django-two-factor-auth icon indicating copy to clipboard operation
django-two-factor-auth copied to clipboard

Published 20 hours ago verified publisher icon jazzband

Existing Admin Users Cannot Enable 2FA

Open 9mido opened this issue 4 years ago • 3 comments

If you already have existing admin users and then install the django-two-factor-auth package, those already existing admin users cannot enable 2FA. Only new admins that get created with python3 manage.py createsuperuser are able to enable 2FA.

There should be some way to detect this or also have the existing admins be able to enable 2FA.

9mido avatar Jul 06 '20 16:07 9mido

Hello, just clearing my doubts you are saying that existing admins before d2fa installed are unable to enable 2fa for themselves?

RitvikDayal avatar Jun 24 '21 03:06 RitvikDayal

@RitvikDayal

python manage.py createsuperuser Let's say we create a superuser called 'admin1' from that command pip install django-two-factor-auth Then we install django-two-factor-auth When trying to setup 2FA for superuser 'admin1' you cannot do it. python manage.py createsuperuser Now we create superuser 'admin2' Now we can setup 'admin2' with 2FA without any problems since django-two-factor-auth is installed already before running python manage.py createsuperuser.

This problem exists in django-otp as well https://github.com/django-otp/django-otp/issues/44. So if someone were to make a PR, you would be killing 2 birds with 1 stone.

9mido avatar Jun 24 '21 18:06 9mido

Thankyou for the explanation I was looking into something else someway related to this.

RitvikDayal avatar Jun 24 '21 19:06 RitvikDayal