Initial set of examples from the first 1/3 of the article

RadoRado · RadoRado · commit bfb5de6e654c · 2023-07-04T16:13:49.000+03:00
diff --git a/config/django/base.py b/config/django/base.py
@@ -12,7 +12,7 @@
 
 import os
 
-from config.env import BASE_DIR, env
+from config.env import BASE_DIR, APPS_DIR, env
 
 env.read_env(os.path.join(BASE_DIR, ".env"))
 
@@ -54,7 +54,8 @@
 ]
 
 INSTALLED_APPS = [
-    "django.contrib.admin",
+    # "django.contrib.admin",
+    "styleguide_example.admin.apps.AdminConfig",
     "django.contrib.auth",
     "django.contrib.contenttypes",
     "django.contrib.sessions",
@@ -80,10 +81,12 @@
 
 ROOT_URLCONF = "config.urls"
 
+print(os.path.join(APPS_DIR, "templates"))
+
 TEMPLATES = [
     {
         "BACKEND": "django.template.backends.django.DjangoTemplates",
-        "DIRS": [],
+        "DIRS": [os.path.join(APPS_DIR, "templates")],
         "APP_DIRS": True,
         "OPTIONS": {
             "context_processors": [
diff --git a/config/env.py b/config/env.py
@@ -4,6 +4,7 @@
 env = environ.Env()
 
 BASE_DIR = environ.Path(__file__) - 2
+APPS_DIR = BASE_DIR.path("styleguide_example")
 
 
 def env_to_enum(enum_cls, value):
diff --git a/requirements/base.txt b/requirements/base.txt
@@ -28,3 +28,6 @@ google-api-python-client==2.86.0
 google-auth==2.21.0
 google-auth-httplib2==0.1.0
 google-auth-oauthlib==1.0.0
+
+pyotp==2.8.0
+qrcode==7.4.2
diff --git a/styleguide_example/admin/__init__.py b/styleguide_example/admin/__init__.py
diff --git a/styleguide_example/admin/apps.py b/styleguide_example/admin/apps.py
@@ -0,0 +1,5 @@
+from django.contrib.admin.apps import AdminConfig as BaseAdminConfig
+
+
+class AdminConfig(BaseAdminConfig):
+    default_site = "styleguide_example.admin.sites.AdminSite"
diff --git a/styleguide_example/admin/migrations/__init__.py b/styleguide_example/admin/migrations/__init__.py
diff --git a/styleguide_example/admin/sites.py b/styleguide_example/admin/sites.py
@@ -0,0 +1,15 @@
+from django.contrib import admin
+from django.urls import path
+
+from styleguide_example.blog_examples.admin_2fa.views import AdminSetupTwoFactorAuthView
+
+
+class AdminSite(admin.AdminSite):
+    def get_urls(self):
+        base_urlpatterns = super().get_urls()
+
+        extra_urlpatterns = [
+            path("setup-2fa/", self.admin_view(AdminSetupTwoFactorAuthView.as_view()), name="setup-2fa")
+        ]
+
+        return extra_urlpatterns + base_urlpatterns
diff --git a/styleguide_example/blog_examples/admin.py b/styleguide_example/blog_examples/admin.py
@@ -0,0 +1,16 @@
+from django.contrib import admin
+from django.utils.html import format_html
+
+from styleguide_example.blog_examples.admin_2fa.models import UserTwoFactorAuthData
+
+
+@admin.register(UserTwoFactorAuthData)
+class UserTwoFactorAuthDataAdmin(admin.ModelAdmin):
+    def qr_code(self, obj):
+        return format_html(obj.generate_qr_code())
+
+    def get_readonly_fields(self, request, obj=None):
+        if obj is not None:
+            return ["user", "otp_secret", "qr_code"]
+        else:
+            return ()
diff --git a/styleguide_example/blog_examples/admin_2fa/__init__.py b/styleguide_example/blog_examples/admin_2fa/__init__.py
diff --git a/styleguide_example/blog_examples/admin_2fa/models.py b/styleguide_example/blog_examples/admin_2fa/models.py
@@ -0,0 +1,23 @@
+from typing import Optional
+
+import pyotp
+import qrcode
+import qrcode.image.svg
+from django.conf import settings
+from django.db import models
+
+
+class UserTwoFactorAuthData(models.Model):
+    user = models.OneToOneField(settings.AUTH_USER_MODEL, related_name="two_factor_auth_data", on_delete=models.CASCADE)
+
+    otp_secret = models.CharField(max_length=255)
+
+    def generate_qr_code(self, name: Optional[str] = None) -> str:
+        totp = pyotp.TOTP(self.otp_secret)
+        qr_uri = totp.provisioning_uri(name=name, issuer_name="Styleguide Example Admin 2FA Demo")
+
+        image_factory = qrcode.image.svg.SvgPathImage
+        qr_code_image = qrcode.make(qr_uri, image_factory=image_factory)
+
+        # The result is going to be an HTML <svg> tag
+        return qr_code_image.to_string().decode("utf_8")
diff --git a/styleguide_example/blog_examples/admin_2fa/services.py b/styleguide_example/blog_examples/admin_2fa/services.py
@@ -0,0 +1,16 @@
+import pyotp
+from django.contrib.auth import get_user_model
+from django.core.exceptions import ValidationError
+
+from .models import UserTwoFactorAuthData
+
+User = get_user_model()
+
+
+def user_two_factor_auth_data_create(*, user: User) -> UserTwoFactorAuthData:
+    if hasattr(user, "two_factor_auth_data"):
+        raise ValidationError("Can not have more than one 2FA related data.")
+
+    two_factor_auth_data = UserTwoFactorAuthData.objects.create(user=user, otp_secret=pyotp.random_base32())
+
+    return two_factor_auth_data
diff --git a/styleguide_example/blog_examples/admin_2fa/views.py b/styleguide_example/blog_examples/admin_2fa/views.py
@@ -0,0 +1,23 @@
+from django.core.exceptions import ValidationError
+from django.views.generic import TemplateView
+
+from .services import user_two_factor_auth_data_create
+
+
+class AdminSetupTwoFactorAuthView(TemplateView):
+    template_name = "blog_examples/admin_2fa/setup_mfa.html"
+
+    def post(self, request):
+        context = {}
+        user = request.user
+
+        try:
+            two_factor_auth_data = user_two_factor_auth_data_create(user=user)
+            otp_secret = two_factor_auth_data.otp_secret
+
+            context["otp_secret"] = otp_secret
+            context["qr_code"] = two_factor_auth_data.generate_qr_code(otp_secret=otp_secret, name=user.username)
+        except ValidationError as exc:
+            context["form_errors"] = exc.messages
+
+        return self.render_to_response(context)
diff --git a/styleguide_example/blog_examples/migrations/0003_usertwofactorauthdata.py b/styleguide_example/blog_examples/migrations/0003_usertwofactorauthdata.py
@@ -0,0 +1,24 @@
+# Generated by Django 4.1.9 on 2023-07-04 12:17
+
+from django.conf import settings
+from django.db import migrations, models
+import django.db.models.deletion
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
+        ('blog_examples', '0002_somedatamodel'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='UserTwoFactorAuthData',
+            fields=[
+                ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('otp_secret', models.CharField(max_length=255)),
+                ('user', models.OneToOneField(on_delete=django.db.models.deletion.CASCADE, related_name='two_factor_auth_data', to=settings.AUTH_USER_MODEL)),
+            ],
+        ),
+    ]
diff --git a/styleguide_example/blog_examples/models.py b/styleguide_example/blog_examples/models.py
@@ -1,6 +1,7 @@
 from django.db import models
 from django.utils import timezone
 
