Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bypass 2FA Token in local development #82

Merged
merged 9 commits into from
Jun 1, 2024
Merged

Bypass 2FA Token in local development #82

merged 9 commits into from
Jun 1, 2024

Conversation

anchit-chandran
Copy link
Contributor

@anchit-chandran anchit-chandran commented Jun 1, 2024
edited
Loading

Got working with help of @eatyourpeas thanks!

Overview

When in local development (settings.DEBUG=True), bypass the 2FA token step on login.

This improves the developer experience.

Code changes

  • Update various URLs in both project and npda app to only use 2FA / custom auth urls
  • Adds LoginAndOTPRequired and login_and_otp_required mixin&decorator
  • Specifically overrides the .post() method of the RCPCHLoginView class to skip past the normal auth workflow if in debug mode

Documentation changes (done or required as a result of this PR)

  • nil

Related Issues

Mentions

@anchit-chandran
Merge branch 'development' into fix-otp-local-dev
ce5a53a
@anchit-chandran
rm un-needed app-level urls as tf_urls handling
e90108d 
Signed-off-by: anchit-chandran <[email protected]>
@anchit-chandran
reformat
cd63ad7 
Signed-off-by: anchit-chandran <[email protected]>
@anchit-chandran
add login_and_otp_required decorator for any functional views
9922aa3 
Signed-off-by: anchit-chandran <[email protected]>
@anchit-chandran
use login_and_otp_required decorator for home functional view
d691982 
Signed-off-by: anchit-chandran <[email protected]>
@anchit-chandran
adds LoginAndOTPRequiredMixin for CBVs
013d729 
Signed-off-by: anchit-chandran <[email protected]>
@anchit-chandran
loginAOTP
7494c44 
Signed-off-by: anchit-chandran <[email protected]>
@anchit-chandran
adds bypass 2fa in RCPCHLoginView POST method for when debug=True
6dff832 
Signed-off-by: anchit-chandran <[email protected]>
@anchit-chandran anchit-chandran marked this pull request as ready for review June 1, 2024 15:43
@anchit-chandran anchit-chandran mentioned this pull request Jun 1, 2024
Open
@eatyourpeas eatyourpeas self-assigned this Jun 1, 2024
eatyourpeas
eatyourpeas approved these changes Jun 1, 2024
View reviewed changes
Copy link
Member

@eatyourpeas eatyourpeas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you Anchit for this nice piece of work. Looks all good.
One thing I have changed - would like to know whether you agree - is that I have removed the requirement to be both DEBUG and superuser to skip 2FA. My rationale is that 2FA is for production only, when DEBUG will be False, and I have found otherwise that if we are testing with different user accounts, it throws a 403.

@eatyourpeas eatyourpeas merged commit 1ec4af8 into development Jun 1, 2024
1 check passed
@eatyourpeas eatyourpeas deleted the fix-otp-local-dev branch June 1, 2024 22:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@eatyourpeas eatyourpeas eatyourpeas approved these changes

Assignees

@eatyourpeas eatyourpeas

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@anchit-chandran @eatyourpeas