Menu
I was looking at django-otp module and want to implement it in my project. But I am facing several problems.
1) According to docs(the method they have given in docs), there are three level of authentication: Anonymous, Authenticated and Authenticated + Verified. If a user is already already authenticated via django's authentication system only then he will be asked for otp verification (Two way authentication).
Now i want to skip it and authenticate/verify user only via otp. Instead of login prompt user will enter a phone number and will recieve a otp for verification.(I want to bypass django's authentication).
2) Also i want to use otp_required only on selected pages. i.e. i will have both anonymous and verified users on my website.
3) I couldn't find any example regarding the implementation.
My question is how to implement it in my current scenario.
EDIT: Settings.py
INSTALLED_APPS = [
'django.contrib.admin',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
'home',
'django_otp',
'django_otp.plugins.otp_totp',
'django_otp.plugins.otp_static',
]
MIDDLEWARE_CLASSES = [
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django_otp.middleware.OTPMiddleware',
'django.contrib.auth.middleware.SessionAuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
]
325
Step 1: Find that phone number existing in the phone model. Step 2: Generate a key of base32 using base64 library. Step 3: Use the Key to generate an Object of class pyotp. Step 4: Now using the Counter of User model and OTP code sent by the user, validate the authenticity of the user.
The Django authentication system handles both authentication and authorization. Briefly, authentication verifies a user is who they claim to be, and authorization determines what an authenticated user is allowed to do. Here the term authentication is used to refer to both tasks.
You can write your own Class Based View mixins, something like the LoginRequired mixin.
class AuthenticationVerificationMixin(AccessMixin):
"""
CBV mixin which verifies that the current user is authenticated,
and has a placeholder for checking if user verified.
"""
def dispatch(self, request, *args, **kwargs):
if not request.user.is_authenticated:
return self.handle_no_permission()
elif not request.user.is_verified():
# If you need a verification logic it will go here,
# for example here's a redirect if you're not verified...
# return redirect_to_login(self.request.get_full_path(), '/verify/'), self.get_redirect_field_name())
return super().dispatch(request, *args, **kwargs)
and then add these mixins to your views like
class MyView(AuthenticationVerificationMixin, TemplateView):
...
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
