pacnpal/thrillwiki_django_no_react
1
1
Fork 0
mirror of https://github.com/pacnpal/thrillwiki_django_no_react.git synced 2026-02-05 13:15:17 -05:00
Code Issues Packages Projects Releases Wiki Activity

feat: Implement passkey authentication, account management features, and a dedicated MFA login verification flow.

Browse Source
This commit is contained in:
pacnpal
2026-01-06 10:08:44 -05:00
parent b80654952d
commit 4da7e52fb0
14 changed files with 1566 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
backend/config/django/base.py
View File

@@ -82,6 +82,7 @@ THIRD_PARTY_APPS = [
"allauth",
"allauth.account",
"allauth.mfa", # MFA/TOTP support
"allauth.mfa.webauthn", # WebAuthn/Passkey support
"allauth.socialaccount",
"allauth.socialaccount.providers.google",
"allauth.socialaccount.providers.discord",

22
backend/config/settings/third_party.py
View File

@@ -76,8 +76,8 @@ SOCIALACCOUNT_STORE_TOKENS = True
# =============================================================================
# https://docs.allauth.org/en/latest/mfa/index.html
# Supported authenticator types
MFA_SUPPORTED_TYPES = ["totp"]
# Supported authenticator types - TOTP and WebAuthn (Passkeys)
MFA_SUPPORTED_TYPES = ["totp", "webauthn"]
# TOTP settings
MFA_TOTP_ISSUER = config("MFA_TOTP_ISSUER", default="ThrillWiki")
@@ -88,6 +88,17 @@ MFA_TOTP_DIGITS = 6
# Interval in seconds for TOTP code generation (default 30)
MFA_TOTP_PERIOD = 30
# WebAuthn/Passkey settings
MFA_PASSKEY_LOGIN_ENABLED = config("MFA_PASSKEY_LOGIN_ENABLED", default=True, cast=bool)
# Read DEBUG directly (same source as base.py) to avoid circular import
_DEBUG_MFA = config("DEBUG", default=True, cast=bool)
# Allow insecure origin (http://localhost) for WebAuthn in development
MFA_WEBAUTHN_ALLOW_INSECURE_ORIGIN = config(
"MFA_WEBAUTHN_ALLOW_INSECURE_ORIGIN", default=_DEBUG_MFA, cast=bool
)
# =============================================================================
# Login By Code (Magic Link) Configuration
# =============================================================================
@@ -202,7 +213,10 @@ FRONTEND_DOMAIN = config("FRONTEND_DOMAIN", default="https://thrillwiki.com")
TURNSTILE_SITEKEY = config("TURNSTILE_SITEKEY", default="")
TURNSTILE_SECRET = config("TURNSTILE_SECRET", default="")
# Skip Turnstile validation in development if keys not set
# Read DEBUG directly (same source as base.py) to avoid circular import
_DEBUG = config("DEBUG", default=True, cast=bool)
# Skip Turnstile validation in debug mode or if no secret configured
TURNSTILE_SKIP_VALIDATION = config(
"TURNSTILE_SKIP_VALIDATION", default=not TURNSTILE_SECRET, cast=bool # Skip if no secret
"TURNSTILE_SKIP_VALIDATION", default=(_DEBUG or not TURNSTILE_SECRET), cast=bool
)