{ "info": { "author": "Goldmund, Wyldebeast & Wunderliebe", "author_email": "info@gw20e.com", "bugtrack_url": null, "classifiers": [ "Environment :: Web Environment", "Framework :: Plone", "Operating System :: OS Independent", "Programming Language :: Python", "Programming Language :: Python :: 2.6", "Programming Language :: Python :: 2.7", "Topic :: Software Development :: Libraries :: Python Modules" ], "description": "================================================\ncollective.googleauthenticator\n================================================\n`Two-step verification `_ for Plone 4\nwith use of `Google Authenticator `_\napp. This app allows users to enable the two-step verification for their Plone accounts.\nA mobile device with Google Authenticator app installed is required. Usage of two-step\nverification is optonal, unless site admins have forced it (configurable in app control\npanel). Admins can white-list the IPs, for which the two-step verification would be\nskipped.\n\nPrerequiresites\n================================================\n- GoogleAuthenticator app installed on mobile device (official app available for\n Android, iPhone and Blackberry; third-party app exists for `Windows Phone\n `_).\n- Plone 4 (tested with Plone >= 4.2.6)\n\nUsage\n================================================\nCase 1: Enabling the two-step verification\n------------------------------------------------\nPre-conditions: User is not logged into the Plone site, does not yet have two-step\nverification enabled and has installed the Google Authenticator app (including the advised\nbar code scanner) on his mobile device.\n\nFrom any page follow the \"Enable two-step verification\" link in the menu (next to \"Log out\").\n\n.. figure:: https://github.com/collective/collective.googleauthenticator/raw/master/docs/_static/01_menu_enable.png\n :align: center\n\nThat will bring you to a page on which a bar code is shown.\n\n.. figure:: https://github.com/collective/collective.googleauthenticator/raw/master/docs/_static/02_two_step_verification_setup.png\n :align: center\n\nYou're supposed to scan the bar code shown on the page using the bar code scanner installed\non your mobile device, which you're going to use for verification.\n\nAfter you have successfully scanned the bar code, enter the token shown in the \"Enter the\nverification code to activate two-step verification\" field for confirmation and press the\n\"Verify\" button.\n\nUpon successful confirmation (you should see a message stating that) the two-step\nverification is enabled for your account.\n\n.. figure:: https://github.com/collective/collective.googleauthenticator/raw/master/docs/_static/03_enable_two_step_verification_confirmation_message.png\n :align: center\n\nCase 2: Two-step verification\n------------------------------------------------\nPre-conditions: User is not logged in and has enabled the two-step verification.\n\nWhen you log into the Plone site (just using username and password), you would see an extra\nscreen on which you are asked to provide the token, generated by Google Authenticator.\n\n.. figure:: https://github.com/collective/collective.googleauthenticator/raw/master/docs/_static/04_login_token_form.png\n :align: center\n\nYou should then open the Google Authenticator app on your mobile device and type in the\ntoken shown into the \"Enter code\" field.\n\nIf token is valid, you would be logged in.\n\nCase 3: Lost tokens\n------------------------------------------------\nPre-conditions: User is not logged in, has enabled the two-step verification.\n\nThere might be cases when you have lost your token (either removed it from your app by\naccident or lost the mobile device). For such cases, you can reset the bar code.\n\nLog into the Plone site (just using username and password), for to see the extra\nscreen on which you are asked to provide the token, generated by Google Authenticator\nand follow the link (help text of the \"Enter code\" field). You would then land on the page\nwhere from you can request the bar code reset.\n\n.. figure:: https://github.com/collective/collective.googleauthenticator/raw/master/docs/_static/05_request_to_reset_bar_code.png\n :align: center\n\nEnter your username in the \"Username\" field, press the \"Submit\" button. Link for resetting\nyour bar code appear in your mailbox shortly. Having clicked on the link to reset the bar\ncode, would bring your to a page where you can scan the bar-code same way you have done it\nwhen setting up the two-step verification.