You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This Django app adds two factor authentication to Wagtail. Behind the scenes
it use django-otp which supports Time-based One-Time Passwords (TOTP). This
allows you to use various apps like Authy, Google Authenticator, or
1Password.
Installation
pip install wagtail-2fa
Then add the following lines to the INSTALLED_APPS list in your Django
settings:
Next add the required middleware to the MIDDLEWARE. It should come
after the AuthenticationMiddleware:
MIDDLEWARE= [
# .. other middleware# 'django.contrib.auth.middleware.AuthenticationMiddleware','wagtail_2fa.middleware.VerifyUserMiddleware',
# 'wagtail.core.middleware.SiteMiddleware',# .. other middleware
]
Migrate your database:
python manage.py migrate
Settings
The following settings are available (Set via your Django settings):
WAGTAIL_2FA_REQUIRED (default False): When set to True all
staff, superuser and other users with access to the Wagtail Admin site
are forced to login using two factor authentication.
WAGTAIL_2FA_OTP_TOTP_NAME (default: False): The issuer name to
identify which site is which in your authenticator app. If not set and
WAGTAIL_SITE_NAME is defined it uses this. sets OTP_TOTP_ISSUER
under the hood.
Making 2FA optional
With the default VerifyUserMiddleware middleware, 2FA is enabled for every user.
To make 2FA optional, use the VerifyUserPermissionsMiddleware middleware instead.
To do so, use the VerifyUserPermissionsMiddleware middleware instead of the VerifyUserMiddleware in your Django settings:
