Complete Two-Factor Authentication for Django providing the easiest integration into most Django projects.

Overview

Django Two-Factor Authentication

Build Status Build Status Test Coverage PyPI

Complete Two-Factor Authentication for Django. Built on top of the one-time password framework django-otp and Django's built-in authentication framework django.contrib.auth for providing the easiest integration into most Django projects. Inspired by the user experience of Google's Two-Step Authentication, allowing users to authenticate through call, text messages (SMS), by using a token generator app like Google Authenticator or a YubiKey hardware token generator (optional).

If you run into problems, please file an issue on GitHub, or contribute to the project by forking the repository and sending some pull requests. The package is translated into English, Dutch and other languages. Please contribute your own language using Transifex.

Test drive this app through the online example app, hosted by Heroku. It demos most features except the Twilio integration. The example also includes django-user-sessions for providing Django sessions with a foreign key to the user. Although the package is optional, it improves account security control over django.contrib.sessions.

Compatible with modern Django versions. At the moment of writing that's including 2.2, 3.0, and 3.1 on Python 3.5, 3.6, 3.7 and 3.8. Documentation is available at readthedocs.org.

Installation

Refer to the installation instructions in the documentation.

Getting help

For general questions regarding this package, please hop over to Stack Overflow. If you think there is an issue with this package; check if the issue is already listed (either open or closed), and file an issue if it's not.

Contribute

  • Submit issues to the issue tracker on Github.
  • Fork the source code at Github.
  • Write some code and make sure it is covered with unit tests.
  • Send a pull request with your changes.
  • Provide a translation using Transifex.

Running tests

This project aims for full code-coverage, this means that your code should be well-tested. Also test branches for hardened code. You can run the full test suite with:

make test

Or run a specific test with:

make test TARGET=tests.tests.TwilioGatewayTest

For Python compatibility, tox is used. You can run the full test suite, covering all supported Python and Django version with:

tox

Releasing

The following actions are required to push a new version:

  • Update release notes

  • If any new translations strings were added, push the new source language to Transifex. Make sure translators have sufficient time to translate those new strings:

    make tx-push
    
  • Add migrations:

    python example/manage.py makemigrations two_factor
    git commit two_factor/migrations -m "Added migrations"
    
  • Update translations:

    make tx-pull
    
  • Package and upload:

    bumpversion [major|minor|patch]
    git push && git push --tags
    python setup.py sdist bdist_wheel
    twine upload dist/*
    

See Also

Have a look at django-user-sessions for Django sessions with a foreign key to the user. This package is also included in the online example app.

License

The project is licensed under the MIT license.

Comments
  • WebAuthn support

    WebAuthn support

    Implement a new second factor method that uses WebAuthn.

    Description

    A new authentication method is available in the setup wizard: WebAuthn, that enables support for hardware authentication devices such as fido-u2f keys in modern browsers that implement the specification.

    Motivation and Context

    WebAuthn is supported in the Chrome, Firefox, and Edge browsers, for credential creation and assertion using a U2F Token, like those provided by Yubico and Feitian.

    How Has This Been Tested?

    New view and utils tests have been added.

    Screenshots (if appropriate):

    Types of changes

    • [ ] Bug fix (non-breaking change which fixes an issue)
    • [x] New feature (non-breaking change which adds functionality)
    • [ ] Breaking change (fix or feature that would cause existing functionality to change)

    Checklist:

    • [x] My code follows the code style of this project.
    • [x] My change requires a change to the documentation.
    • [x] I have updated the documentation accordingly.
    • [x] I have added tests to cover my changes.
    • [x] All new and existing tests passed.
    opened by jpaniagualaconich 33
  • Passwords are stored in plain-text in the user's session

    Passwords are stored in plain-text in the user's session

    When using the login wizard the user's password is stored in plain text in the session store. The information is stored by formtools' wizard class. This is a security risk, depending on the deployment this can easily lead to a leak. Imagine a shared database ...

    The information is not required to complete the token step, it would suffice to store the authentication state once the user's username and password are verified and then call login() in the done() method.

    security 
    opened by blubber 21
  • Moved some capabilities to plugins folder

    Moved some capabilities to plugins folder

    Based on #280 and my recent work on making a method registry in #328, this is a first step in that direction, trying to isolate code per auth method. That's not the end of the road, but this commit should at least pass the tests.

