Skip to content

Releases: mkalioby/django-mfa2

v3.0

15 Jul 10:59
@mkalioby mkalioby
v3.0-released
829426b
This commit was signed with the committer’s verified signature.
mkalioby Mohamed El-Kalioby
GPG key ID: 324B3FB9935A3C81
Learn about vigilant mode.
Compare
Choose a tag to compare
v3.0 Latest
Latest

v3.0

This is a major cleanup and CSS adjustments so please test before deployment.

  • Updated to fido2==1.1.3
  • Removed: CBOR and exchange is done in JSON now.
  • Removed: simplejson package from dependencies.
  • Email OTP is always 6 numbers.
  • Better support for bootstrap 4 and 5.
  • Added: the following settings
    • MFA_FIDO2_RESIDENT_KEY: Defaults to Discouraged which was the old behaviour
    • MFA_FIDO2_AUTHENTICATOR_ATTACHMENT: If you like to have a PLATFORM Authenticator, Defaults to NONE
    • MFA_FIDO2_USER_VERIFICATION: If you need User Verification
    • MFA_FIDO2_ATTESTATION_PREFERENCE: If you like to have an Attention
    • MFA_ENFORCE_EMAIL_TOKEN: if you want the user to receive OTP by email without enrolling, if this the case, the system admins shall make sure that emails are valid.
    • MFA_SHOW_OTP_IN_EMAIL_SUBJECT: If you like to show the OTP in the email subject
    • MFA_OTP_EMAIL_SUBJECT: The subject of the email after the token allows placeholder '%s' for otp
Assets 2
Loading

v3.0b2

04 Jul 13:34
@mkalioby mkalioby
v3.0b2-tag
0c3a1e9
This commit was signed with the committer’s verified signature.
mkalioby Mohamed El-Kalioby
GPG key ID: 324B3FB9935A3C81
Learn about vigilant mode.
Compare
Choose a tag to compare
v3.0b2 Pre-release
Pre-release
  • Updated to fido2==1.1.3
  • Removed: CBOR and exchange is done in JSON now.
  • Removed: simplejson package from dependencies.
  • Email OTP is always 6 numbers.
  • Better support for bootstrap 4 and 5.
  • Added: the following settings
    • MFA_FIDO2_RESIDENT_KEY: Defaults to Discouraged which was the old behaviour
    • MFA_FIDO2_AUTHENTICATOR_ATTACHMENT: If you like to have a PLATFORM Authenticator, Defaults to NONE
    • MFA_FIDO2_USER_VERIFICATION: If you need User Verification
    • MFA_FIDO2_ATTESTATION_PREFERENCE: If you like to have an Attention
    • MFA_ENFORCE_EMAIL_TOKEN: if you want the user to receive OTP by email without enrolling, if this the case, the system admins shall make sure that emails are valid.
    • MFA_SHOW_OTP_IN_EMAIL_SUBJECT: If you like to show the OTP in the email subject
    • MFA_OTP_EMAIL_SUBJECT: The subject of the email after the token allows placeholder '%s' for otp
Assets 2
Loading

v3.0b1

28 Jun 11:33
@mkalioby mkalioby
v3.0b1
3a7b578
Compare
Choose a tag to compare
v3.0b1 Pre-release
Pre-release

3.0 (Beta)

  • Updated to fido2==1.1.3
  • Removed: CBOR and exchange is done in JSON now
  • Allows using WebAuthn (passkeys) as a single factor for login
  • Added: the following settings
    • MFA_FIDO2_RESIDENT_KEY: Defaults to Discouraged which was the old behaviour
    • MFA_FIDO2_AUTHENTICATOR_ATTACHMENT: If you like to have a PLATFORM Authenticator, Defaults to NONE
    • MFA_FIDO2_USER_VERIFICATION: If you need User Verification
    • MFA_FIDO2_ATTESTATION_PREFERENCE: If you like to have an Attention
Assets 2
Loading

