我正在使用django-two-factor-auth作为webapp。我无法访问管理页面。
我知道我正在输入正确的凭据。当我输入错误的凭据时,我收到了相应的错误消息。
当我输入正确的凭据时,页面只需使用以下URL重新加载:
LOGIN_URL = 'two_factor:login'
LOGIN_REDIRECT_URL = '/inveskore'
TWO_FACTOR_SMS_GATEWAY = 'two_factor.gateways.twilio.gateway.Twilio'
这些是与two_factor相关的设置:
path('admin/', admin.site.urls),
这是相关的网址路径:
d
根据this,它来自管理员用户未设置2FA。
那么,如果您无法访问该网站,如何为管理员用户设置2FA?
编辑:
我取消了网站的2FA登录要求,然后添加了手机设备。没有运气。
答案 0 :(得分:1)
我还不能发表评论,但是@saschwarz的上述回答在Django 2.2和django-two-factor-auth中起到了很好的作用。他的代码中唯一缺少的是额外的导入:
from django.http import HttpResponseRedirect
之后,我可以使用此行:
admin.site.__class__ = AdminSiteOTPRequiredMixinRedirSetup
快速为管理员用户实施两个因素。
django-two-factor-auth的文档中确实缺少此功能...我看了很长时间的文档,找不到找到生成QR代码的明确方法。它仅在演示应用程序中进行了实际演示,而没有以非常模块化的方式进行演示。
答案 1 :(得分:0)
我最近遇到了这种情况,并根据其中的评论创建了该解决方案:
https://github.com/Bouke/django-two-factor-auth/issues/219#issuecomment-494382380
我继承了AdminSiteOTPRequired
,然后将其指定为要使用的管理类
from django.conf import settings
from django.contrib.auth import REDIRECT_FIELD_NAME
from django.contrib.auth.views import redirect_to_login
from django.shortcuts import resolve_url
from django.urls import reverse
from django.utils.http import is_safe_url
from two_factor.admin import AdminSiteOTPRequired, AdminSiteOTPRequiredMixin
class AdminSiteOTPRequiredMixinRedirSetup(AdminSiteOTPRequired):
def login(self, request, extra_context=None):
redirect_to = request.POST.get(
REDIRECT_FIELD_NAME, request.GET.get(REDIRECT_FIELD_NAME)
)
# For users not yet verified the AdminSiteOTPRequired.has_permission
# will fail. So use the standard admin has_permission check:
# (is_active and is_staff) and then check for verification.
# Go to index if they pass, otherwise make them setup OTP device.
if request.method == "GET" and super(
AdminSiteOTPRequiredMixin, self
).has_permission(request):
# Already logged-in and verified by OTP
if request.user.is_verified():
# User has permission
index_path = reverse("admin:index", current_app=self.name)
else:
# User has permission but no OTP set:
index_path = reverse("two_factor:setup", current_app=self.name)
return HttpResponseRedirect(index_path)
if not redirect_to or not is_safe_url(
url=redirect_to, allowed_hosts=[request.get_host()]
):
redirect_to = resolve_url(settings.LOGIN_REDIRECT_URL)
return redirect_to_login(redirect_to)
然后在urls.py
中输入
from django.contrib import admin
admin.site.__class__ = AdminSiteOTPRequiredMixinRedirSetup