\n\n.. figure:: https://github.com/collective/collective.googleauthenticator/raw/master/docs/_static/06_reset_two_step_verification_bar_code.png\n :align: center\n\nScan the code with your mobile device and enter the code in the \"Enter the verification\ncode to activate the two-step verification\" field.\n\nUpon successful confirmation (you should see a message stating that) your bar code is reset.\n\n.. figure:: https://github.com/collective/collective.googleauthenticator/raw/master/docs/_static/07_bar_code_reset_confirmation_message.png\n :align: center\n\nCase 4: Disabling the two-step verification\n------------------------------------------------\nPre-conditions: User is logged in and has enabled the two-step verification.\n\nFrom any page follow the \"Disable two-step verification\" link in the menu (next to \"Log out\").\n\n.. figure:: https://github.com/collective/collective.googleauthenticator/raw/master/docs/_static/08_menu_disable.png\n :align: center\n\nAfter which you would get a message.\n\n.. figure:: https://github.com/collective/collective.googleauthenticator/raw/master/docs/_static/08_disable_two_step_verification_confirmation_message.png\n :align: center\n\nInstallation\n================================================\nBuildout\n------------------------------------------------\n>>> [instance]\n>>> eggs +=\n>>> collective.googleauthenticator\n\n>>> zcml +=\n>>> collective.googleauthenticator\n\nZMI\n------------------------------------------------\nZMI -> portal_quickinstaller\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\nChoose \"Google Authenticator Plone\" and install it.\n\nZMI -> acl_users\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n1. Choose \"google_auth (Google Authenticator plugin (collective.googleauthenticator))\".\n\n2. Make sure the \"Active plugins\" section of \"Authentication\" has the following plugins in\n the given order (\"google_auth\" should come as first - critical!):\n\n - google_auth\n - session\n - source_users\n\nConfiguration options\n================================================\nApp control panel can be accessed at\nhttp://your-plone-site.com/@@google-authenticator-settings\n\n.. figure:: https://github.com/collective/collective.googleauthenticator/raw/master/docs/_static/09_control_panel.png\n :align: center\n\nSecret Key\n------------------------------------------------\nSite secret key - can be any string. See it as some sort of a password.\n\nGlobally enabled\n------------------------------------------------\nIf checked, two-step verification is globally force-enabled for all site users and they no\nlonger have an option to disable it; this applies to all new users (just registered accounts)\nas well.\n\nWhite-listed IP addresses\n------------------------------------------------\nList of white-listed IP addresses - one at a line. If user comes from one of those,\nthe two-step verification is skipped even if user has enabled it or two-step verification\nis globally enabled.\n\nExtra\n------------------------------------------------\nAdditionals options of the control panel are:\n\n- Enable two-step verification for all users.\n- Disable two-step verification for all users.\n\nNotes\n================================================\nIt's important that Google Authenticator comes as first in the ZMI -> acl_users -> Authentication.\n\nTested in combination with the following products:\n\n- The `Products.LoginLockout `_.\n `GoogleAuthenticator` comes as first, `LoginLockout` as second. All works fine.\n\nImplementation details\n================================================\nThis package is beta. Comments and suggestions are welcome.\n\n- Plone PAS plugin, which checks if user has the two-step verification enabled for\n user trying to log in. If so, redirect user to a separate page (a view), where the\n extra credentials (Google Authenticator token) is asked for.\n- Google Authenticator token validation form view. If token is valid, definitely authenticates\n the user.\n- Google Authenticator setup form view, where each user scans a bar code image is shown and\n fills in the token generated by his Google Authenticator app. Upon successful token\n validation, the two-step verification is enabled for the user.\n- User record is extended with two fields:\n * `enable_two_factor_authentication` (bool): Indicates whether user has enabled the\n two-step verification for his profile.