    We are breaking compatibility because we moved the PhoneDevice models to plugins/phonenumber sub-app, but I think that's a price to pay for added modularity.

    opened by claudep 20
  • Issue #56 - After successful login with token, use signed cookie to allow login with login step only

    Issue #56 - After successful login with token, use signed cookie to allow login with login step only

    (scoped to settings.LOGIN_URL). If cookie exists/is valid on the next login, token steps are skipped

    1 - if user checks checkbox to token step "Remember this device for %s days" 2 - create signed cookie with the desired end date 3 - on next login, if cookie is present/valid, allow login with login step only

    Description

    added a method token_required() that returns False when a valid signed cookie ('rememberdevice') is present. If not required, methods has_token_step() and has_backup_step() will return None (skipping that logic).

    To enable OTPRequiredMixin() to grant access, if token_required() returns False, a device will be added to user

    Motivation and Context

    issue #56

    How Has This Been Tested?

    yes, tests were added to test_views_login.test_with_backup_phone() testing both the form change and the cookie logic.

    Ubuntu 16.04, Postgres 9.3, Python 3.5.2 Django==2.0.3 django-bootstrap-form==3.4 django-debug-toolbar==1.9.1 django-formtools==2.1 django-otp==0.4.3 django-phonenumber-field==1.3.0 django-two-factor-auth==1.7.0

    ran "make test" with no errors

    Screenshots (if appropriate):

    Types of changes

    • [ ] Bug fix (non-breaking change which fixes an issue)
    • [X] New feature (non-breaking change which adds functionality)
    • [ ] Breaking change (fix or feature that would cause existing functionality to change)

    Checklist:

    • [X] My code follows the code style of this project. - I tried to :)
    • [X] My change requires a change to the documentation.
    • [ ] I have updated the documentation accordingly. (I will, if the changes are OK with you)
    • [X] I have added tests to cover my changes.
    • [X] All new and existing tests passed.
    opened by compsult 19
  • Implement Jazzband guidelines for django-two-factor-auth

    Implement Jazzband guidelines for django-two-factor-auth

    This issue tracks the implementation of the Jazzband guidelines for the project django-two-factor-auth

    It was initiated by @Bouke who was automatically assigned in addition to the Jazzband roadies.

    See the TODO list below for the generally required tasks, but feel free to update it in case the project requires it.

    Feel free to ping a Jazzband roadie if you have any question.

    TODOs

    • [x] Fix all links in the docs (and README file etc) from old to new repo
    • [x] Add the Jazzband badge to the README file
    • [x] Add the Jazzband contributing guideline to the CONTRIBUTING.md or CONTRIBUTING.rst file
    • [x] Check if continuous testing works with GitHub Actions
    • [x] Check if test coverage is tracked with Codecov
    • [x] Add jazzband account to PyPI project as maintainer role (e.g. URL: https://pypi.org/manage/project/django-two-factor-auth/collaboration/)
    • [x] Add jazzband-bot as maintainer to the Read the Docs project (e.g. URL: https://readthedocs.org/dashboard/django-two-factor-auth/users/)
    • [x] Add incoming GitHub webhook integration to Read the Docs project (e.g. URL: https://readthedocs.org/dashboard/django-two-factor-auth/integrations/)
    • [x] Fix project URL in GitHub project description
    • [ ] Review project if other services are used and port them to Jazzband
    • [x] Decide who is project lead for the project (if at all)
    • [x] Set up CI for Jazzband project releases if needed and open ticket if yes

    Project details

    Description Complete Two-Factor Authentication for Django providing the easiest integration into most Django projects.
    Homepage http://example-two-factor-auth.herokuapp.com/
    Stargazers 1107
    Open issues 91
    Forks 313
    Default branch master
    Is a fork False
    Has Wiki False
    Has Pages False
    opened by jazzband-bot 15
  • Email 2fa

    Email 2fa

    Revive #267 thanks to @Atterratio for the initial patch. I did some changes based on the reviews on the original pull requests and some doc style fixes.

    Description

    Make possible two-factor authorization using emails.

    Motivation and Context

    Although this way of two-factor authentication is not very reliable, it can be preferable for some users.

    How Has This Been Tested?

