Comments (12)
Testing Scenarios for LoginView
-
Scenario 1: The user does not exist (mickey-mouse)
- Create a helpful message
- Return them to the login screen with the message presented
-
Scenario 2: The user exists but is not set up for 2FA at all (john-terry - 7)
- Feed through the initial setup process
-
Scenario 3: The user exists and is using the device token method of 2FA (james-bond - 62)
- Offload the implementation to the third-party package
- Present the user with the screen where they need to enter their device token
-
Scenario 4: The user exists and is attempting to 2FA with an expired email token (donald-trump - 66)
- Redirect the user through the setup process once again. This should give them a new choice of whether to use the device or email method of 2FA.
- Solution accounts for cases where there are more than one email token in the DB
-
Scenario 5: The user exists and uses an unexpired email token as 2FA (bruce-willis - 67)
- Retreive the token from the DB
- Send the token to the user
- Redirect them to the screen where they can enter it
from portfolio.
Can I use
FormView
instead ofTemplateView
? Or can I manually declare the single form within thepost
method which would give me access to the form object enabling access tocleaned_data
anderrors
.
The post
method included an instantiation of the form enabling access to the form data rather than the POST data.
from portfolio.
Features To Include
-
Set up a mixin for
DeviceAuthUserMixin
-
Set up a mixin for
EmailAuthUserMixin
-
Set up a mixin for
TwoFactorAuthUserMixin
-
Send an email to the user once they have set up their two-factor authentication
-
Set a
token_valid_expiration_date
-
Set up a pathway redirect upon login that directs an email authenticator to a screen that accepts the email token
-
Logic needs to check that the token is within its expiration date (28 days)
-
Set up throttling on the user -
Resolve testing issue which emulates a user being verified/authenticated with their second factor.
from portfolio.
The testing scenarios outlined in this comment have been tested and the code works as expected.
donald-trump
now has an entry in the database for a token authentication in addition to an expired email token. How does logging in as donald now work?
from portfolio.
The testing scenarios outlined in this comment have been tested and the code works as expected.
donald-trump
now has an entry in the database for a token authentication in addition to an expired email token. How does logging in as donald now work?
Due to the hierarchy of logic, Donald is presented with the opportunity to choose their method of 2FA again.
from portfolio.
Need to make a decision on how long the token should be valid for weighing security against convenience.
from portfolio.
Can I use FormView
instead of TemplateView
? Or can I manually declare the single form within the post
method which would give me access to the form object enabling access to cleaned_data
and errors
.
from portfolio.
The ProfileView
and the ProfileUpdateView
are two examples of views that should only be available within the project for users that have two-factor authenticated.
Other examples include the PostUpdateView
.
These should be used as the examples to include a custom mixin and for their corresponding tests to be adapted to emulate being two-factor authenticated.
from portfolio.
The
ProfileView
and theProfileUpdateView
are two examples of views that should only be available within the project for users that have two-factor authenticated.Other examples include the
PostUpdateView
.These should be used as the examples to include a custom mixin and for their corresponding tests to be adapted to emulate being two-factor authenticated.
The ProfileView
is an example of where multiple permutations of the test has been set up to ensure that the intended outcome happens for each authentication status attempting to access the view.
from portfolio.
- Change the
max_length
attribute of thechallenge_token
field to 255. Runmakemigrations
andmigrate
. - Remove the import
from two_factor.utils import default_device
-
Add an image into the email for branding purposes - For the token submission form, use
FormView
instead but attempt to use a form that inherits fromforms.Form
rather thanforms.ModelForm
. I think usingforms.ModelForm
is blocking me being able to theFormView
. - Add tests for the
ProfileView
- Add tests for the
ProfileUpdateView
- Add tests for the
PostCreateView
- Add tests for the
PostUpdateView
from portfolio.
- Build a smaller and more efficient multi-stage Docker image
from portfolio.
Replace the django-cryptography
package with the django-encrypted-model-fields
. This is a more frequently maintained package and will not prevent the upgrade path.
from portfolio.
Related Issues (20)
- Replace Requests Package with HTTPX HOT 1
- Post Development Plan
- Change Display of Email Address on Contact Page
- Refactor Signals File in Users App HOT 1
- Django Axes
- Replace Pipenv with Poetry
- Remove Google Analytics
- Unit Tests: Mixins
- Scraping: Styling and Layout Changes
- Text Analysis: Styling and Layout Changes
- Countdown Letters: Styling and Layout Changes
- Countdown Numbers: Styling and Layout Changes
- Roulette: Styling and Layout Changes
- Home Page Amendments
- Change Docker Build
- Upgrade to GitHub Forms for Issues Creation
- Develop Index Page HOT 2
- Blockquote on Blog Post not Displaying Correctly HOT 2
- 2FA Integration HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from portfolio.