{"id":16417388,"url":"https://github.com/merixstudio/django-trench","last_synced_at":"2026-01-14T07:54:21.347Z","repository":{"id":37425037,"uuid":"151680451","full_name":"merixstudio/django-trench","owner":"merixstudio","description":"django-trench provides a set of REST API endpoints to supplement django-rest-framework with multi-factor authentication (MFA, 2FA). It supports both standard built-in authentication methods, as well as JWT (JSON Web Token). ","archived":false,"fork":false,"pushed_at":"2024-05-30T16:46:41.000Z","size":740,"stargazers_count":279,"open_issues_count":34,"forks_count":60,"subscribers_count":15,"default_branch":"develop","last_synced_at":"2025-11-27T14:37:33.255Z","etag":null,"topics":["2fa","django","django-rest-framework","python"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/merixstudio.png","metadata":{"files":{"readme":"README.rst","changelog":"CHANGELOG.rst","contributing":".github/CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":".github/CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":"AUTHORS","dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-10-05T06:39:47.000Z","updated_at":"2025-08-30T23:12:38.000Z","dependencies_parsed_at":"2024-06-18T19:57:33.125Z","dependency_job_id":"bef8f1cd-5920-4f50-a7a7-98f01d31a264","html_url":"https://github.com/merixstudio/django-trench","commit_stats":{"total_commits":224,"total_committers":29,"mean_commits":7.724137931034483,"dds":0.7633928571428572,"last_synced_commit":"b7f0eb4f0031e6013826e59a38ebd7010661cfd9"},"previous_names":[],"tags_count":6,"template":false,"template_full_name":null,"purl":"pkg:github/merixstudio/django-trench","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/merixstudio%2Fdjango-trench","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/merixstudio%2Fdjango-trench/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/merixstudio%2Fdjango-trench/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/merixstudio%2Fdjango-trench/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/merixstudio","download_url":"https://codeload.github.com/merixstudio/django-trench/tar.gz/refs/heads/develop","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/merixstudio%2Fdjango-trench/sbom","scorecard":{"id":636970,"data":{"date":"2025-08-11","repo":{"name":"github.com/merixstudio/django-trench","commit":"b7f0eb4f0031e6013826e59a38ebd7010661cfd9"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":2,"checks":[{"name":"Dangerous-Workflow","score":0,"reason":"dangerous workflow patterns detected","details":["Warn: untrusted code checkout '${{ github.event.pull_request.head.sha }}': .github/workflows/pypi_publish_prod.yml:17"],"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Code-Review","score":8,"reason":"Found 10/12 approved changesets -- score normalized to 8","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/django-package.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/merixstudio/django-trench/django-package.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/django-package.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/merixstudio/django-trench/django-package.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/django-package.yml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/merixstudio/django-trench/django-package.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi_publish_prod.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/merixstudio/django-trench/pypi_publish_prod.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi_publish_prod.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/merixstudio/django-trench/pypi_publish_prod.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/pypi_publish_prod.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/merixstudio/django-trench/pypi_publish_prod.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi_publish_test.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/merixstudio/django-trench/pypi_publish_test.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi_publish_test.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/merixstudio/django-trench/pypi_publish_test.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/pypi_publish_test.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/merixstudio/django-trench/pypi_publish_test.yml/develop?enable=pin","Warn: pipCommand not pinned by hash: .github/workflows/django-package.yml:25","Warn: pipCommand not pinned by hash: .github/workflows/django-package.yml:26","Warn: pipCommand not pinned by hash: .github/workflows/django-package.yml:27","Warn: pipCommand not pinned by hash: .github/workflows/pypi_publish_prod.yml:26","Warn: pipCommand not pinned by hash: .github/workflows/pypi_publish_prod.yml:27","Warn: pipCommand not pinned by hash: .github/workflows/pypi_publish_test.yml:25","Warn: pipCommand not pinned by hash: .github/workflows/pypi_publish_test.yml:26","Info:   0 out of   6 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   3 third-party GitHubAction dependencies pinned","Info:   0 out of   7 pipCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/django-package.yml:1","Warn: no topLevel permission defined: .github/workflows/pypi_publish_prod.yml:1","Warn: no topLevel permission defined: .github/workflows/pypi_publish_test.