GitHub - DataShades/ckanext-auth: 2FA authentication for CKAN

This extension partially based on the ckanext-security

The extension provides a 2FA authentication mechanism for CKAN.

There are two methods of 2FA available:

TOTP (Time-based One-Time Password) with authenticator apps like Google Authenticator, Authy, etc.
Email

Requirements

This extension uses Redis, so it must be configured for CKAN.

Compatibility with core CKAN versions:

CKAN version	Compatible?
2.9 and earlier	no
2.10+	yes

If you want to add compatibility with CKAN 2.9 and earlier, you can contact me and I'll help you with that.

Installation

To install ckanext-auth:

Activate your CKAN virtual environment, for example:
```
 . /usr/lib/ckan/default/bin/activate
```

Clone the source and install it on the virtualenv

 git clone https://github.com/DataShades/ckanext-auth.git
 cd ckanext-auth
 pip install -e .
 pip install -r requirements.txt

Add auth to the ckan.plugins setting in your CKAN config file (by default the config file is located at /etc/ckan/default/ckan.ini).
Restart CKAN. For example if you've deployed CKAN with Apache on Ubuntu:
```
 sudo service apache2 reload
```

Config settings

There are several configuration settings available for this extension:

- key: ckanext.auth.2fa_enabled
  default: true
  type: bool
  description: Enable two-factor authentication for users

- key: ckanext.auth.2fa_method
  default: email
  description: The method to use for two-factor authentication. Options are email or authenticator.

- key: ckanext.auth.2fa_email_interval
  default: 600
  type: int
  description: TTL for the authentication code sent via email in seconds. Default is 10 minutes.

- key: ckanext.auth.2fa_login_timeout
  default: 900
  type: int
  description: Login timeout in seconds after N failed attempted. Default is 15 minutes.

- key: ckanext.auth.2fa_login_max_attempts
  default: 10
  type: int
  description: Number of failed login attempts before the login timeout is triggered.

If you have the ckanext-admin-panel installed, the configuration settings will be available in the admin panel too.

How to

If you want to change the email for email 2FA, you can do it by creating a new template file at auth/emails/verification_code.html.

Tests

To run the tests, do:

pytest --ckan-ini=test.ini

License

AGPL

Name		Name	Last commit message	Last commit date
Latest commit History 22 Commits
.github/workflows		.github/workflows
ckanext		ckanext
.coveragerc		.coveragerc
.gitignore		.gitignore
LICENSE		LICENSE
MANIFEST.in		MANIFEST.in
README.md		README.md
dev-requirements.txt		dev-requirements.txt
pyproject.toml		pyproject.toml
requirements.txt		requirements.txt
setup.cfg		setup.cfg
setup.py		setup.py
test.ini		test.ini

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Requirements

Installation

Config settings

How to

Tests

License

About

Releases

Packages

Languages

License

DataShades/ckanext-auth

Folders and files

Latest commit

History

Repository files navigation

Requirements

Installation

Config settings

How to

Tests

License

About

Resources

License

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages