Re: ANN: django-otp and friends: one-time passwords and trusted agents

I imagine that would work. Generally speaking, if you want to use a multi-page flow to atomically mutate some state (in this case auth status), you're pretty much into form wizard territory. For specific scenarios, there may be workarounds--potentially a bit sneaky and underhanded--that produce a similar effect.


On Aug 9, 2013, at 2:08 PM, Jason Arnst-Goodrich <goodrichj@gmail.com> wrote:

> I thought about that and I didn't like that it logged them in if they failed the OTP token. I'll probably use it for now.
>
> The only reason being I want them to do it in a single "attempt session". If they login half way and leave for a couples minutes I want them to supply the regular login credentials again. In other words I'm not comfortable leaving them in the "half way logged in" state.
>
> Although... I bet there's a way to expire users who are two factor enabled that are not validated yet...
>
> How about I wrap the django_otp.views.login with something like:
>
> if not validated:
> if login time too old:
> kill the session
> redirect to login_view
>
> --
> You received this message because you are subscribed to a topic in the Google Groups "Django users" group.
> To unsubscribe from this topic, visit https://groups.google.com/d/topic/django-users/b47ONAEWFos/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to django-users+unsubscribe@googlegroups.com.
> To post to this group, send email to django-users@googlegroups.com.
> Visit this group at http://groups.google.com/group/django-users.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.
For more options, visit https://groups.google.com/groups/opt_out.