Skip to content
GitLab
Projects Groups Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
  • castellum castellum
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 2
    • Issues 2
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 2
    • Merge requests 2
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
  • Deployments
    • Deployments
    • Releases
  • Packages and registries
    • Packages and registries
    • Container Registry
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Repository
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • CastellumCastellum
  • castellumcastellum
  • Merge requests
  • !1925

WIP: two factor authentication

  • Review changes

  • Download
  • Email patches
  • Plain diff
Closed Bengfort requested to merge fido2 into main Jun 16, 2021
  • Overview 0
  • Commits 9
  • Pipelines 11
  • Changes 14

This implements two factor authentication based on FIDO2, using the python-fido2 library.

We could use django-mfa2 which already provides large parts of the django integration. However, on first glance I had very mixed feelings about the code quality.

Note that FIDO2 is only available in "secure contexts", so you need an https proxy in order to test this. You also need to set the settings DOMAIN = '{your actual domain}' and CASTELLUM_REQUIRE_FIDO2 = True.

Still to do:

  • FIDO2 is probably not feasible for everyone (because it requires expensive hardware keys), so it would be good to provide an OTP fallback. This is also the approach that gitlab and github have taken.
  • There is no proper UI to register a key yet.
  • General refactoring and polishing.
Edited Jun 28, 2021 by Bengfort
Assignee
Assign to
Reviewers
Request review from
Time tracking
Source branch: fido2