Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Show secret on setup.html to allow for manual entry for multiple yubikeys & other devices #109

Merged
merged 1 commit into from
Jul 18, 2022
Merged

Show secret on setup.html to allow for manual entry for multiple yubikeys & other devices #109

merged 1 commit into from
Jul 18, 2022

Conversation

9mido
Copy link
Contributor

@9mido 9mido commented Mar 30, 2021
edited
Loading

This PR allows for users to manually enter the same secret key for multiple mobile devices or multiple yubikey devices using the downloadable yubikey authenticator app in case the user loses one of their yubikeys or mobile devices. In other words, it allows a user to create multiple yubikey or mobile 2FA devices to use for their one online account. By creating backup yubikeys or mobile devices with the same OTP secret on them, it decreases the chances of a user not being able to log into their account if they lose one or more of their yubikey or mobile devices.

@9mido 9mido mentioned this pull request Mar 31, 2021
Open
@9mido 9mido changed the title Show secret on setup.html to allow for manual entry for multiple yubikeys Show secret on setup.html to allow for manual entry for multiple yubikeys & other devices Mar 31, 2021
@simonkern
Copy link

simonkern commented Sep 5, 2021
edited
Loading

There is btw no need to edit the view, device is already available in the context. You can achieve this with a template filter and a minor change to the template:

templatetags/b32encode.py

from base64 import b32encode as b32enc

from django import template

register = template.Library()

@register.filter()
def b32encode(value):
    return b32enc(value).decode('utf-8')

and then in the template:

allauth_2fa/setup.html

{% load b32encode %}
...
...
...
Secret: {{ view.device.bin_key|b32encode }}

@9mido
Copy link
Contributor Author

9mido commented Sep 12, 2021

@simonkern Thanks for this. I am fine with whatever method (yours or mine) the maintainer of django-allauth-2fa chooses to use. I give permission to the maintainer to close this PR and make one themselves with this feature with whatever method they desire. Hopefully we can see this feature in the main branch soon.

@akx akx added this to the 1.0 milestone Jul 18, 2022
@9mido @akx
Show secret on setup page to allow for non-QR-code devices
4ba994b 
Co-authored-by: Aarni Koskela <akx@iki.fi>
@akx akx merged commit 6bd3101 into valohai:main Jul 18, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@valberg valberg valberg approved these changes

Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
1.0
Development

Successfully merging this pull request may close these issues.
4 participants
@9mido @simonkern @valberg @akx