\n * `two_factor_authentication_secret` (str): Users' secret key to be used for generating\n the bar code image. Filled in automatically when user enables the two-step verification.\n- Google Authenticator disable view, on which user can disable the two-step verification for\n his account.\n- The Plone standard login form (skins/login_form.cpt) has been overridden (the `came_from`\n form field taken out).\n Still the \"came from\" functionality works still in the very same way as it was before, just\n slightly different - in a way that it works well with Google Authenticator too.\n- The Plone standard \"popupforms.js\" has been overridden. The part of login forms being shown\n in an overlay has been taken out, due to the problems of Google Authenticator working with\n overlays. This issue might be solved in future versions of the app.\n\nDocumentation\n================================================\nSee the documentation at:\n\n- http://collectivegoogleauthenticator.readthedocs.org/en/latest/\n- http://pythonhosted.org/collective.googleauthenticator/\n\nTroubleshooting\n================================================\nIf you're quick enough to enter the tokens generated by GoogleAuthenticator app before they\nexpire (remaining time is clearly indicated in the GoogleAuthenticator app) but still\nget the \"Invalid token or token expired\" message, make sure your timezone settings on the\nserver are accurate.\n\nSupport\n================================================\nFor feature requests or bugs, open an issue. For questions, send us an email to info@gw20e.com.\n\nLicense\n================================================\nGPL 2.0\n\nAuthors & copyright\n================================================\nCopyright (C) 2014 `Goldmund, Wyldebeast & Wunderliebe `_.\n\nAuthors listed in alphabetic order (by name):\n\n- Artur Barseghyan\n- Kim Chee Leong\n- Pawel Lewicki\n- Peter Uittenbroek\n\nTODOs and Roadmap\n================================================\nSee `TODOS.rst `_\nfile for the list of TODOs.\n\n\nChangelog\n================================================\n0.2.5\n------------------------------------------------\n20-06-2014\n\n- Improved PAS plugin.\n\n0.2.4\n------------------------------------------------\n30-01-2014\n\n- Minor fixes.\n\n0.2.3\n------------------------------------------------\n29-01-2014\n\n- Making sure the URL to reset the bar-code in template is not escaped.\n\n0.2.2\n------------------------------------------------\n29-01-2014\n\n- Send e-mail in \"text/html\" format for requst bar code reset template.\n\n0.2.1\n------------------------------------------------\n29-01-2014\n\n- Fix typo in `helpers.extract_ip_address_from_request` (proxy related).\n\n0.2\n------------------------------------------------\n23-01-2014\n\n- Now admins are able to force the two-step verification for all users (app control panel).\n- Omit two-step verification for white-listed IP addresses (app control panel).\n- Links to enable/disable two-step verification moved from \"Personal preferences\" page to \n Plone menu (next to \"Log out\").\n\n0.1.1\n------------------------------------------------\n15-01-2014\n\n- Fixes in manifest.\n\n0.1\n------------------------------------------------\n13-01-2014\n\n- Initial release (no longer available on PyPI), with two-step verification, bar-code/token recover,\n basic app control panel.", "description_content_type": null, "docs_url": "https://pythonhosted.org/collective.googleauthenticator/", "download_url": "UNKNOWN", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "https://github.com/collective/collective.googleauthenticator", "keywords": "google authenticator,two-step verification,multi-factor authentication,two-factor authentication", "license": "GPL 2.0", "maintainer": null, "maintainer_email": null, "name": "collective.googleauthenticator", "package_url": "https://pypi.org/project/collective.googleauthenticator/", "platform": "UNKNOWN", "project_url": "https://pypi.org/project/collective.googleauthenticator/", "project_urls": { "Download": "UNKNOWN", "Homepage": "https://github.com/collective/collective.googleauthenticator" }, "release_url": "https://pypi.org/project/collective.googleauthenticator/0.2.5/", "requires_dist": null, "requires_python": null, "summary": "Two-step verification for Plone 4 using the Google Authenticator app.", "version": "0.2.5" }, "last_serial": 3727766, "releases": { "0.1.1": [ { "comment_text": "", "digests": { "md5": "37a918d607510de27be6b9db8172b8fd", "sha256": "7ca7b497371473b3b6f6f4ca7cff6a70098ed884a1dd4174651827970531d02a" }, "downloads": -1, "filename": "collective.googleauthenticator-0.1.1.tar.gz", "has_sig": false, "md5_digest": "37a918d607510de27be6b9db8172b8fd", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 34091, "upload_time": "2014-01-15T13:53:07", "url": "https://files.pythonhosted.org/packages/51/81/ad718e7901ae73a487a0f1eb5d9a889f941b148a43cb964acffc4f3b7d62/collective.googleauthenticator-0.1.1.tar.gz" } ], "0.2": [ { "comment_text": "", "digests": { "md5": "17ad85aa6192b667fab9294e525e12cc", "sha256": "adb590d69c919da6117506de2458abb47fe760f1f68450e3f966027ced2697cd" }, "downloads": -1, "filename": "collective.googleauthenticator-0.2.tar.gz", "has_sig": false, "md5_digest": "17ad85aa6192b667fab9294e525e12cc", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 36293, "upload_time": "2014-01-23T09:29:35", "url": "https://files.pythonhosted.org/packages/fe/42/0a08a22b9ec5de6638852b6a831ce90d0e842ef01660191c75defb4acf49/collective.googleauthenticator-0.2.tar.gz" } ], "0.2.1": [ { "comment_text": "", "digests": { "md5": "d041f7006e7fe5fb02f1ea3e474923a4", "sha256": "1dba2376aa0cd6dc3889b1daf3fa585e770f825d21ea2e077533e400fac41a12" }, "downloads": -1, "filename": "collective.googleauthenticator-0.2.1.tar.gz", "has_sig": false, "md5_digest": "d041f7006e7fe5fb02f1ea3e474923a4", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 36291, "upload_time": "2014-01-29T12:48:42", "url": "https://files.pythonhosted.org/packages/a4/3e/37224d3bf018235b7daf7b30075546d0c2340343afa7a61e08a203e50a85/collective.googleauthenticator-0.2.1.tar.gz" } ], "0.2.2": [ { "comment_text": "", "digests": { "md5": "20915fc839940259260e8b4e4f2fd3d1", "sha256": "7839546734f076283b651a19cdfa6dc3eecc0f1ccc1f7fa63bfd3b8994c3d7b3" }, "downloads": -1, "filename": "collective.googleauthenticator-0.2.2.tar.gz", "has_sig": false, "md5_digest": "20915fc839940259260e8b4e4f2fd3d1", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 36388, "upload_time": "2014-01-29T13:18:47", "url": "https://files.pythonhosted.org/packages/07/95/9cdd5c7eb7c6f4d0fff0eaa255fea4cc411bfde36c75eb2deda0cb7d9cff/collective.googleauthenticator-0.2.2.tar.gz" } ], "0.2.3": [ { "comment_text": "", "digests": { "md5": "47ebea69bd57cecfa534d7914731a699", "sha256": "a3fc0ad318dc1814e00d316638ae7b64c32c78f3b4e81c65ccbc69995786dc31" }, "downloads": -1, "filename": "collective.googleauthenticator-0.2.3.tar.gz", "has_sig": false, "md5_digest": "47ebea69bd57cecfa534d7914731a699", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 36391, "upload_time": "2014-01-29T14:36:44", "url": "https://files.pythonhosted.org/packages/0c/fc/fd04d6351ad6f8e8296f5c1b7a03a0d09a9fd1ec95ab248b1ed20ca9458b/collective.googleauthenticator-0.2.3.tar.gz" } ], "0.2.4": [ { "comment_text": "", "digests": { "md5": "0d12158c348ad26b777abae7175d7ed9", "sha256": "a1a5cc291ee3a07172e0f18fad626414a22d4353b0e5ecec1298daffb74fd33d" }, "downloads": -1, "filename": "collective.googleauthenticator-0.2.4.tar.gz", "has_sig": false, "md5_digest": "0d12158c348ad26b777abae7175d7ed9", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 36441, "upload_time": "2014-01-30T08:32:04", "url": "https://files.pythonhosted.org/packages/c1/a0/c3df0fb75abc531c0aabb58246c93c12c8c672d76ca7cec8f0ec205aed7b/collective.googleauthenticator-0.2.4.tar.gz" } ], "0.2.5": [ { "comment_text": "", "digests": { "md5": "6e3563f7cfab0bb8eeb6a173758016ae", "sha256": "087dfbf88f7978c6b7645fe56b7413a8b6e3237f22fa3fff8d4819feda467fc4" }, "downloads": -1, "filename": "collective.googleauthenticator-0.2.5.tar.gz", "has_sig": false, "md5_digest": "6e3563f7cfab0bb8eeb6a173758016ae", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 38111, "upload_time": "2014-06-20T20:53:16", "url": "https://files.pythonhosted.org/packages/e1/a9/58ab1804390efc53a44caf701321c54a46ae6910e9cb30947c1f31178267/collective.googleauthenticator-0.2.5.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "6e3563f7cfab0bb8eeb6a173758016ae", "sha256": "087dfbf88f7978c6b7645fe56b7413a8b6e3237f22fa3fff8d4819feda467fc4" }, "downloads": -1, "filename": "collective.googleauthenticator-0.2.5.tar.gz", "has_sig": false, "md5_digest": "6e3563f7cfab0bb8eeb6a173758016ae", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 38111, "upload_time": "2014-06-20T20:53:16", "url": "https://files.pythonhosted.org/packages/e1/a9/58ab1804390efc53a44caf701321c54a46ae6910e9cb30947c1f31178267/collective.googleauthenticator-0.2.5.tar.gz" } ] }