jwag956 / flask-security / 551 / 8
97%
master: 97%

DEFAULT BRANCH: master
Ran
Files 28
Run time 5s
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
coverage: 97.063% (+0.1%) from 96.933%
REQUIREMENTS=release

push

travis-ci

web-flow 
Add two-factor support to unified sign in. (#269)

* Add two-factor support to unified sign in.

This factor was larger than expected - with some additional nice results.

US_MFA_REQUIRED is a new configuration variable that will trigger two-factor.

Since in most cases, there isn't any reason to require tfa if already authenticated
with say 'sms' - we track how the user initially authenticated, and use that to
check if tfa is required.
This involved being able to track a 'code' back to a 'method' - which is done
by having a totp_secret PER method, and iterating to find one that verifies.

This prompted adding a new signal - user_authenticated which is invoked upon
successful login and gets the user and authn_via
arguments - this will be useful for auditing. It receives a list so (in the future)
we can audit the entire authentication flow.

Changed the name of a tfa method to "email" rather than "mail" and added backwards
compat code to honor any existing "mail" in the DB.

A recent bug report highlighted that there is no way to catch and manage errors from
send_security_token(). For unified sign in this has been fixed by adding wrapper to UserMixin
that can be overridden.

Fixed a recently introduced bug in tfa setup w.r.t. the new phone number validation.

* Add two-factor support to unified sign in.

This factor was larger than expected - with some additional nice results.

US_MFA_REQUIRED is a new configuration variable that will trigger two-factor.

Since in most cases, there isn't any reason to require tfa if already authenticated
with say 'sms' - we track how the user initially authenticated, and use that to
check if tfa is required.
This involved being able to track a 'code' back to a 'method' - which is done
by having a totp_secret PER method, and iterating to find one that verifies.

This prompted adding a new signal - user_authenticated which is invoked upon
successful login and gets the user and authn... (continued)

2743 of 2826 relevant lines covered (97.06%)

0.97 hits per line

Source Files on job 551.8 (REQUIREMENTS=release)