v2.9.0

27 May 05:56
@mkalioby mkalioby
v2.9
d90c40b
This commit was signed with the committer’s verified signature.
mkalioby Mohamed El-Kalioby
GPG key ID: 324B3FB9935A3C81
Learn about vigilant mode.
Compare
Choose a tag to compare
v2.9.0
  • Add: Set black as code formatter
  • Add: Add Pyre as a type checker
  • Add: Add pre-commit hooks
  • Upgrade: fido to be 1.1.0 as minimum
Assets 2
Loading

v2.8.0

25 Dec 11:15
@mkalioby mkalioby
v2.8
be3cf69
This commit was signed with the committer’s verified signature.
mkalioby Mohamed El-Kalioby
GPG key ID: 324B3FB9935A3C81
Learn about vigilant mode.
Compare
Choose a tag to compare
v2.8.0

2.8.0

  • Support For Django 4.0+ JSONField
  • Removed jsonfield package from requirements

2.7.0

  • Fixed #70
  • Add QR Code for trusted device link
  • Better formatting for trusted device start page.
Assets 2
Loading

v2.6.1 - Security Update

10 Oct 14:38
@mkalioby mkalioby
v2.6.1-release
2d7b80b
Compare
Choose a tag to compare
v2.6.1 - Security Update

2.6.1

  • Fix: CVE-2022-42731: related to the possibility of registration replay attack.
    Thanks to 'SSE (Secure Systems Engineering)'
Assets 2
Loading

v2.5.1 - Security Updated

10 Oct 14:18
@mkalioby mkalioby
v2.5.1-release
5fbb505
Compare
Choose a tag to compare
v2.5.1 - Security Updated

2.5.1

  • Fix: CVE-2022-42731: related to the possibility of registration replay attack thanks to 'SSE (Secure Systems Engineering)'
Assets 2
Loading

v2.6.0

01 Oct 09:48
@mkalioby mkalioby
v2.6.0-release
4903967
Compare
Choose a tag to compare
v2.6.0

v2.6.0

  • Adding Backup Recovery Codes (Recovery) as a method.
    Thanks to @Spitfireap for work, and @peterthomassen for guidance.
    • Added: RECOVERY_ITERATION to set the number of iteration when hashing recovery token
    • Added: MFA_ENFORCE_RECOVERY_METHOD to enforce the user to enroll in the recovery code method once, they add any other method,
    • Added: MFA_ALWAYS_GO_TO_LAST_METHOD to the settings which redirects the user automatically to the last used method when logging in
    • Added: MFA_RENAME_METHODS to be able to rename the methods for the user.
    • Fix: Alot of CSS fixes for the example application

Contributors

peterthomassen and Spitfireap
Assets 2
Loading

v2.6.0rc1

11 Sep 06:56
@mkalioby mkalioby
v2.6rc1
cf527d9
This commit was signed with the committer’s verified signature.
mkalioby Mohamed El-Kalioby
GPG key ID: 324B3FB9935A3C81
Learn about vigilant mode.
Compare
Choose a tag to compare
v2.6.0rc1 Pre-release
Pre-release
  • Adding Backup Recovery Codes (Recovery) as a method.
    Thanks to @Spitfireap for work, and @peterthomassen for guidance.
  • Added: RECOVERY_ITERATION to set the number of iteration when hashing recovery token
  • Added: MFA_ENFORCE_RECOVERY_METHOD to enforce the user to enroll in the recovery code method once, they add any other method,
  • Added: MFA_ALWAYS_GO_TO_LAST_METHOD to the settings which redirects the user automatically to the last used method when logging in
  • Added: MFA_RENAME_METHODS to be able to rename the methods for the user.
  • Fix: Alot of CSS fixes for the example application

Contributors

peterthomassen and Spitfireap
Assets 2
Loading

v2.5

22 Jun 13:11
@mkalioby mkalioby
v2.5
0936ea2
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v2.5

2.5.0

  • Fixed: issue in the 'Authorize' button don't show on Firefox and Chrome on iOS.
    Note: It seems Firefox doesn't support WebAuthn on iOS
  • Fixed: Support for bootstrap5
    Thanks to @ezrajrice
  • Upgraded to fido==1.0.0

Contributors

ezrajrice
Assets 2
Loading