Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement Two-Factor Authentication #112

Merged
merged 16 commits into from
Aug 18, 2021
Merged

Implement Two-Factor Authentication #112

merged 16 commits into from
Aug 18, 2021

Conversation

WayneLambert
Copy link
Owner

  • Adds two-factor authentication by email as a custom solution using models storage and retrieval.
  • Mixins have been added to restrict views.
  • The ProfileView has been implemented with the new mixin as a starting point. There are a few more views that need the mixin adding and the appropriate tests writing (see issue Two-Factor Authentication #107 for details)
  • The Loginview has been customised to enforce that a method of two-factor authentication has been used.
  • The admin interface has been updated as a convenience
  • Email functionality has been added to give the user details of their token and confirmation that their token has been fully set up.

@WayneLambert
Add 2FA config settings
efb2e88 
Addresses the following:

- Adds settings for development
- Adds settings for production

Contributes towards: #107
@WayneLambert
Add models for email method of 2FA
8b7800d 
Addresses the following:

- Adds model for email method of 2FA
  - Includes the migration history during development
- Tweaks `Profile` model
- Removes redundant model methods
- Replaces custom full_name method with in-built Django one
- Replaces `super()` call on `save` method with Python 3 syntax

Contributes towards: #107
@WayneLambert
Adjust admin panel
35390b1 
Addresses the following:

- Adds the `EmailToken` model to the admin panel
- Ensures the challenge token is not visible in the admin panel
- Ensures the `EmailToken` panel is completely read-only
- Removes unused models from the panel
- Adjusts the image resizing function with a `SCALE_FACTOR` constant

Contributes towards: #107
@WayneLambert
Amend views and forms
1752220 
Addresses the following:

- Override `LoginView` to account for the scenarios of device or email
  authentication as the second factor
- `LoginView` now ensures that the user is taken through the 2FA process
  if they have not already done so
- Email is sent upon generation of a code
- Email is sent upon setup of an email code with user-friendly
  information on how long the code will last
- Existing forms have been updated to make them clearer and some
  suplerflous methods have been removed from clean methods
- Refactor some existing code to make clearer
- Where beneficial, type hints and docstrings added

Contributes towards: #107
@WayneLambert
Add utility functions
0f15aad 
Addresses the following:

- Adds function to enable the calculcation of the challenge expiration
  date/time
- Adds function to enable the calculcation of the token expiration
  date/time
- Adds docstrings

Contributes towards: #107
@WayneLambert
Add mixins
78ade75 
Addresses the following:

- Adds mixin to enable a view to be conditionally available to users
  that have a device 2FA setup
- Adds mixin to enable a view to be conditionally available to users
  that have an email 2FA setup
- Adds mixin to enable a view to be conditionally available to users
  that have either a device or an email 2FA setup

Contributes towards: #107
@WayneLambert
Change related_name attribute's value
ed53440 
Addresses the following:

- In order to make code more understandable and representative of what
  is actually going on, the `related_name` attribute's value was changed
  from `user` to `profile`
- Changes made in API reference
- Changes made in `PublishedManager` to manage blog `Post` objects
- Changes also made in template references

Contributes towards: #107
@WayneLambert
Replace custom methods with Django convenience ones
5cd75d0 
Addresses the following:

- Replaces usage of `user.username` on the `User` model with the
  in-built Django convenience method of `get_username()`
- Replaces usage of the `get_full_name()` method on the `Profile` model with the
  in-built Django convenience method of `get_full_name()`
- Replaces references to the old implementations to the new ones in
  templates, API serializers, testing fixtures, feeds, and views code

Contributes towards: #107
@WayneLambert
Amend HTML templates
e671d4a 
Addresses the following:

- Adds messages to `login.html` template
- Makes miscellaneous styling adjustments for readability and to work
  within constraint of maximum column width enforced by GitHub
- Adds user-friendly text to the interface
- Adds placeholders for form input fields
- Contributed towards uniformity of anchor tag elements

Contributes towards: #107
@WayneLambert
Add/Amend email templates
7c5ecb4 
Addresses the following:

- Amend template to handle the issue of a token
- Add template to handle the confirmation of token setup and expiration

Contributes towards: #107
@WayneLambert
Add mixin to ProfileView
527035b 
Addresses the following:

- Adds `TwoFactorAuthMixin` to `ProfileView`
- Adds type hints within the `ProfileUpdateView`

Contributes towards: #107
@WayneLambert
Add fixtures
b239415 
Addresses the following:

- Adds fixture to simulate device authenticated user
- Adds fixture to simulate email authenticated user

Contributes towards: #107
@WayneLambert
Adds settings to pytest config
e33d380 
Addresses the following:

