More complete instructions for setting up 2FA on custom admin #740
Description
Hi! I don't have any issues to report at the moment, but wanted to make a small suggestion regarding the documentation. I think this could also be a patch that redirects to 'two-factor:setup' as in the 'done' method of the LoginView.
It seems like no one else is encountering this problem, so maybe I took a wrong turn somewhere, but examining the OTP admin classes I found no redirect to the setup page for working admin accounts.
Expected Behavior
I expected to install the package, implement a 2FA admin site, and be redirected to 2FA setup. I have a custom admin account that I only use for the admin page.
Current Behavior
Using AdminSiteOTPRequired to create a custom admin class, the user is continuously redirected to the admin login page when logging in with correct credentials prior to setting up a 2FA device. Ultimately, I simply navigated to /account/two_factor/setup/ in the browser and successfully set up 2FA.
Possible Solution
Change the documentation to indicate how to setup initial 2FA when only applying it a custom admin page.
Steps to Reproduce (for bugs)
- Install package and follow installation instructions as normal.
- Implement a custom admin such as class OTPAdminSite(AdminSiteOTPRequired), otp_admin_site = OTPAdminSite(name='otp_admin'), with path('admin/', otp_admin_site.urls) in urls
- Navigate to /admin and login with working credentials
- You will be redirected to /admin with no additional information, as you are not yet verified.
Context
I was trying to implement 2FA on a custom admin page and it took me a long time to figure out that there was no automated 2FA setup for this use case.
Your Environment
- Browser and version: Chrome, Version 129.0.6668.71
- Python version: 3.11.9
- Django version: 5.0.7
- django-otp version: Version: 1.5.4
- django-two-factor-auth version: 1.17.0
- Link to your project: akashialpha.com