feat: redirect admins to two_factor:setup if two_factors are required a two factor is not enabled for the account

.gitignore

@@ -10,3 +10,5 @@ example/settings_private.py
 .eggs/
 
 .idea/
+
+venv/

CHANGELOG.md

@@ -1,11 +1,41 @@
+# Change Log
 ## Unreleased
 
 ### Added
 - Enforcing a redirect to setup of otp device when none available for user [#550](https://github.com/jazzband/django-two-factor-auth/pull/500)
+
+### Changed
+
+### Removed
+
+- Admin Monkey Patching
+
+  The Admin UI will not longer be automatically patched. The `TwoFactorSiteAdmin` will need to be explicitly
+  configured in urls.py.
+
+  ```py
+  # urls.py
+  from django.urls import path
+  from two_factor.admin import TwoFactorAdminSite
+  url_patterns = [
+    path('admin/', TwoFactorAdminSite().urls),
+  ]
+  ```
+
+  Custom admin sites can extend `TwoFactorSiteAdmin` or `TwoFactorSideAdminMixin` to inherit the behavior.
+
+  ```py
+  # admin.py
+  class MyCustomAdminSite(TwoFactorSiteAdminMixin, AdminSite):
+    # implement your customizations here.
+    pass
+  ```
+
 
 ## 1.14.0
 
 ### Added
+
 - Python 3.10 support
 - The setup view got a new `secret_key` context variable to be able to display
   that key elsewhere than in the QR code.
@@ -15,6 +45,7 @@
   and used to communicate the second factor token by email.
 
 ### Changed
+
 - BREAKING: The phone capability moved to a plugins folder, so if you use that
   capability and want to keep it, you should add `two_factor.plugins.phonenumber`
   line in your `INSTALLED_APPS` setting. Additionally, as the `two_factor`
@@ -29,168 +60,215 @@
 - The QR code now always uses a white background to support pages displayed
   with a dark theme.
 
+
 ### Removed
+
 - Python 3.5 and 3.6 support
 
 ## 1.13.2
 
 ### Added
+
 - Translations for new languages: Hausa, Japanese, Vietnamese
 - Django 4.0 support
 
 ### Changed
+
 - Suppressed default_app_config warning on Django 3.2+
 - qrcode dependency limit upped to 7.99 and django-phonenumber-field to 7
 - When validating a TOTP after scanning the QR code, allow a time drift of +/-1 instead of just -1
 
 ## 1.13.1
 
 ### Add
+
 - Support Twilio Messaging Service SID
 - Add autofocus, autocomplete one-time-code and inputmode numeric to token input fields
 
 ### Changed
+
 - Change "Back to Profile" to "Back to Account Security"
 
 ## 1.13.0
 
 ### Added
+
 - User can request that two-factor authentication be skipped the next time they
   log in on that particular device
 - Django 3.1 support
 - SMS message can now be customised by using a template
 
 ### Changed
+
 - Simplified `re_path()` to `path()` in URLConf
 - Templates are now based on Bootstrap 4.
 - `DisableView` now checks user has verified before disabling two-factor on
   their account
 - Inline CSS has been replaced to allow stricter Content Security Policies.
 
 ### Removed
+
 - Upper limit on django-otp dependency
 - Obsolete IE<9 workarounds
 - Workarounds for older versions of django-otp
 
 ## 1.12.1 - 2020-07-08
 
-*No code changes for this version*
+_No code changes for this version_
 
 ## 1.12 - 2020-07-08
+
 ### Added
+
 - It is possible to set a timeout between a user authenticiating in the
   `LoginView` and them needing to re-authenticate. By default this is 10
   minutes.
 
 ### Removed
+
 - The final step in the `LoginView` no longer re-validates a user's credentials.
 - Django 1.11 support.
 
 ### Changed
+
 - Security Fix: `LoginView` no longer stores credentials in plaintext in the
   session store.
 
 ## 1.11.0 - 2020-03-13
+
 ### Added
 
-*Nothing has been added for this version*
+_Nothing has been added for this version_
 
 ### Removed
+
 - MiddlewareMixin
 - Python 3.4 support
 - Django 2.1 support
 - `mock` dependency
 
 ### Changed
+
 - `extra_requires` are now listed in lowercase. This is to workaround a bug in `pip`.
 - Use `trimmed` option on `blocktrans` to avoid garbage newlines in translations.
 - `random_hex` from `django_otp` 0.8.0 will always return a `str`, don't try to decode it.
 
 ## 1.10.0 - 2019-12-13
+
 ### Added
+
 - Support for Django 3.0.
 - Optionally install full or light phonenumbers library.
 
 ### Removed
+
 - Python 2 support.
 
 ### Changed
+
 - Updated translations.
 
 ## 1.9.1 - 2019-07-07
+
 ### Changed
+
 - 1.9.0 got pushed with incorrect changelog, no other changes.
 
 ## 1.9.0 - 2019-07-07
+
 ### Added
+
 - Support for Django 2.2.
 - Ability to create `PhoneDevice` from Django admin.
 - Support for Python 3.7.
 
