.. image:: https://img.shields.io/badge/license-LGPL--3-blue.svg
:target: http://www.gnu.org/licenses/lgpl.html
:alt: License: LGPL-3
====================
MFA Support via TOTP
====================
This module adds support for MFA using TOTP (time-based, one-time passwords).
It allows users to enable/disable MFA and manage authentication apps/devices
via the "Change My Preferences" view and an associated wizard.
After logging in normally, users with MFA enabled are taken to a second screen
where they have to enter a password generated by one of their authentication
apps and are presented with the option to remember the current device. This
creates a secure, HTTP-only cookie that allows subsequent logins to bypass the
MFA step.
Installation
============
1. Install the PyOTP library using pip: ``pip install pyotp``
2. Follow the standard module install process
Configuration
=============
By default, the trusted device cookies introduced by this module have a
``Secure`` flag and can only be sent via HTTPS. You can disable this by going
to ``Settings > Parameters > System Parameters`` and changing the
``auth_totp.secure_cookie`` key to ``0``, but this is not recommended in
production as it increases the likelihood of cookie theft via eavesdropping.
Usage
=====
Install and enjoy.
.. image:: https://odoo-community.org/website/image/ir.attachment/5784_f2813bd/datas
:alt: Try me on Runbot
:target: https://runbot.odoo-community.org/runbot/149/8.0
Known Issues / Roadmap
======================
Known Issues
------------
* The module does not uninstall cleanly due to an Odoo bug, leaving the
``res.users.authenticator`` and ``res.users.device`` models partially in
place. This may be addressed at a later time via an Odoo fix or by adding
custom uninstall logic via an uninstall hook.
Roadmap
-------
* Make the various durations associated with the module configurable. They are
currently hard-coded as follows:
* 15 minutes to enter an MFA confirmation code after a password log in
* 30 days before the MFA session expires and the user has to log in again
* 30 days before the trusted device cookie expires
* Add logic to extend an MFA user's session each time it's validated,
effectively keeping it alive indefinitely as long as the user remains active
* Add device fingerprinting to the trusted device cookie and provide a way to
revoke trusted devices
* Add company-level settings for forcing all users to enable MFA and disabling
the trusted device option
Bug Tracker
===========
Bugs are tracked on `GitHub Issues
<https://github.com/OCA/server-tools/issues>`_. In case of trouble, please
check there if your issue has already been reported. If you spotted it first,
help us smash it by providing detailed and welcomed feedback.
Credits
=======
Images
------
* Odoo Community Association: `Icon <https://github.com/OCA/maintainer-tools/blob/master/template/module/static/description/icon.svg>`_.
Contributors
------------
* Oleg Bulkin <obulkin@laslabs.com>
* Michael Viriyananda <viriyananda.michael@gmail.com>
Maintainer
----------
.. image:: https://odoo-community.org/logo.png
:alt: Odoo Community Association
:target: https://odoo-community.org
This module is maintained by the OCA.
OCA, or the Odoo Community Association, is a nonprofit organization whose
mission is to support the collaborative development of Odoo features and
promote its widespread use.
To contribute to this module, please visit https://odoo-community.org.