+from .admin_2fa.models import UserTwoFactorAuthData  # noqa
 from .f_expressions.models import SomeDataModel  # noqa
 
 
diff --git a/styleguide_example/blog_examples/templates/admin_2fa/setup_mfa.html b/styleguide_example/blog_examples/templates/admin_2fa/setup_mfa.html
@@ -0,0 +1,27 @@
+{% extends "admin/login.html" %}
+
+{% block content %}
+  <form action="" method="post">
+    {% csrf_token %}
+
+    {% if otp_secret %}
+      <p>OTP Secret: {{ otp_secret }}</p>
+      <p>Enter it inside a 2FA app (Google Authenticator, Authy) or scan the QR code below.</p>
+      {{ qr_code|safe }}
+    {% else %}
+      {% if form_errors %}
+	{% for error in form_errors %}
+	  <p class="errornote">
+	    {{ error }}
+	  </p>
+	{% endfor %}
+      {% else %}
+	<label>Click the button generate a 2FA application code.</label>
+      {% endif %}
+    {% endif %}
+
+    <div class="submit-row">
+      <input type="submit" value="Generate">
+    </div>
+  </form>
+{% endblock %}
diff --git a/styleguide_example/templates/admin/base_site.html b/styleguide_example/templates/admin/base_site.html
@@ -0,0 +1,10 @@
+{% extends "admin/base_site.html" %}
+
+{% block userlinks %}
+    <h1>SHANO</h1>
+  {% if user.is_active and user.is_staff %}
+    <a href="{% url "admin:setup-2fa" %}"> Setup 2FA </a> /
+  {% endif %}
+
+  {{ block.super }}
+{% endblock %}