    Tested in a local project. Not fully tested but I tried it out. Didn't look closely at old PR.

    Screenshots (if appropriate):

    Content-Type: multipart/alternative;
     boundary="===============1209054917869947523=="
    MIME-Version: 1.0
    Subject: Authentication token email
    From: [email protected]
    To: [email protected]
    Date: Wed, 28 Jul 2021 04:20:20 -0000
    Message-ID: <[email protected]>
    
    --===============1209054917869947523==
    Content-Type: text/plain; charset="utf-8"
    MIME-Version: 1.0
    Content-Transfer-Encoding: 7bit
    
    Hello,
    Your email address has been given for two-factor authorization on the our website.
    If you did't do this, just ignore this message.
    
    Authentication token for user hello is 487008.
    --===============1209054917869947523==
    Content-Type: text/html; charset="utf-8"
    MIME-Version: 1.0
    Content-Transfer-Encoding: 7bit
    
    
    
    <p>Hello,</p>
    <p>
        
            Your email address has been given for two-factor authorization on the our website.
            If you did't do this, just ignore this message.
        
    </p>
    <p>Authentication token for user hello is 487008.</p>
    --===============1209054917869947523==--
    
    -------------------------------------------------------------------------------
    

    Types of changes

    • [ ] Bug fix (non-breaking change which fixes an issue)
    • [x] New feature (non-breaking change which adds functionality)
    • [ ] Breaking change (fix or feature that would cause existing functionality to change)

    Checklist:

    • [x] My code follows the code style of this project.
    • [x] My change requires a change to the documentation.
    • [x] I have updated the documentation accordingly.
    • [x] I have added tests to cover my changes.
    • [x] All new and existing tests passed.
    opened by pickfire 14
  • Update django-phonenumber-field dependency to newer version

    Update django-phonenumber-field dependency to newer version

    Untested attempt to allow newer django-phonenumber-field dependency for issue #387

    Description

    As above PS: I would like to know why you required <3.99 and not <4 -- is this best practice or for some other reason?

    Motivation and Context

    Issue #387

    How Has This Been Tested?

    It hasn't. https://github.com/stefanfoulis/django-phonenumber-field/blob/master/CHANGELOG.rst reports no breaking changes so fingers crossed, eh?

    Screenshots (if appropriate):

    N/a

    Types of changes

    • [X] Bug fix (non-breaking change which fixes an issue)
    • [X] New feature (non-breaking change which adds functionality)
      • Provide Django 3.1 support in dependency
      • Allow package use when people are already using django-phonenumber-field 4 or newer
    • [ ] Breaking change (fix or feature that would cause existing functionality to change)

    Checklist:

    • [ ] My code follows the code style of this project.
    • [ ] My change requires a change to the documentation.
    • [ ] I have updated the documentation accordingly.
    • [ ] I have added tests to cover my changes.
    • [ ] All new and existing tests passed.
    opened by syserr0r 14
  • Make compatible with Django 1.8

    Make compatible with Django 1.8

    Patch imports and setup to use django-formtools instead of the obsolete contrib package.

    This fixes issue https://github.com/Bouke/django-two-factor-auth/issues/89

    Passed all tests in my environment.

    opened by csghormley 14
  • Remember OTP token for hours

    Remember OTP token for hours

    I want to implement remember otp for few hours 10 hrs. Means on first attempt admin gives userid/password an then give the OTP and for next 10 hrs when admin try to login again then it asks for userid/password only and skip the OTP till the 10 hrs.

    Whats the best place to implement this in codebase.

    enhancement pull request welcome 
    opened by awais786 14
  • Upgrade phone number field

    Upgrade phone number field

    @Bouke

    • Upgrades phonenumberfield
    • Uses phonenumberslite by default (taken from https://github.com/stefanfoulis/django-phonenumber-field/blob/1.1.0/setup.py#L7-L8)
    • Removes debug_toolbar from INSTALLED_APPS as it errors before running the server on django 1.10 due to middleware missing (https://github.com/Bouke/django-two-factor-auth/blob/543687e872bfe7a3d6244f8c73fb9149e53a1df9/example/settings.py#L33)
    opened by emord 13
  • Yubikey support

    Yubikey support

    Hi! I just want to thank you for your work on this! It's pretty amazing. I was wondering if Yubikey support would be added at any point, since django-otp also supports Yubikeys?

    enhancement 
    opened by cyli 13
  • Views that require new OTP authentication for every POST action

    Views that require new OTP authentication for every POST action

    I would like to increase security of some views such as submitting payouts, handling money or other potentially risky tasks. To increase the security I would like to let the user re-submit his/hers OTP once again for every POST action.