Raw data
{
"_id": null,
"home_page": "https://laslabs.com/",
"name": "odoo8-addon-auth-totp",
"maintainer": "",
"docs_url": null,
"requires_python": "~=2.7",
"maintainer_email": "",
"keywords": "",
"author": "LasLabs, Odoo Community Association (OCA)",
"author_email": "support@odoo-community.org",
"download_url": "",
"platform": null,
"description": ".. image:: https://img.shields.io/badge/license-LGPL--3-blue.svg\n :target: http://www.gnu.org/licenses/lgpl.html\n :alt: License: LGPL-3\n\n====================\nMFA Support via TOTP\n====================\n\nThis module adds support for MFA using TOTP (time-based, one-time passwords). \nIt allows users to enable/disable MFA and manage authentication apps/devices \nvia the \"Change My Preferences\" view and an associated wizard. \n\nAfter logging in normally, users with MFA enabled are taken to a second screen \nwhere they have to enter a password generated by one of their authentication \napps and are presented with the option to remember the current device. This \ncreates a secure, HTTP-only cookie that allows subsequent logins to bypass the \nMFA step.\n\nInstallation\n============\n\n1. Install the PyOTP library using pip: ``pip install pyotp``\n2. Follow the standard module install process\n\nConfiguration\n=============\n\nBy default, the trusted device cookies introduced by this module have a \n``Secure`` flag and can only be sent via HTTPS. You can disable this by going \nto ``Settings > Parameters > System Parameters`` and changing the \n``auth_totp.secure_cookie`` key to ``0``, but this is not recommended in \nproduction as it increases the likelihood of cookie theft via eavesdropping.\n\nUsage\n=====\n\nInstall and enjoy.\n\n.. image:: https://odoo-community.org/website/image/ir.attachment/5784_f2813bd/datas\n :alt: Try me on Runbot\n :target: https://runbot.odoo-community.org/runbot/149/8.0\n\nKnown Issues / Roadmap\n======================\n\nKnown Issues\n------------\n\n* The module does not uninstall cleanly due to an Odoo bug, leaving the \n ``res.users.authenticator`` and ``res.users.device`` models partially in \n place. This may be addressed at a later time via an Odoo fix or by adding \n custom uninstall logic via an uninstall hook.\n\nRoadmap\n-------\n\n* Make the various durations associated with the module configurable. They are \n currently hard-coded as follows:\n \n * 15 minutes to enter an MFA confirmation code after a password log in\n * 30 days before the MFA session expires and the user has to log in again\n * 30 days before the trusted device cookie expires\n\n* Add logic to extend an MFA user's session each time it's validated, \n effectively keeping it alive indefinitely as long as the user remains active\n* Add device fingerprinting to the trusted device cookie and provide a way to \n revoke trusted devices\n* Add company-level settings for forcing all users to enable MFA and disabling \n the trusted device option\n\nBug Tracker\n===========\n\nBugs are tracked on `GitHub Issues \n<https://github.com/OCA/server-tools/issues>`_. In case of trouble, please \ncheck there if your issue has already been reported. If you spotted it first, \nhelp us smash it by providing detailed and welcomed feedback.\n\nCredits\n=======\n\nImages\n------\n\n* Odoo Community Association: `Icon <https://github.com/OCA/maintainer-tools/blob/master/template/module/static/description/icon.svg>`_.\n\nContributors\n------------\n\n* Oleg Bulkin <obulkin@laslabs.com>\n* Michael Viriyananda <viriyananda.michael@gmail.com>\n\nMaintainer\n----------\n\n.. image:: https://odoo-community.org/logo.png\n :alt: Odoo Community Association\n :target: https://odoo-community.org\n\nThis module is maintained by the OCA.\n\nOCA, or the Odoo Community Association, is a nonprofit organization whose\nmission is to support the collaborative development of Odoo features and\npromote its widespread use.\n\nTo contribute to this module, please visit https://odoo-community.org.\n\n\n",
"bugtrack_url": null,
"license": "LGPL-3",
"summary": "Allows users to enable MFA and add optional trusted devices",
"version": "8.0.1.0.0.99.dev6",
"project_urls": {
"Homepage": "https://laslabs.com/"
},
"split_keywords": [],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "cc07998672ee65961f5b996d0a89262f2dda2c207f9a7063303bb789449e753e",
"md5": "127d0122ba657b3d22d9f52c8fb1fa9a",
"sha256": "4659fbe300d7e79c95994adc0d5e13a909b0dc07ddfb807ae07a5e5a2b181cf5"
},
"downloads": -1,
"filename": "odoo8_addon_auth_totp-8.0.1.0.0.99.dev6-py2-none-any.whl",
"has_sig": false,
"md5_digest": "127d0122ba657b3d22d9f52c8fb1fa9a",
"packagetype": "bdist_wheel",
"python_version": "py2",
"requires_python": "~=2.7",
"size": 185470,
"upload_time": "2023-06-09T05:13:04",
"upload_time_iso_8601": "2023-06-09T05:13:04.150275Z",
"url": "https://files.pythonhosted.org/packages/cc/07/998672ee65961f5b996d0a89262f2dda2c207f9a7063303bb789449e753e/odoo8_addon_auth_totp-8.0.1.0.0.99.dev6-py2-none-any.whl",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2023-06-09 05:13:04",
"github": false,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"lcname": "odoo8-addon-auth-totp"
}
JSON