 ## 1.8.0 - 2018-08-03
+
 ### Added
+
 - Support for Django 2.1.
 - Support for QRcode library up to 6.
 - Translation: Romanian.
 
 ### Changed
+
 - Replace `ValidationError` with `SuspiciousOperation` in views.
 - Change the wording in 2FA disable template.
 - Updated translations.
 
 ## 1.7.0 - 2017-12-19
+
 ### Added
+
 - Support for Django 2.0.
 
 ### Removed
+
 - Django <1.11 support.
 
 ### Changed
+
 - Do not list phone method if it is not supported (#225).
 - Pass request kwarg to authentication form (#227).
 
 ## 1.6.2 - 2017-07-29
+
 ### Fixed
+
 - Twilio client 6.0 usage (#211).
 
 ### Changed
+
 - Updated translation: Russian.
 
 ## 1.6.1 - 2017-05-11
+
 ### Added
+
 - Support Twilio client 6.0 (#203).
 
 ### Fixed
+
 - `redirect_to` after successful login (#204)
 
 ### Changed
+
 - Updated translation: Norwegian Bokmål
 
 ## 1.6.0 - 2017-04-08
+
 ### Added
+
 - Support for Django 1.11 (#188).
 
 ### Removed
+
 - Django 1.9 support.
 
 ### Fixed
+
 - Allow setting `LOGIN_REDIRECT_URL` to a URL (#192).
 - `DisableView` should also take `success_url` parameter (#187).
 
 ## 1.5.0 - 2017-01-04
+
 ### Added
+
 - Django 1.10’s MIDDLEWARE support.
 - Allow `success_url` overrides from `urls.py`.
 - Autofocus token input during authentication.
 - Translations: Polish, Italian, Hungarian, Finnish and Danish.
 
 ### Removed
+
 - Dropped Python 3.2 and 3.3 support.
 
 ### Changed
+
 - Renamed `redirect_url` properties to `success_url` to be consistent with Django.
 
 ### Fixed
+
 - Allow Firefox users to enter backup tokens (#177).
 - Allow multiple requests for QR code (#99).
 - Don't add phone number without gateway (#92).

docs/class-reference.rst

@@ -3,8 +3,8 @@ Class Reference
 
 Admin Site
 ----------
-.. autoclass:: two_factor.admin.AdminSiteOTPRequired
-.. autoclass:: two_factor.admin.AdminSiteOTPRequiredMixin
+.. autoclass:: two_factor.admin.TwoFactorAdminSite
+.. autoclass:: two_factor.admin.TwoFactorAdminSiteMixin
 
 Decorators
 ----------

docs/configuration.rst

@@ -4,13 +4,6 @@ Configuration
 General Settings
 ----------------
 
-``TWO_FACTOR_PATCH_ADMIN`` (default: ``True``)
-  Whether the Django admin is patched to use the default login view.
-
-  .. warning::
-     The admin currently does not enforce one-time passwords being set for
-     admin users.
-
 ``LOGIN_URL``
   Should point to the login view provided by this application as described in
   setup. This login view handles password authentication followed by a one-time
@@ -123,7 +116,7 @@ Next, add additional urls to your config:
 
     # urls.py
     from two_factor.gateways.twilio.urls import urlpatterns as tf_twilio_urls
-    
+
     urlpatterns = [
         path('', include(tf_twilio_urls)),
         ...

docs/installation.rst

@@ -66,9 +66,10 @@ Add the routes to your project url configuration:
 .. code-block:: python
 
     from two_factor.urls import urlpatterns as tf_urls
+    from two_factor.admin import TwoFactorAdminSite
     urlpatterns = [
        path('', include(tf_urls)),
-        ...
+       path('admin', TwoFactorAdminSite().urls)
     ]
 
 .. warning::

example/urls.py

@@ -1,8 +1,8 @@
 from django.conf import settings
-from django.contrib import admin
 from django.contrib.auth.views import LogoutView
 from django.urls import include, path
 
+from two_factor.admin import TwoFactorAdminSite
 from two_factor.gateways.twilio.urls import urlpatterns as tf_twilio_urls
 from two_factor.urls import urlpatterns as tf_urls
 
@@ -39,7 +39,7 @@
     path('', include(tf_urls)),
     path('', include(tf_twilio_urls)),
     path('', include('user_sessions.urls', 'user_sessions')),
-    path('admin/', admin.site.urls),
+    path('admin/', TwoFactorAdminSite().urls),
 ]
 
 if settings.DEBUG:

requirements_dev.txt

@@ -14,7 +14,6 @@ django-bootstrap-form
 django-user-sessions
 
 # Testing
-
 coverage
 flake8
 tox