Merge pull request #981 from MTES-MCT/feature/2fa-django

Django 2FA

Author: smdsgn

Pipfile

@@ -71,3 +71,6 @@ setuptools = "*"
 py7zr = "*"
 dependency-injector = "*"
 django-webpack-loader = "*"
+django-two-factor-auth = "*"
+qrcode = "*"
+phonenumbers = "*"

Pipfile.lock

@@ -84,6 +84,11 @@
     "corsheaders",
     "fancy_cache",
     "webpack_loader",
+    "two_factor",
+    "django_otp",
+    "django_otp.plugins.otp_totp",
+    "django_otp.plugins.otp_static",
+    "qrcode",
 ]
 
 # upper app should not communicate with lower ones
@@ -115,6 +120,7 @@
     "django.middleware.common.CommonMiddleware",
     "django.middleware.csrf.CsrfViewMiddleware",
     "django.contrib.auth.middleware.AuthenticationMiddleware",
+    "django_otp.middleware.OTPMiddleware",
     "django.contrib.messages.middleware.MessageMiddleware",
     "django.middleware.clickjacking.XFrameOptionsMiddleware",
     "simple_history.middleware.HistoryRequestMiddleware",
@@ -183,7 +189,7 @@
 # indicate the new User model to Django
 AUTH_USER_MODEL = "users.User"
 LOGIN_REDIRECT_URL = "project:list"
-LOGIN_URL = "users:signin"
+LOGIN_URL = "two_factor:login"
 
 
 # Internationalization

config/settings.py

@@ -18,15 +18,18 @@
 from django.conf.urls.static import static
 from django.contrib import admin
 from django.urls import include, path
+from two_factor.admin import AdminSiteOTPRequired
+from two_factor.urls import urlpatterns as tf_urls
 
 from config.views import EnvironmentView
 
+admin.site.__class__ = AdminSiteOTPRequired
 admin.site.site_header = f"Mon Diagnostic Artificialisation v{settings.OFFICIAL_VERSION}"
 
-
 urlpatterns = [
-    path("", include("home.urls")),
+    path("", include(tf_urls)),
     path("admin/", admin.site.urls),
+    path("", include("home.urls")),
     path("users/", include("users.urls")),
     path("public/", include("public_data.urls")),
     path("project/", include("project.urls")),

config/urls.py

@@ -0,0 +1,114 @@
+{% load static %}
+
+<!DOCTYPE html>
+<html lang="fr">
+    <head>
+        <meta charset="utf-8" />
+        <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" />
+
+        <title>Authentification 2FA</title>
+
+        <style>
+            body {
+                font-family: 'Marianne', sans-serif;
+                margin: 0;
+                padding: 0;
+                display: flex;
+                justify-content: center;
+                align-items: center;
+                min-height: 100vh;
+                background-color: #f7f7f7;
+            }
+            
+            .container {
+                background-color: white;
+                padding: 40px 30px;
+                border-radius: 12px;
+                box-shadow: 0 8px 16px rgba(0, 0, 0, 0.1);
+                width: 100%;
+                max-width: 400px;
+            }
+            
+            .container:hover {
+                box-shadow: 0 12px 24px rgba(0, 0, 0, 0.2);
+            }
+            
+            h1 {
+                font-size: 2rem;
+                text-align: center;
+                color: #333;
+                font-weight: 600;
+            }
+
+            p {
+                margin-bottom: 2.5rem;
+                text-align: center;
+                font-size: 0.95em;
+            }
+            
+            form {
+                display: flex;
+                flex-direction: column;
+                gap: 20px;
+            }
+            
+            form label {
+                font-size: 0.9em;
+                font-weight: 500;
+                color: #333;
+                display: block;
+                text-align: left;
+                margin-right: 1.5rem;
+            }
+            
+            form input {
+                padding: 12px;
+                margin: 0;
+                border: 1px solid #ddd;
+                border-radius: 8px;
+                font-size: 16px;
+                background-color: #fafafa;
+                width: 100%;
+                box-sizing: border-box;
+                transition: border-color 0.3s ease, background-color 0.3s ease;
+            }
+            
+            form input:focus {
+                outline: none;
+                border-color: #007bff;
+                background-color: #ffffff;
+            }
+            
+            form button {
+                background: linear-gradient(90deg, rgba(2,0,36,1) 0%, rgba(118,57,246,1) 0%, rgba(0,101,203,1) 100%);
+                color: white;
+                padding: 12px 18px;
+                border: none;
+                border-radius: 8px;
+                cursor: pointer;
+                font-size: 16px;
+                font-weight: 500;
+                transition: opacity 0.3s;
+                width: 100%;
+            }
+            
+            form button:hover {
+                opacity: 0.8;
+            }
+            
+            .message {
+                margin-top: 20px;
+                text-align: center;
+                font-size: 14px;
+                color: #555;
+            }
+        </style>
+    </head>
+    <body>
+        {% block content_wrapper %}
+            <div class="container">
+            {% block content %}{% endblock %}
+            </div>
+        {% endblock %}
+    </body>
+</html>

templates/two_factor/_base.html

@@ -24,6 +24,15 @@ def get_context_breadcrumbs(self):
             {"href": reverse_lazy("users:signin"), "title": "Connexion"},
         ]
 
+    def get_success_url(self):
+        """Redirige les admins vers le 2FA et les autres vers /project/"""
+        user = self.request.user
+        if user.is_authenticated:
+            if user.is_staff or user.is_superuser:
+                return reverse_lazy("two_factor:login")
+            return reverse_lazy("project:list")
+        return super().get_success_url()
+
 
 class SignoutView(RedirectView):
     url = reverse_lazy("users:signin")