less than 1 minute read

Some time ago I was tasked for a quick-beta to force the usage of One-Time-Password inside the django-all-auth framework when generated from the awesome “django-cookiecutter”.

I found out an hacky solution, using a middleware:

in requirements.txt:

django-allauth-2fa
django_otp

remember to put the package version to not have problems in the future!

in your settings file:

USE_2FA = True

middleware.py:

warning: spaghetti code! clean this code before use :)


from django.shortcuts import redirect
from allauth_2fa.views import TwoFactorSetup, TwoFactorBackupTokens, TwoFactorAuthenticate

from django_otp.plugins.otp_totp.models import TOTPDevice

from config.settings.base import USE_2FA


class CheckOtpMiddleware:
    def __init__(self, get_response):
        self.get_response = get_response

    def process_view(self, request, view_func, *view_args, **view_kwargs):

        if USE_2FA:
            print(view_func.__name__)
            if request.user.is_authenticated:
                totp = TOTPDevice.objects.filter(user=request.user).first()
                if not totp:
                    if view_func.__name__ != "TwoFactorSetup" and view_func.__name__ != "LogoutView" :
                         return redirect("two-factor-setup")
                else:
                    if not totp.confirmed:
                        if view_func.__name__ != "TwoFactorSetup"   and view_func.__name__ != "LogoutView":
                            return redirect("two-factor-setup")



    def __call__(self, request):
        response = self.get

Add your middleware and you are ready to go!

Categories:

Updated:

You may also enjoy

Bind Shellcode written for x86 in nasm

3 minute read

During SLAE32/SLAE64, I had a lot of fun writing x86 and x64 shellcode in NASM. In this post I will share my code of an x86 bind shell (linux), and some uti...