This extension partially based on the ckanext-security
The extension provides a 2FA authentication mechanism for CKAN.
There are two methods of 2FA available:
- TOTP (Time-based One-Time Password) with authenticator apps like Google Authenticator, Authy, etc.
Python 3.10+
This extension uses Redis, so it must be configured for CKAN.
Compatibility with core CKAN versions:
| CKAN version | Compatible? |
|---|---|
| 2.9 and earlier | no |
| 2.10 | yes |
| 2.11 | yes |
If you want to add compatibility with CKAN 2.9 and earlier, you can contact me and I'll help you with that.
To install ckanext-auth:
- Activate your CKAN virtual environment, for example:
. /usr/lib/ckan/default/bin/activate- Clone the source and install it on the virtualenv
git clone https://github.com/DataShades/ckanext-auth.git
cd ckanext-auth
pip install -e .-
Add
authto theckan.pluginssetting in your CKAN config file (by default the config file is located at/etc/ckan/default/ckan.ini). -
Apply database migrations:
ckan db upgrade
- Restart CKAN. For example if you've deployed CKAN with Apache on Ubuntu:
sudo service apache2 reload
There are several configuration settings available for this extension. Check the config declaration file.
If you have the ckanext-admin-panel installed, the configuration settings will be available in the admin panel too.
- If you want to change the email for email 2FA, you can do it by creating a new template file at
auth/emails/verification_code.html.
To run the tests, do:
pytest --ckan-ini=test.ini