    Expected Behavior

    The scenario when this might help is such that the user leaves his/hers computer with session already authenticated and goes off. The some other person can come in and for example steal all money from his/hers account.

    Current Behavior

    In current logic of django-two-factor-auth it is also possible to disable 2FA without any additional authentication and set a new one. It would be needed to require secondary 2FA also for /account/two_factor/disable/ view in order to make this protection effective.

    Possible Solution

    The described scenario could be prevented if the user re-submits OTP code before/during the making POST request to the security demanding view.

    The second possibility how to implement this might be to modify the @otp_required/OTPRequiredMixin decorator/mixin with requirement for maximal age of the authentication. So for example I could decorate the risky view with:

    from django_otp.decorators import otp_required
    
    @otp_required(max_age=5)  # 5 seconds
    def my_view(request):
        pass
    
    opened by PetrDlouhy 0
  • How do I customize django-two-factor-auth for existing REST API for login

    How do I customize django-two-factor-auth for existing REST API for login

    I am currently using REST API for user login. Now want to add two factor authentication to my existing Login api. In django-two-factor-auth there are views provided by default, and I want to customize them according to my API response.

    opened by Pal-Sandeep 0
  • Invalid token when trying Phone SMS backup method while Email is the primary authentication method

    Invalid token when trying Phone SMS backup method while Email is the primary authentication method

    This might look similar to the issue described in #473 but is different. It refers to version 1.14.0 and specifically only to the case where Email has been configured as the primary method and Phone sms as the backup authentication method. Please, can someone also confirm that the behavior described below can be reproduced?

    Expected Behavior

    In the login screen where the user is being asked to enter the token received by the primary method (Email), clicking on the alternative method to sent the token by SMS and submitting it to the login form should result in a successful login.

    Current Behavior

    After submitting the valid code received by SMS (as a backup method), it is not accepted and the user is redirected to the previous login screen with an error message for 'Invalid token' displayed.

    Steps to Reproduce (for bugs)

    1. Enable two factor authentication from the setup wizard by selecting Email as the (primary) authentication method.
    2. Add a phone number as a backup method and verify it.
    3. Logout and open the login page again, enter your credentials (if any).
    4. When prompted to enter the authentication token, click the button to send a token to your phone number instead (alternative method).
    5. Enter in the new form the valid token received by SMS. Instead of a successful login, you get an error message for invalid token and are redirected to the previous login screen.

    Context

    Providing 2-factor authentication to users by combining Email as main authentication method and Phone SMS as the backup method (a rather popular use case) seems to be problematic. Interestingly, when configuring the token generator mobile app as the primary method and the SMS as the backup method, the issue does not occur and the user is able to successfully enter the sms token.

    Your Environment

    • Browser and version:
    • Python version: 3.8.10
    • Django version: 3.2
    • django-otp version: 1.1.3
    • django-two-factor-auth version: 1.14.0
    opened by inellas 0
  • Autocoplete on OTP field does suggest past codes

    Autocoplete on OTP field does suggest past codes

    Current Behavior

    The OTP field does suggest past OTP codes which might overlap with other screen elements, especially on mobile phones. Tested on Chrome browser on Android. The field has autocomplete="one-time-code" attribute (introduced in #396), which should suggest SMS codes on iOS, but is not working correctly elsewhere.

    Expected Behavior

    The field should make SMS suggestions on iOS, but not suggest past codes.

    Possible Solution

    I am not sure how to fix correctly. According to StackOverflow answer the field should not suggest anything if Chrome doesn't understand autocomplete field value, but that does not happen.

    Solution could be using different value based on "user agent" or something like that, but that seems to be too complicated.

    Steps to Reproduce (for bugs)

    1. Set up OTP authentication
    2. Log in and out few times
    3. You will see the suggestions covering whole mobile screen

    Context

    It is sometimes difficult to get rid of the suggestions and enter correct code.

