{ "info": { "author": "Jo\u00ebl Maatkamp", "author_email": "joel.maatkamp@kentivo.com", "bugtrack_url": null, "classifiers": [ "Development Status :: 4 - Beta", "Framework :: Django :: 1.11", "Framework :: Django :: 2.2", "Intended Audience :: Developers", "License :: OSI Approved :: MIT License", "Programming Language :: Python :: 3.5", "Programming Language :: Python :: 3.6", "Programming Language :: Python :: 3.7", "Programming Language :: Python :: 3 :: Only", "Topic :: Internet :: WWW/HTTP", "Topic :: Security" ], "description": "# REST multi factor\n*A multi factor implementation for the django rest framework*\n\n## Overview\nA package that allows for a flexible multi factor implementation.\n\n### Requirements\n* Python (3.5, 3.6, 3.7)\n* Django (1.11 or 2.2+)\n* Django rest framework (3.10+)\n\n### installation\nInstall using pip\n\n```bash\n$ pip install rest-multi-factor\n```\n\nOr if you wan't to include QR-codes for the registration responses of \ndevices like TOTP (for google authenticator) use\n\n```bash\n$ pip install rest-multi-factor[qr]\n```\n\nAdd `\"rest_multi_factor\"` to `INSTALLED_APPS` in you're django settings.\nFor the different multi factor types like TOTP (for google authenticator)\nyou also need to add the plugin name.\n\n```python\nINSTALLED_APPS = [\n # ...\n \"rest_multi_factor\",\n \"rest_multi_factor.plugins.totp\",\n]\n```\n\nIt is advised to add `django-rest-knox` as you're token manager. Please\nread the 'security concerns' section below *before* implementation.\n\n### Resource description\n\n### Terminology\n\n| name | meaning |\n| ------------ | ------------------------------------------- |\n| device | a method of multi factor (e.g. TOTP, email) |\n| challenge | the relation of a device and token |\n| verification | checking if a OTP value belongs to a token |\n| registration | registering a device to a user |\n\n\n#### Overview\n| Method | Resource | Description |\n|:-------|:--------------------------------|:-------------------------------------------|\n| GET | /multi-factor/ | Overview of the current users devices |\n| GET | /multi-factor/:index/ | Specifics of a registered device |\n| POST | /multi-factor/:index/ | Validate the current token |\n| POST | /multi-factor/:index/dispatch/ | Dispatch a challenge (send the value) |\n| GET | /multi-factor/register/ | Get a overview of the available devices |\n| POST | /multi-factor/register/:index/ | Register a new device for the current user |\n\n\n### Security concerns\nWith default configuration are a few security concerns that you might\nwant to solve within you're application:\n\n#### REST framework's authtoken Vs. knox\nWhile by default the rest_framework's authtoken app is configured, do\nwe advice to use knox. This is because knox hashes the tokens before\nthey are stored in the database.\n\nTo resolve this issue you can set the following configurations:\n\n```python\nREST_MULTI_FACTOR = {\n \"AUTH_TOKEN_MODEL\": \"knox.AuthToken\",\n}\n```\n\nand install knox as described here: \nhttp://james1345.github.io/django-rest-knox/installation/#installing-knox\n\nPlease note: Because django has no (public) swappable relation \nmechanism is it advices to do this before you make the migrations. \nOtherwise you have to remove the migrations, change the settings and\nre-make the migrations.\n\n#### MultiFactorRegistrationViewSet permissions\nBy default will the registration use the `IsVerifiedOrNoDevice`. This\nwill allow a user that has no registered devices to register a device\nfor himself before he can continue. If you don't need this behaviour it is \nstrongly advised to override the view like this: \n\n```python\n\"\"\"Viewsets within foobar/viewsets.py\"\"\"\n\nfrom rest_multi_factor.viewsets import MultiFactorRegistrationViewSet\nfrom rest_multi_factor.permissions import IsVerified\n\nclass RegistrationViewSet(MultiFactorRegistrationViewSet):\n \"\"\"Private registration viewset.