All in one authentication and authorization package for django
leogenius360: I need a deeper analysis of my models (django_authx/models/*)
Workspace: Collecting workspace information
I'll analyze the Django models in the django_authx/models/ directory:
AbstractBaseAuthModel
- Foundation abstract model that provides:
- Common authentication fields like status, timestamps, validation tracking
- Core functionality for validation attempts and status management
AUTH_STATUS
choices: pending, active, used_up, expired, disabled, suspended, locked
AbstractAuthModel
- Extends base model with:
is_primary
boolean field for marking primary authentication methods
- Basic email authentication
- Unique email field with validation
- Custom DB table:
authx_emails - Indexed fields: email, is_active, is_verified
-
Phone number authentication using PhoneNumberField
-
E.164 format validation
-
Custom DB table:
authx_phones -
Indexed fields: phone, is_active, is_verified
- OAuth2-based authentication
- Fields for provider, tokens, expiry
- Scoped access control
- Custom DB table:
authx_oauth2 - Unique constraint on (provider, provider_id)
Located in models/mfactor.py
, implements various MFA approaches:
-
TOTPMethod: Time-based One-Time Password
- TOTP secret key storage
- JWT validation support
- Configurable digits and interval
-
WebAuthnMethod: FIDO2/WebAuthn support
- Encrypted credential storage
- Sign count tracking
-
PushMethod: Push notification authentication
- Device token and platform info
- Push notification handling
-
BackupCode: Recovery code system
- Single-use encrypted codes
- Usage tracking
- Automatic code generation
-
TrustedDevice: Device trust management
- Device fingerprinting
- Trust expiry handling
- IP and user agent tracking
The models use encrypted fields from models/modelfields/encrypted_fields.py
:
-
EncryptedCharField
-
EncryptedTextField
-
EncryptedDateField
-
EncryptedDateTimeField
-
EncryptedEmailField
-
EncryptedBooleanField
-
EncryptedNumberFields(various integer types)
-
Security
- Field-level encryption using Fernet
- Soft deletion support
- Failed attempt tracking
- Automatic lockout
-
Flexibility
- Multiple authentication methods
- MFA support
- Device trust management
- Status tracking
-
Auditing
- Comprehensive timestamps
- Activity tracking
- Status change logging
-
Performance
- Strategic database indexing
- Efficient queries
- Caching support
- Add more extensive validation methods for each auth type
- Implement rate limiting at the model level
- Add more robust session management
- Enhance audit logging
- Consider adding support for biometric authentication methods
- Add support for batch operations and bulk updates
- Consider implementing password history tracking
- Add support for auth method prioritization