Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

登录支持2FA #1481

Merged
merged 11 commits into from
May 2, 2022
Merged

登录支持2FA #1481

merged 11 commits into from
May 2, 2022

Conversation

nick2wang
Copy link
Collaborator

@nick2wang nick2wang commented Apr 28, 2022
edited
Loading

fix #1410
登录支持双因子认证(两步验证),提高系统安全性(尤其有些人把archery部署在公网上)
*在authenticate和login之间增加了OTP验证
*目前支持Google身份验证器验证(理论上支持TOTP算法的App都适用),接口使用类似sql.engines的黑盒模式,后面可以比较方便地拓展邮件和短信验证

使用:
image

  1. 关闭或开启2FA(需验证密码)
    image
  2. 配置成功后使用Google身份验证器扫码并进行第一次验证,验证成功后保存配置
    image
  3. 重新登录验证完账号密码后,跳转到2FA验证界面
    image
  4. 使用Google身份验证器获取验证码,验证后登陆成功

@codecov
Copy link

codecov bot commented Apr 28, 2022
edited
Loading

Codecov Report

Merging #1481 (9e257c1) into master (e66c77f) will decrease coverage by 0.03%.
The diff coverage is 73.16%.

@@            Coverage Diff             @@
##           master    #1481      +/-   ##
==========================================
- Coverage   75.30%   75.26%   -0.04%     
==========================================
  Files          91       93       +2     
  Lines       14455    14677     +222     
==========================================
+ Hits        10885    11047     +162     
- Misses       3570     3630      +60
Impacted Files Coverage Δ
common/middleware/check_login_middleware.py 100.00% <ø> (ø)
sql/urls.py 100.00% <ø> (ø)
sql_api/urls.py 100.00% <ø> (ø)
sql/views.py 67.24% <12.50%> (-1.56%) ⬇️
common/auth.py 69.16% <50.00%> (-2.66%) ⬇️
sql_api/permissions.py 86.66% <71.42%> (-13.34%) ⬇️
common/twofa/totp.py 71.69% <71.69%> (ø)
sql_api/api_user.py 84.06% <72.13%> (-6.26%) ⬇️
sql/models.py 95.64% <72.72%> (-0.85%) ⬇️
sql_api/serializers.py 81.56% <82.60%> (+0.09%) ⬆️
... and 3 more

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update e66c77f...9e257c1. Read the comment docs.

hhyo
hhyo reviewed Apr 29, 2022
View reviewed changes
sql/models.py Outdated Show resolved Hide resolved
hhyo
hhyo reviewed Apr 30, 2022
View reviewed changes
common/twofa/totp.py Outdated Show resolved Hide resolved
@nick2wang
优化
7c2ae1a 
1.二维码不保存在本地
2.保存2FA配置前先进行一次验证
@nick2wang
Copy link
Collaborator Author

优化:

  1. 二维码以图片流形式展示,不保存在本地
  2. 保存配置前先进行一次验证

@hhyo hhyo merged commit 21de2d2 into hhyo:master May 2, 2022
@liujing1087
Copy link

能否在系统全局配置中强制对所有用户启用2FA多因子认证?

@thcoffee
Copy link
Contributor

thcoffee commented May 5, 2022

能否在系统全局配置中强制对所有用户启用2FA多因子认证?

同问,希望能够设置全局强制多因子认证。

@xsySecurity
Copy link

希望管理员能配置全局强制开启2FA

1 similar comment
@xsySecurity
Copy link

希望管理员能配置全局强制开启2FA

@nick2wang
Copy link
Collaborator Author

希望管理员能配置全局强制开启2FA

已经支持全局强制配置 #1490

@nick2wang
Copy link
Collaborator Author

全局开启后,虽然强制用户端启用,但是貌似这个功能用户可以自行关闭,建议关闭用户自行关闭的权限

用户关闭后重新登录时,会强制要求重新设置2FA才能登入系统

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@LeoQuote LeoQuote LeoQuote left review comments

@hhyo hhyo hhyo approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[ 功能建议 ]登录增加多因子验证功能
6 participants
@nick2wang @liujing1087 @thcoffee @xsySecurity @LeoQuote @hhyo