.0.8 # via # -r requirements/pip.txt @@ -444,6 +457,7 @@ typing-extensions==4.12.2 # elasticsearch-dsl # psycopg # psycopg-pool + # qrcode # sphinx tzdata==2024.1 # via