Enable django-otp-agents, for preserving OTP trust over time

Pipfile

@@ -19,6 +19,7 @@ django-redis-cache = "*"
 django-activeurl = "*"
 django-otp = "*"
 qrcode = "*"
+django-otp-agents = "*"
 
 
 [dev-packages]

Pipfile.lock

@@ -1,7 +1,7 @@
 {
     "_meta": {
         "hash": {
-            "sha256": "26e312dcbf4057505a29d0fa5b15c856ba3ba45a7b9545e20cc682dbef43d7df"
+            "sha256": "1d582e5b51466de2e917f117b537193fd1826f51d3a9a218f83d392d68d0c461"
         },
         "host-environment-markers": {
             "implementation_name": "cpython",
@@ -40,6 +40,13 @@
             ],
             "version": "==0.1.11"
         },
+        "django-agent-trust": {
+            "hashes": [
+                "sha256:962653c4eeab63715a6efd27649a00302082c9fb1d931e3df959e57605eb8c25",
+                "sha256:b262db89410b9901c32f27f7dd6697bf61bfcfdc01651fe40699d0b81ebc4fcc"
+            ],
+            "version": "==0.3.0"
+        },
         "django-appconf": {
             "hashes": [
                 "sha256:ddab987d14b26731352c01ee69c090a4ebfc9141ed223bef039d79587f22acd9",
@@ -87,6 +94,13 @@
             ],
             "version": "==0.4.1.1"
         },
+        "django-otp-agents": {
+            "hashes": [
+                "sha256:4ca8fae30418e0a813840cee5068d2fb96e3759787a5820d54921b90c7beaa7a",
+                "sha256:8d9f26d5a186b059251bd03e1ab509b5861a678e463c49de9b0766080b2c16a5"
+            ],
+            "version": "==0.3.0"
+        },
         "django-redis-cache": {
             "hashes": [
                 "sha256:2b4e3510bbcaf3d331975717afd6f15a36fbaf7622504599d2727dc99f90c64d"

lemonauth/templates/lemonauth/login.html

@@ -31,6 +31,14 @@
 			{% form_field form.username %}
 			{% form_field form.password %}
 			{% form_field form.otp_token %}
+
+			<div class="form-group">
+				<label class="custom-control custom-checkbox">
+					<input name="{{ form.otp_agent_trust.name }}" class="custom-control-input" type="checkbox" />
+					<span class="custom-control-indicator"></span>
+					<span class="custom-control-description">remember this browser (don't tick this on a public computer!)</span>
+				</label>
+			</div>
 		</div>
 
 		<div class="card-footer">

lemonauth/views.py

@@ -1,5 +1,5 @@
 from django.contrib.auth import views as auth_views
-from django_otp.forms import OTPAuthenticationForm
+from otp_agents.forms import OTPAuthenticationForm
 from lemoncurry import breadcrumbs
 
 breadcrumbs.add(route='lemonauth:login', label='log in', parent='home:index')

lemoncurry/settings/base.py

@@ -66,6 +66,7 @@ INSTALLED_APPS = [
 
     'compressor',
     'django_activeurl',
+    'django_agent_trust',
     'django_otp',
     'django_otp.plugins.otp_totp',
     'favicon',
@@ -85,6 +86,7 @@ MIDDLEWARE = [
     'django.middleware.csrf.CsrfViewMiddleware',
     'django.contrib.auth.middleware.AuthenticationMiddleware',
     'django_otp.middleware.OTPMiddleware',
+    'django_agent_trust.middleware.AgentMiddleware',
     'django.contrib.messages.middleware.MessageMiddleware',
     'django.middleware.clickjacking.XFrameOptionsMiddleware',
 ]
@@ -193,6 +195,10 @@ MEDIA_ROOT = os.path.join(STATIC_ROOT, 'media')
 # Settings specific to lemoncurry
 LEMONCURRY_SITE_NAME = '00dani.me'
 
+# django-agent-trust
+# https://pythonhosted.org/django-agent-trust/
+AGENT_COOKIE_SECURE = True
+
 # django-otp
 # https://django-otp-official.readthedocs.io/en/latest/overview.html
 OTP_TOTP_ISSUER = LEMONCURRY_SITE_NAME

lemoncurry/urls.py

@@ -15,12 +15,12 @@ Including another URLconf
 """
 from django.conf.urls import include, url
 from django.contrib import admin
-from django_otp.admin import OTPAdminSite
+from otp_agents.admin import TrustedAgentAdminSite
 
 import django.contrib.sitemaps.views as sitemap
 from home.sitemaps import HomeSitemap
 
-otp_admin_site = OTPAdminSite()
+otp_admin_site = TrustedAgentAdminSite()
 for model_cls, model_admin in admin.site._registry.items():
     otp_admin_site.register(model_cls, model_admin.__class__)