k1nky / netbox-otp-plugin Goto Github PK

This netbox plugin adds support for one-time password (OTP) to Netbox.

Python 79.70% HTML 19.29% Makefile 1.01%

netbox-otp-plugin's Introduction

Netbox OTP Plugin

Two-factor authentication for NetBox. The plugin provides user OTP token verification and OTP device management is provided and bases on django-otp with Time-based One-time Password algorithm.

Compatibility

This plugin in compatible with 3.1 and later.

Installation

The plugin is available as a Python package in pypi and can be installed with pip

source /opt/netbox/venv/bin/activate
python -m pip install netbox-otp-plugin

Enable the plugin in /opt/netbox/netbox/netbox/configuration.py:

PLUGINS = ['netbox_otp_plugin']

Run migration:

./manage.py migrate

To ensure the plugin is automatically re-installed during future upgrades, create a file named local_requirements.txt (if not already existing) in the NetBox root directory (alongside requirements.txt) and append the netbox-otp-plugin package:

echo netbox-otp-plugin >> local_requirements.txt

Configuration

An OTP device can be attached to a user in the admin site or the command:

./manage.py addtotp <username>

Then you will see a QR code that you can add to an TOTP authenticator.

To reset user OTP device use the admin site or the command:

./manage.py resettotp <username>

The plugin has additional options:

otp_required - if set to True then two-factor authentication will be always required even if a user doesn't have an OTP device yet. False value required to authenticate users only with an OTP device attached only. Default: True.
issuer - the issuer parameter for the otpauth URL (see more https://github.com/google/google-authenticator/wiki/Key-Uri-Format). Default: 'Netbox'.

Example

PLUGINS_CONFIG = {
    'netbox_otp_plugin': {
        'otp_required': False,
        'issuer': 'MyOrgNetbox'
    }
}

netbox-otp-plugin's People

Contributors

Stargazers

Watchers

netbox-otp-plugin's Issues

Bug: OTP input field removes remote authentication backends

Bug description
When having the plugin enabled, and using a remote authentication backend (SAML in my case), the buttons to log in with a remote backend disappear, in favor of the OTP code input field.

To Reproduce

Set up a remote authentication backend (OpenID, SAML, Social SSO)
Enable the plugin
Go to the login page

Expected behavior
I should see the login form, with OTP input field, and the remote backends I have enabled

Screenshots
Login page without OTP plugin, but with remote backend:

Login page with OTP plugin and remote backend:

Expected result (mockup):

Version info
Netbox v3.4.2
netbox-otp-plugin latest

The page isn’t redirecting properly

If "Login Required" is set to true in the configuration file, I receive the error "The page isn’t redirecting properly" from the browser, when trying to access netbox.

Netbox Ver. 3.5.3
Plugin Ver. 1.0.5

BUG: Too Many Redirects

Hi, after installing plugin and logout from Netbox, browser can't connect to Netbox because looping redirect from /login/?next=/plugins/otp to /plugins/otp and again, calling browser error TOO_MANY_REDIRECTS.

Changing browser, re-installing did not help.
Netbox version: 3.5.1
netbox-otp-plugin version: 1.0.5

_{Sorry for bad english, i'm not good at it}

YubiKey OTP

Hi,

seems like MFA is not working yet with YubiKey, so I'd suggest to extend this plugin. There is django-otp-yubikey library which could be helpful: https://django-otp-yubikey.readthedocs.io/en/latest/ - unfortunatly I'm not a Python developer.

thanks,
Werner

Typo in readme

Hello,

Thank you for your plugin.
There is a typo in your readme :

# BAD
echo nextbox_otp_plugin >> local_requirements.txt
# GOOD
echo netbox-otp-plugin >> local_requirements.txt

Add tags - netbox and netbox-plugin

Hi,

Is it possible to add the tags netbox and netbox-plugin to your repo.
This makes it easier to find it in the topics.

Feature request: Add possibility to configure name for TOTP

The plugin works like it should. However, adding the QR-code to Google Authenticator, it's added with the username as description. It would be great to configure this, since in my case I have the same username in three different environments, dev, test and prod, and would like to be able to name them differently automatically (for example: Netbox DEV)