    Your Environment

    • Browser and version: Chrome 107.0.5304.91 on Samsung A40 Android 11 SM-A405FN
    • Python version: 3.10
    • Django version: 4.0.8
    • django-otp version: 1.1.3
    • django-two-factor-auth version: 1.14.0
    • Link to your project: https://www.blenderkit.com/
    opened by PetrDlouhy 0
  • chore: possible tmp fix for #565

    chore: possible tmp fix for #565

    Description

    reference: https://github.com/jazzband/django-two-factor-auth/issues/565

    This is temporally workaround until django-user-sessions Django 4.x compatible version is released.

    Motivation and Context

    reference: https://github.com/jazzband/django-two-factor-auth/issues/565

    How Has This Been Tested?

    Screenshots (if appropriate):

    Types of changes

    • [ ] Bug fix (non-breaking change which fixes an issue)
    • [ ] New feature (non-breaking change which adds functionality)
    • [ ] Breaking change (fix or feature that would cause existing functionality to change)

    Checklist:

    • [ ] My code follows the code style of this project.
    • [ ] My change requires a change to the documentation.
    • [ ] I have updated the documentation accordingly.
    • [ ] I have added tests to cover my changes.
    • [ ] All new and existing tests passed.
    opened by bmihelac 0
Releases(1.14.0)
  • 1.14.0(Jun 6, 2022)

    Added

    • Python 3.10 support
    • The setup view got a new secret_key context variable to be able to display that key elsewhere than in the QR code.
    • The token/device forms have now an idempotent class variable to tell if the form can validate more than once with the same input data.
    • A new email plugin (based on django_otp EmailDevice) can now be activated and used to communicate the second factor token by email.

    Changed

    • BREAKING: The phone capability moved to a plugins folder, so if you use that capability and want to keep it, you should add two_factor.plugins.phonenumber line in your INSTALLED_APPS setting. Additionally, as the two_factor templatetags library was only containing phone-related filters, the library was renamed to phonenumber.
    • default_device utility function now caches the found device on the given user object.
    • The otp_token form field for AuthenticationTokenForm is now a Django RegexField instead of an IntegerField.
    • The Twilio gateway content for phone interaction is now template-based, and the pause between digits is now using the <Pause> tag.
    • The QR code now always uses a white background to support pages displayed with a dark theme.

    Removed

    • Python 3.5 and 3.6 support
    Source code(tar.gz)
    Source code(zip)
  • 1.13.2(Jan 18, 2022)

    Added

    • Translations for new languages: Hausa, Japanese, Vietnamese
    • Django 4.0 support

    Changed

    • Suppressed default_app_config warning on Django 3.2+
    • qrcode dependency limit upped to 7.99 and django-phonenumber-field to 7
    • When validating a TOTP after scanning the QR code, allow a time drift of +/-1 instead of just -1
    Source code(tar.gz)
    Source code(zip)
  • 1.13.1(Apr 1, 2021)

    Add

    • Support Twilio Messaging Service SID
    • Add autofocus, autocomplete one-time-code and inputmode numeric to token input fields

    Changed

    • Change "Back to Profile" to "Back to Account Security"
    Source code(tar.gz)
    Source code(zip)
  • 1.13(Dec 12, 2020)

    Added

    • User can request that two-factor authentication be skipped the next time they log in on that particular device
    • Django 3.1 support
    • SMS message can now be customised by using a template

    Changed

    • Simplified re_path() to path() in URLConf
    • Templates are now based on Bootstrap 4.
    • DisableView now checks user has verified before disabling two-factor on their account
    • Inline CSS has been replaced to allow stricter Content Security Policies.

    Removed

    • Upper limit on django-otp dependency
    • Obsolete IE<9 workarounds
    • Workarounds for older versions of django-otp
    Source code(tar.gz)
    Source code(zip)
  • 1.12.1(Jul 8, 2020)

  • 1.12(Jul 8, 2020)

    Added

    • It is possible to set a timeout between a user authenticiating in the LoginView and them needing to re-authenticate. By default this is 10 minutes.

    Removed

    • The final step in the LoginView no longer re-validates a user's credentials.
    • Django 1.11 support.

