1

I am trying to do the two-factor authentication set up for my Django project. Below is the configuration details

settings.py

 'django_otp',
    'django_otp.plugins.otp_static',
    'django_otp.plugins.otp_totp',
    'two_factor',
...    
]
MIDDLEWARE = [
 'django.contrib.auth.middleware.AuthenticationMiddleware',
    'django_otp.middleware.OTPMiddleware',
...
]

LOGIN_URL = 'two_factor:login'
LOGIN_REDIRECT_URL = 'two_factor:profile'

TWO_FACTOR_PATCH_ADMIN = True
TWO_FACTOR_CALL_GATEWAY = 'two_factor.gateways.fake.fake'
TWO_FACTOR_SMS_GATEWAY = 'two_factor.gateways.fake.Fake'

AUTH_USER_MODEL ='Products.CustomUser'

AUTHENTICATION_BACKENDS = (
    'django.contrib.auth.backends.ModelBackend', 
)


LOGGING = {
'version': 1,
'disable_existing_loggers': False,
'handlers': {
'console': {
'level': 'DEBUG',
'class': 'logging.StreamHandler',
},
},
'loggers': {
'two_factor': {
'handlers': ['console'],
'level': 'INFO',
}
}
}

urls.py


urlpatterns = [
    path('', include(tf_urls)),
    # path('admin/', admin.site.urls),
]

when I access the url http://127.0.0.1:8001/account/login/ it navigates to the token generation page. when I scan the QR code with google authenticator and then when I enter the token system throws the error
**not a valid token **. The application is already running with django default authentication using the custom user model. Now I am trying to incorporate the two factor authentication.

Can someone guide me on what is missing in the above configuration?.

sksankar
  • 50
  • 8
  • 1
    show your `views.py` – SLDem Jan 02 '21 at 18:36
  • I have not done anything in views related to two-factor authentication. Can you give details if something should be done there?. Thank you – sksankar Jan 03 '21 at 02:14
  • so you are using someones package to do this? Can you specify the name of that package? – SLDem Jan 03 '21 at 09:22
  • its django-two-factor-auth https://django-two-factor-auth.readthedocs.io/en/stable/class-reference.html#views – sksankar Jan 03 '21 at 13:19
  • looks like you are missing some steps that include adding a couple variables in your `settings.py`, check the documentation again and make sure you are doing everything according to the docs and not missing a single tiny detail https://django-two-factor-auth.readthedocs.io/en/stable/installation.html – SLDem Jan 03 '21 at 14:01
  • As per my above comments hope I did it already and as per my understanding of the documentation, I did the configuration already. I do verify it a couple of times to see if anything I am missing from the documentation. Finally, now I am looking for expert guidance. – sksankar Jan 03 '21 at 16:35

1 Answers1

0

Make sure the time on both the server and the phone is set correctly. Even a few seconds off can cause the validation to fail.

Michael Code Nielsen
  • 83
  • 3
  • Hi when you say correct the time on both the places, does that mean both should be the same?. If Yes, then if my server is hosted in USA and if I am from India then both the time will be mismatching. Any advice on this? – sksankar Jan 19 '21 at 06:03
  • 1
    It uses unix timestamps (which is always gmt), so as long as you get the same timestamp on the phone and server, you are good to go – Michael Code Nielsen Jan 20 '21 at 07:38
  • I will try this – sksankar Jan 21 '21 at 06:03
  • As our requirement has changed to have a random generated value in email and then validate it. I have used custom solution with email I'm not using this package any more. Any way I will try this again later sometime when required. Thanks for helping . – sksankar Feb 01 '21 at 03:56