Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove django-allauth-2fa, dj-rest-auth and django-user-sessions #6293

Draft
wants to merge 77 commits into
base: master
Choose a base branch
from
Draft

Remove django-allauth-2fa, dj-rest-auth and django-user-sessions #6293

wants to merge 77 commits into from

Conversation

matmair
Copy link
Member

@matmair matmair commented Jan 19, 2024
edited
Loading

This PR remove django-allauth-2fa and replaces it with the inline functions of django-allauth. This reduces the depenecdy footprint and sets us up for further improvements that are planned upstream. Those will reduce the dependency footprint even more and close #4002

Update: Most of the planned things we would be interested in are now implemented and the scope shifted a bit - it makes sense to just ripp all auth extensions out and use only allauths built-in things. We have a lot of grown auth-adjencent code that can probably be removed / rewritten.

Closes #6281

Todo:

  • refactor authentication forms && detection of enabled features (see 8912)
  • implement custom link target lookup for email from django-allauth
  • show user ID in MFA flow
  • implement password-reset flow
  • implement email-verification flow
  • re-implement registration flow
  • re-implement password reset flow
  • keep auth context somewhere for the local session to refer back to
  • move now removed system status info into main status (registration, mfa, sso available)
  • switch back to browser flow for auth APIs
  • rename all new auth URLs to fix to the current schema
  • include schema for auth with central API
  • write changelog

@netlify Netlify
Copy link

netlify bot commented Jan 19, 2024
edited
Loading

Deploy Preview for inventree-web-pui-preview failed.

Name Link
🔨 Latest commit e5f6f3b
🔍 Latest deploy log https://app.netlify.com/sites/inventree-web-pui-preview/deploys/677091c401658c0008b2d58b

@matmair matmair added dependency Relates to a project dependency security Relates to a security issue breaking Indicates a major update or change which breaks compatibility labels Jan 19, 2024
@matmair matmair self-assigned this Jan 19, 2024
@matmair matmair added this to the 0.14.0 milestone Jan 19, 2024
@matmair matmair modified the milestones: 0.14.0, 0.13.6, 0.15.0 Feb 12, 2024
@matmair matmair mentioned this pull request Mar 21, 2024
Open
@matmair matmair mentioned this pull request Dec 23, 2024
Open
@matmair matmair mentioned this pull request Dec 26, 2024
Merged
@matmair
Copy link
Member Author

matmair commented Dec 26, 2024

@sur5r this re-implements the MFA stack and now keeps the user completely in PUI. It is not fully done but I would appreciate if you could test this and report back. Please do this on a test-database, we are migrating the factors to a new DB schema so there could be issues.
Registering factors is not working currently but will be implemented before the merge.

@sur5r
Copy link
Contributor

sur5r commented Dec 26, 2024

Will do, but might take some days before I get around to it.

@matmair could pass by at PoC desk if you have time?

@matmair
Copy link
Member Author

matmair commented Dec 26, 2024

@sur5r which PoC desk?

@sur5r
Copy link
Contributor

sur5r commented Dec 26, 2024

At 38c3, first floor. https://38c3.c3nav.de/l/c:1:193.66:143.06/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@SchrodingersGat SchrodingersGat Awaiting requested review from SchrodingersGat SchrodingersGat will be requested when the pull request is marked ready for review SchrodingersGat is a code owner

Assignees

@matmair matmair

Labels
breaking Indicates a major update or change which breaks compatibility dependency Relates to a project dependency full-run Always do a full QC CI run security Relates to a security issue
Projects
None yet
Milestone
1.0.0
Development

Successfully merging this pull request may close these issues.

Remove django-allauth-2fa [FR] Add passkey as a factor
2 participants
@matmair @sur5r