    Changed

    • Security Fix: LoginView no longer stores credentials in plaintext in the session store.
    Source code(tar.gz)
    Source code(zip)
  • 1.11.0(Mar 13, 2020)

    Added

    Nothing has been added for this version

    Removed

    • MiddlewareMixin
    • Python 3.4 support
    • Django 2.1 support
    • mock dependency

    Changed

    • extra_requires are now listed in lowercase. This is to workaround a bug in pip.
    • Use trimmed option on blocktrans to avoid garbage newlines in translations.
    • random_hex from django_otp 0.8.0 will always return a str, don't try to decode it.
    Source code(tar.gz)
    Source code(zip)
  • 1.10.0(Dec 13, 2019)

    Added

    • Support for Django 3.0.
    • Optionally install full or light phonenumbers library.

    Removed

    • Python 2 support.

    Changed

    • Updated translations.
    Source code(tar.gz)
    Source code(zip)
  • 1.9.0(Jul 7, 2019)

  • 1.8.0(Jul 7, 2019)

    Added

    • Support for Django 2.1.
    • Support for QRcode library up to 6.
    • Translation: Romanian.

    Changed

    • Replace ValidationError with SuspiciousOperation in views.
    • Change the wording in 2FA disable template.
    • Updated translations.
    Source code(tar.gz)
    Source code(zip)
  • 1.7.0(Dec 19, 2017)

    • New: Support for Django 2.0.
    • Dropped Django <1.11 support.
    • Fix: Do not list phone method if it is not supported (#225).
    • Pass request kwarg to authentication form (#227).
    Source code(tar.gz)
    Source code(zip)
  • 1.6.2(Jul 29, 2017)

  • 1.6.1(May 11, 2017)

  • 1.6.0(Apr 8, 2017)

    • New: Support for Django 1.11 (#188).
    • Dropped Django 1.9 support.
    • Fix: Allow setting LOGIN_REDIRECT_URL to a URL (#192).
    • Fix: DisableView should also take success_url parameter (#187).
    Source code(tar.gz)
    Source code(zip)
  • 1.5.0(Jan 4, 2017)

    • New: Django 1.10’s MIDDLEWARE support.
    • New: Allow success_url overrides from urls.py.
    • New: Autofocus token input during authentication.
    • New translations: Polish, Italian, Hungarian, Finnish and Danish.
    • Renamed redirect_url properties to success_url to be consistent with Django.
    • Dropped Python 3.2 and 3.3 support.
    • Fix: Allow Firefox users to enter backup tokens (#177).
    • Fix: Allow multiple requests for QR code (#99).
    • Fix: Don't add phone number without gateway (#92).
    • Fix: Redirect to 2FA profile page after removing a phone (#159).
    Source code(tar.gz)
    Source code(zip)
  • 1.4.0(Aug 1, 2016)

    • New: Support for Django 1.10 (#157).
    • Fix: Enable autodoc builds in documentation (#164).
    • Fix: Support named urls in LOGIN_URL, LOGIN_REDIRECT_URL and LOGOUT_URL (#153).
    Source code(tar.gz)
    Source code(zip)
  • 1.3.1(Aug 1, 2016)

    • Fix: KeyError when trying to login (#102).
    • Fix: Migration fails with custom user model without username field.
    • Fix: Added missing migrations.
    • Fix: Spurious migrations on Python 3.
    • Require django-otp 0.3.4 and above for better Python 3 compatibility.
    Source code(tar.gz)
    Source code(zip)
  • 1.3.0(Jan 5, 2016)

    • New feature: Added support for Django 1.9.
    • New feature: Use phonenumbers library to validate phone number format.
    • New feature: Use django-phonenumber-field for storing phone number in E.164 format.
    • Use AppConfig for patching admin.
    • Reduced number of tox test environments.
    • Removed support for Django 1.7 and below.
    • Fix: Catch gateway errors.
    • Fix: Use raw_id_fields on admin site form.
    • Fix: Skip test that hits bug in Python 2.7.10.
    • Fix: Import changed in django-otp 0.3.?.
    Source code(tar.gz)
    Source code(zip)
  • 1.0.0-beta3(Jun 15, 2014)

  • 1.0.0-beta2(Jun 4, 2014)

  • 1.0.0-beta1(Jun 1, 2014)

A recipe sharing API built using Django rest framework.

