wagtail-2fa

This Django app add's two factor authentication to Wagtail. Behind the scenes it use django-otp which supports Time-based One-Time Passwords (TOTP). This allows you to use various apps like Authy, Google Authenticator, or 1Password.

Installation

pip install wagtail-2fa

Then add the following lines to the INSTALLED_APPS list in your Django settings:

INSTALLED_APPS = [
    # ...
    'wagtail_2fa',
    'django_otp',
    'django_otp.plugins.otp_totp',
    # ...
]

Next add the required middleware to the MIDDLEWARE. It should come after the AuthenticationMiddleware:

MIDDLEWARE = [
    # .. other middleware
    # 'django.contrib.auth.middleware.AuthenticationMiddleware',

    'wagtail_2fa.middleware.VerifyUserMiddleware',

    # 'wagtail.core.middleware.SiteMiddleware',
    # .. other middleware
]

Settings

The following settings are available (Set via your Django settings):

• WAGTAIL_2FA_REQUIRED (default False): When set to True all staff, superuser and other users with access to the Wagtail Admin site are forced to login using two factor authentication.
• WAGTAIL_MOUNT_PATH (default: ''): The uWSGI mount point that Wagtail is running at. Ex. /wagtail
• WAGTAIL_2FA_OTP_TOTP_NAME (default: False): The issuer name to identify which site is which in your authenticator app. If not set and WAGTAIL_SITE_NAME is defined it uses this. sets OTP_TOTP_ISSUER under the hood.

Sandbox

First create a new virtualenv with Python 3.6.1 and activate it. Then run the following commands:

• make sandbox

You can then visit http://localhost:8000/admin/ and login with the following credentials:

• E-mail: [email protected]
• Password: testing