/django-trench-reboot

django-trench-reboot provides a set of REST API endpoints to supplement django-rest-framework with multi-factor authentication (MFA, 2FA). It supports both standard built-in authentication methods, as well as JWT (JSON Web Token). (A fork of django-trench)

Primary LanguagePythonOtherNOASSERTION

django-trench

https://cybersecurity-excellence-awards.com/wp-content/uploads/2021/06/badges_2022_Silver.png
https://codecov.io/gh/merixstudio/django-trench/branch/master/graph/badge.svg?token=U4yDiXUDkb https://readthedocs.org/projects/django-trench/badge/?version=latest https://img.shields.io/pypi/v/django-trench
django-trench provides a set of REST API endpoints to supplement django-rest-framework with multi-factor authentication (MFA, 2FA). It supports both standard built-in authentication methods, as well as JWT (JSON Web Token).
We deliver a couple of sample secondary authentication methods including sending OTP based code by:
  • E-mail
  • SMS / text
  • 3rd party mobile apps
  • YubiKey
Developers can easily add their own authentication backends supporting any communication channel.
This is a fork of django_trench. As this package has gone unmaintained for some time, we have decided to maintain a temporary package in order to provide support for Django 4.2 and beyond (if necessary).

Features

  • Easily pluggable and compatible with django-rest-framework
  • Allows user to pick an additional authentication method from range of backends defined by a developer. Read more: backends
  • Comes out of a box with email, SMS, mobile apps and YubiKey support

Supported versions

  • Python 3.9, 3.10, 3.11, 3.12
  • Django 3.0, 3.1, 3.2, 4.0, 4.1, 4.2
  • Django REST Framework 3.10, 3.11, 3.12, 3.13, 3.14
If you are going to use JWT authentication:

Quick Start

  1. Install the package using pip:
pip install django-trench

or add it to your requirements file.

  1. Add trench library to INSTALLED_APPS in your app settings file:
INSTALLED_APPS = (
    ...,
    'rest_framework',
    'rest_framework.authtoken',  # In case of implementing Token Based Authentication
    ...,
    'trench',
)
  1. Run migrations
Read further in: installation.

Translation

Trench uses Transifex service to translate our package into other languages.

We will appreciate your help with translation.

https://www.transifex.com/merixstudio/django-trench/dashboard/

Local development

  1. Clone the repo.

  2. Crete virtual environment named e.g. .venv:

    virtualenv .venv
  3. Activate the virtual environment:

    source .venv/bin/activate
  4. Install dependencies:

    pip install black mypy
    pip install -r testproject/requirements.txt
  5. Set environment variables:

    export PYTHONPATH=./testproject
    export DJANGO_SETTINGS_MODULE=settings
    export SECRET_KEY=YOURsecretGOEShere
  6. Create a symbolic link to the trench/ module inside the testproject/ directory to emulate the trench package being installed.

    # make sure you run this command from the root directory of this project
    ln -s $(pwd)/trench/ $(pwd)/testproject/trench
  7. Check whether the tests are passing:

    pytest --cov=testproject/trench testproject/tests/

Remember - anytime you change something in the django-trench source code you need to re-build and re-install the package (steps 6-7) for the changes to be present during e.g. running the tests.

  1. [OPTIONAL] To make the tests run faster you can try to execute them in parallel.

    To do so you need to install the pytest-xdist package and run the tests with additional parameter of -n 8 where 8 stands for the number of threads that will be spawned for executing the tests. Depending on the machine you're using using this tool can speed up the test execution process up to 5 times.

    pytest -n 8 --cov=testproject/trench testproject/tests/