Recipe Sharing API This is the backend API for the recipe sharing platform at https://mesob-recipe.netlify.app/ This API allows users to share recipes

Hannah 21 Dec 30, 2022
Phishing Abusing Microsoft 365 OAuth Authorization Flow

Microsoft365_devicePhish Abusing Microsoft 365 OAuth Authorization Flow for Phishing Attack This is a simple proof-of-concept script that allows an at

bigb0ss 11 Dec 11, 2022
Skit-auth - Authorization for skit.ai's platform

skit-auth This is a simple authentication library for Skit's platform. Provides

Skit 3 Jan 08, 2022
Out-of-the-box support register, sign in, email verification and password recovery workflows for websites based on Django and MongoDB

Using djmongoauth What is it? djmongoauth provides out-of-the-box support for basic user management and additional operations including user registrat

hao 3 Oct 21, 2021
Flask Implementation of a login page and some basic functionality.

login_page Flask Implementation of a login page and some basic functionality. How to Run $ chmod +x run.sh setup.sh $ # run setup.sh only if the datab

3 Jun 03, 2021
MikroTik Authentication POCs

Proofs of concept which successfully authenticate with MikroTik Winbox and MAC Telnet servers running on RouterOS version 6.45.1+

Margin Research 56 Dec 08, 2022
Authentication, JWT, and permission scoping for Sanic

Sanic JWT Sanic JWT adds authentication protection and endpoints to Sanic. It is both easy to get up and running, and extensible for the developer. It

Adam Hopkins 229 Jan 05, 2023
This project is an open-source project which I made due to sharing my experience around the Python programming language.

django-tutorial This project is an open-source project which I made due to sharing my experience around the Django framework. What is Django? Django i

MohammadMasoumi 6 May 12, 2022
Django Rest Framework App wih JWT Authentication and other DRF stuff

Django Queries App with JWT authentication, Class Based Views, Serializers, Swagger UI, CI/CD and other cool DRF stuff API Documentaion /swagger - Swa

Rafael Salimov 4 Jan 29, 2022
Per object permissions for Django

django-guardian django-guardian is an implementation of per object permissions [1] on top of Django's authorization backend Documentation Online docum

3.3k Jan 01, 2023
Todo app with authentication system.

todo list web app with authentication system. User can register, login, logout. User can login and create, delete, update task Home Page here you will

Anurag verma 3 Aug 18, 2022
Pingo provides a uniform API to program devices like the Raspberry Pi, BeagleBone Black, pcDuino etc.

Pingo provides a uniform API to program devices like the Raspberry Pi, BeagleBone Black, pcDuino etc. just like the Python DBAPI provides an uniform API for database programming in Python.

Garoa Hacker Clube 12 May 22, 2022
Auth-Starters - Different APIs using Django & Flask & FastAPI to see Authentication Service how its work

Auth-Starters Different APIs using Django & Flask & FastAPI to see Authentication Service how its work, and how to use it. This Repository based on my

Yasser Tahiri 7 Apr 22, 2022
Python One-Time Password Library

PyOTP - The Python One-Time Password Library PyOTP is a Python library for generating and verifying one-time passwords. It can be used to implement tw

PyAuth 2.2k Dec 26, 2022
JSON Web Token Authentication support for Django REST Framework

REST framework JWT Auth JSON Web Token Authentication support for Django REST Framework Overview This package provides JSON Web Token Authentication s

Styria Digital Development 178 Jan 02, 2023
Alisue 299 Dec 06, 2022
JSON Web Token implementation in Python

PyJWT A Python implementation of RFC 7519. Original implementation was written by @progrium. Sponsor If you want to quickly add secure token-based aut

José Padilla 4.5k Jan 09, 2023
Django server for Travel Mate (Project: nomad)

Travel Mate Server (Project: Nomad) Django 2.0 server for Travel Mate Contribute For new feature request in the app, open a new feature request on the

Travel Mate 41 May 29, 2022
Social auth made simple

Python Social Auth Python Social Auth is an easy-to-setup social authentication/registration mechanism with support for several frameworks and auth pr

Matías Aguirre 2.8k Dec 24, 2022
A JSON Web Token authentication plugin for the Django REST Framework.

Simple JWT Abstract Simple JWT is a JSON Web Token authentication plugin for the Django REST Framework. For full documentation, visit django-rest-fram

Simple JWT 3.3k Jan 01, 2023