- Adds config settings to faciliate testing with pytest

Contributes towards: #107
@WayneLambert
Adds/Adjusts tests
58aab58 
Addresses the following:

- Adds and adjusts tests for the `TestProfileView` to account for the
  expected outcome now being different due to the factor that there is
  the custom `TwoFactorAuthUserMixin` added
- Adjusts test for the `__str__` method to be in line with best practices

Contributes towards: #107
@WayneLambert
Modify f-string
e47bf3b 
Addresses the following:

- Modifies f-string as per AI Sourcery refactoring suggestion

Contributes towards: #107
@WayneLambert
Merge PR #110 from WayneLambert/feature/2fa
59e338a 
Add Two-Factor Authentication by Email
@WayneLambert WayneLambert added app: users Issues relating to the `users` app feature Feature for the project labels Aug 18, 2021
@WayneLambert WayneLambert self-assigned this Aug 18, 2021
@sourcery-ai
Copy link

sourcery-ai bot commented Aug 18, 2021

Sourcery Code Quality Report

❌  Merging this PR will decrease code quality in the affected files by 1.31%.

Quality metrics Before After Change
Complexity 0.41 ⭐ 0.78 ⭐ 0.37 👎
Method Length 28.86 ⭐ 30.53 ⭐ 1.67 👎
Working memory 5.75 ⭐ 6.08 ⭐ 0.33 👎
Quality 85.08% 83.77% -1.31% 👎
Other metrics Before After Change
Lines 1222 1448 226
Changed files Quality Before Quality After Quality Change
aa_project/settings/base.py 54.29% 🙂 54.26% 🙂 -0.03% 👎
aa_project/settings/prod.py 82.19% ⭐ 81.76% ⭐ -0.43% 👎
aa_project/settings/pytest/pytest.py 90.66% ⭐ 91.03% ⭐ 0.37% 👍
apps/conftest.py 88.97% ⭐ 87.05% ⭐ -1.92% 👎
apps/api/serializers.py 77.91% ⭐ 77.91% ⭐ 0.00%
apps/blog/feeds.py 99.28% ⭐ 99.28% ⭐ 0.00%
apps/blog/managers.py 92.71% ⭐ 92.71% ⭐ 0.00%
apps/blog/views.py 82.94% ⭐ 82.94% ⭐ 0.00%
apps/contacts/tests/test_models.py 94.87% ⭐ 94.87% ⭐ 0.00%
apps/users/admin.py 86.94% ⭐ 89.18% ⭐ 2.24% 👍
apps/users/forms.py 87.91% ⭐ 88.47% ⭐ 0.56% 👍
apps/users/models.py 93.09% ⭐ 90.65% ⭐ -2.44% 👎
apps/users/signals.py 90.91% ⭐ 90.91% ⭐ 0.00%
apps/users/utils.py 96.61% ⭐ 95.28% ⭐ -1.33% 👎
apps/users/views.py 88.70% ⭐ 80.21% ⭐ -8.49% 👎
apps/users/tests/test_models.py 93.69% ⭐ 93.58% ⭐ -0.11% 👎
apps/users/tests/test_views.py 86.50% ⭐ 86.04% ⭐ -0.46% 👎

Here are some functions in these files that still need a tune-up:

File Function Complexity Length Working Memory Quality Recommendation
apps/users/views.py UserLoginView.post 11 🙂 157 😞 13 😞 46.38% 😞 Try splitting into smaller methods. Extract out complex expressions
apps/blog/views.py PostDetailView.get_context_data 9 🙂 95 🙂 12 😞 57.28% 🙂 Extract out complex expressions
apps/blog/views.py SearchResultsView.get_queryset 2 ⭐ 107 🙂 11 😞 64.16% 🙂 Extract out complex expressions
apps/conftest.py email_auth_user 0 ⭐ 52 ⭐ 13 😞 70.97% 🙂 Extract out complex expressions
apps/users/models.py EmailToken.save 2 ⭐ 46 ⭐ 11 😞 73.24% 🙂 Extract out complex expressions

Legend and Explanation

The emojis denote the absolute quality of the code:

  • ⭐ excellent
  • 🙂 good
  • 😞 poor
  • ⛔ very poor

The 👍 and 👎 indicate whether the quality has improved or gotten worse with this pull request.

Please see our documentation here for details on how these metrics are calculated.

We are actively working on this report - lots more documentation and extra metrics to come!

Help us improve this quality report!

@WayneLambert WayneLambert merged commit 0c4c86e into main Aug 18, 2021
@WayneLambert WayneLambert changed the title Add Two-Factor Authentication by Email Implement Two-Factor Authentication Aug 19, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@WayneLambert WayneLambert

Labels
app: users Issues relating to the `users` app feature Feature for the project
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@WayneLambert