\"\"\"\n\n permission_classes = (IsVerified,)\n```\n\nThan you can update you're urls.py like this:\n\n```python\n\"\"\"Urls within project/urls.py\"\"\"\n\nfrom django.conf.urls import url, include\n\nfrom rest_multi_factor.routers import MultiFactorVerifierRouter\nfrom rest_multi_factor.routers import MultiFactorRegisterRouter\nfrom rest_multi_factor.viewsets import MultiFactorVerifierViewSet\n\nfrom foobar.viewsets import RegistrationViewSet\n\nverifier_router = MultiFactorVerifierRouter()\nverifier_router.register(\"\", MultiFactorVerifierViewSet, \"multi-factor\")\n\nregister_router = MultiFactorRegisterRouter()\nregister_router.register(\n\"register\", RegistrationViewSet, \"multi-factor-register\"\n)\n\n\nurlpatterns = [\n url(r\"^multi-factor/\", include(verifier_router.urls)),\n url(r\"^multi-factor/\", include(register_router.urls)),\n]\n```\n\n\n", "description_content_type": "text/markdown", "docs_url": null, "download_url": "", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "https://github.com/KENTIVO/rest-multi-factor", "keywords": "", "license": "MIT", "maintainer": "", "maintainer_email": "", "name": "rest-multi-factor", "package_url": "https://pypi.org/project/rest-multi-factor/", "platform": "", "project_url": "https://pypi.org/project/rest-multi-factor/", "project_urls": { "Homepage": "https://github.com/KENTIVO/rest-multi-factor" }, "release_url": "https://pypi.org/project/rest-multi-factor/1.1b1/", "requires_dist": [ "django", "djangorestframework", "cryptography", "qrcode ; extra == 'qr'", "pillow ; extra == 'qr'", "factory-boy ; extra == 'test'" ], "requires_python": "", "summary": "Multi factor for django rest framework", "version": "1.1b1" }, "last_serial": 5782763, "releases": { "1.0b0": [ { "comment_text": "", "digests": { "md5": "a1d463923ecd507dbedcd05113887af9", "sha256": "ffd8c3cb0184c3423e163b41b2509e57a59e763d348988e365e929f197d389b8" }, "downloads": -1, "filename": "rest_multi_factor-1.0b0-py3-none-any.whl", "has_sig": false, "md5_digest": "a1d463923ecd507dbedcd05113887af9", "packagetype": "bdist_wheel", "python_version": "py3", "requires_python": null, "size": 39419, "upload_time": "2019-08-26T09:10:30", "url": "https://files.pythonhosted.org/packages/fa/3c/532a46c1a3509937e27086d86cb7ba463077fdc0e17d28e8afb4c035d42e/rest_multi_factor-1.0b0-py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "3944a4fed2cbc1124363d068191a492e", "sha256": "2888ec29e76a630e9cb8f0e14590f2e1b6e335ab044c13550dad02f5fd470848" }, "downloads": -1, "filename": "rest-multi-factor-1.0b0.tar.gz", "has_sig": false, "md5_digest": "3944a4fed2cbc1124363d068191a492e", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 25775, "upload_time": "2019-08-26T09:10:33", "url": "https://files.pythonhosted.org/packages/07/cb/f9d5ecb7a3380635e628b4d12eb6ab33f78540a65ca7e08c2ca0b84a39b8/rest-multi-factor-1.0b0.tar.gz" } ], "1.1b1": [ { "comment_text": "", "digests": { "md5": "b5a7e95fd7867d8eb0f05909f7eb44e4", "sha256": "ffbaa9274e329de9f77b478b42ab2d51368d105c4bcbadcc42f811c755f77f59" }, "downloads": -1, "filename": "rest_multi_factor-1.1b1-py3-none-any.whl", "has_sig": false, "md5_digest": "b5a7e95fd7867d8eb0f05909f7eb44e4", "packagetype": "bdist_wheel", "python_version": "py3", "requires_python": null, "size": 44987, "upload_time": "2019-09-04T18:00:54", "url": "https://files.pythonhosted.org/packages/a8/a5/3897ee754daa60c78a9d9a452e9a366c6b3bbac5d87586e95a38931c2387/rest_multi_factor-1.1b1-py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "beae399ff30d68674a405b7a40b2a7a4", "sha256": "405b33342cab6c2f6a7a2fb760f4ab89c7d53398faf32d6a6fa11adfbe052e3c" }, "downloads": -1, "filename": "rest-multi-factor-1.1b1.tar.gz", "has_sig": false, "md5_digest": "beae399ff30d68674a405b7a40b2a7a4", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 27793, "upload_time": "2019-09-04T18:00:56", "url": "https://files.pythonhosted.org/packages/46/07/541dff50abc9ec6811ac6aa578056e7e8428d9e8949b1c5b8f92a910f280/rest-multi-factor-1.1b1.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "b5a7e95fd7867d8eb0f05909f7eb44e4", "sha256": "ffbaa9274e329de9f77b478b42ab2d51368d105c4bcbadcc42f811c755f77f59" }, "downloads": -1, "filename": "rest_multi_factor-1.1b1-py3-none-any.whl", "has_sig": false, "md5_digest": "b5a7e95fd7867d8eb0f05909f7eb44e4", "packagetype": "bdist_wheel", "python_version": "py3", "requires_python": null, "size": 44987, "upload_time": "2019-09-04T18:00:54", "url": "https://files.pythonhosted.org/packages/a8/a5/3897ee754daa60c78a9d9a452e9a366c6b3bbac5d87586e95a38931c2387/rest_multi_factor-1.1b1-py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "beae399ff30d68674a405b7a40b2a7a4", "sha256": "405b33342cab6c2f6a7a2fb760f4ab89c7d53398faf32d6a6fa11adfbe052e3c" }, "downloads": -1, "filename": "rest-multi-factor-1.1b1.tar.gz", "has_sig": false, "md5_digest": "beae399ff30d68674a405b7a40b2a7a4", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 27793, "upload_time": "2019-09-04T18:00:56", "url": "https://files.pythonhosted.org/packages/46/07/541dff50abc9ec6811ac6aa578056e7e8428d9e8949b1c5b8f92a910f280/rest-multi-factor-1.1b1.tar.gz" } ] }