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"License","score":9,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Warn: project license file does not contain an FSF or OSI license."],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'develop'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 29 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":0,"reason":"44 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: PYSEC-2014-5 / GHSA-296w-6qhq-gf92","Warn: Project is vulnerable to: PYSEC-2011-2 / GHSA-3jqw-crqj-w8qw","Warn: Project is vulnerable to: PYSEC-2012-3 / GHSA-59w8-4wm2-4xw8","Warn: Project is vulnerable to: PYSEC-2012-4 / GHSA-5h2q-4hrp-v9rr","Warn: Project is vulnerable to: PYSEC-2014-6 / GHSA-625g-gx8c-xcmg","Warn: Project is vulnerable to: PYSEC-2015-8 / GHSA-6565-fg86-6jcx","Warn: Project is vulnerable to: PYSEC-2021-98 / GHSA-68w8-qjq3-2gfm","Warn: Project is vulnerable to: PYSEC-2012-2 / GHSA-78vx-ggch-wghm","Warn: Project is vulnerable to: PYSEC-2015-9 / GHSA-7fq8-4pv5-5w5c","Warn: Project is vulnerable to: PYSEC-2015-4 / GHSA-7qfw-j7hp-v45g","Warn: Project is vulnerable to: PYSEC-2011-9 / GHSA-7wph-fc4w-wqp2","Warn: Project is vulnerable to: GHSA-7xr5-9hcq-chf9","Warn: Project is vulnerable to: PYSEC-2014-2 / GHSA-89hj-xfx5-7q66","Warn: Project is vulnerable to: GHSA-8x94-hmjh-97hq","Warn: Project is vulnerable to: PYSEC-2016-2 / GHSA-c8c8-9472-w52h","Warn: Project is vulnerable to: PYSEC-2016-3 / GHSA-crhm-qpjc-cm64","Warn: Project is vulnerable to: PYSEC-2014-4 / GHSA-f7cm-ccfp-3q4r","Warn: Project is vulnerable to: PYSEC-2016-16 / GHSA-fp6p-5xvw-m74f","Warn: Project is vulnerable to: PYSEC-2011-8 / GHSA-fwr5-q9rx-294f","Warn: Project is vulnerable to: PYSEC-2015-5 / GHSA-gv98-g628-m9x5","Warn: Project is vulnerable to: PYSEC-2015-20 / GHSA-h582-2pch-3xv3","Warn: Project is vulnerable to: PYSEC-2011-5 / GHSA-h95j-h2rv-qrg4","Warn: Project is vulnerable to: GHSA-hmr4-m2h5-33qx","Warn: Project is vulnerable to: PYSEC-2015-6 / GHSA-jhjg-w2cp-5j44","Warn: Project is vulnerable to: PYSEC-2016-15 / GHSA-pw27-w7w4-9qc7","Warn: Project is vulnerable to: PYSEC-2015-10 / GHSA-q5qw-4364-5hhm","Warn: Project is vulnerable to: PYSEC-2011-4 / GHSA-rm2j-x595-q9cj","Warn: Project is vulnerable to: GHSA-rrqc-c2jx-6jgv","Warn: Project is vulnerable to: PYSEC-2014-1 / GHSA-rvq6-mrpv-m6rm","Warn: Project is vulnerable to: PYSEC-2014-7 / GHSA-rw75-m7gp-92m3","Warn: Project is vulnerable to: PYSEC-2019-16 / GHSA-vfq6-hq5r-27r6","Warn: Project is vulnerable to: PYSEC-2014-3 / GHSA-wqjj-hx84-v449","Warn: Project is vulnerable to: PYSEC-2011-3 / GHSA-wxg3-mfph-qg9w","Warn: Project is vulnerable to: PYSEC-2011-1 / GHSA-x88j-93vc-wpmp","Warn: Project is vulnerable to: PYSEC-2007-1","Warn: Project is vulnerable to: PYSEC-2008-1","Warn: Project is vulnerable to: PYSEC-2008-2","Warn: Project is vulnerable to: PYSEC-2009-3","Warn: Project is vulnerable to: PYSEC-2015-11","Warn: Project is vulnerable to: PYSEC-2015-7","Warn: Project is vulnerable to: PYSEC-2016-18","Warn: Project is vulnerable to: PYSEC-2020-263 / GHSA-fx83-3ph3-9j2q","Warn: Project is vulnerable to: GHSA-gw84-84pc-xp82","Warn: Project is vulnerable to: GHSA-5vcc-86wm-547q"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-21T09:27:53.987Z","repository_id":37425037,"created_at":"2025-08-21T09:27:53.987Z","updated_at":"2025-08-21T09:27:53.987Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28413527,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-14T05:26:33.345Z","status":"ssl_error","status_checked_at":"2026-01-14T05:21:57.251Z","response_time":107,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["2fa","django","django-rest-framework","python"],"created_at":"2024-10-11T07:11:28.948Z","updated_at":"2026-01-14T07:54:21.322Z","avatar_url":"https://github.com/merixstudio.png","language":"Python","readme":"=============\ndjango-trench\n=============\n\n.. image:: https://cybersecurity-excellence-awards.com/wp-content/uploads/2021/06/badges_2022_Silver.png\n   :target: https://cybersecurity-excellence-awards.com/candidates/merixstudio-django-trench-multi-factor-authentication-set/\n\n-----\n\n.. image:: https://github.com/merixstudio/django-trench/actions/workflows/django-package.yml/badge.svg\n  :target: https://github.com/merixstudio/django-trench/actions/workflows/django-package.yml\n\n.. image:: https://codecov.io/gh/merixstudio/django-trench/branch/master/graph/badge.svg?token=U4yDiXUDkb\n  :target: https://codecov.io/gh/merixstudio/django-trench\n\n.. image:: https://readthedocs.org/projects/django-trench/badge/?version=latest\n   :target: https://django-trench.readthedocs.io/en/latest/?badge=latest\n\n.. image:: https://img.shields.io/pypi/v/django-trench\n   :target: https://pypi.org/project/django-trench/\n\n| **django-trench** provides a set of REST API endpoints to supplement `django-rest-framework`_ with multi-factor authentication (MFA, 2FA). It supports both standard built-in authentication methods, as well as JWT (JSON Web Token).\n\n| We deliver a couple of sample secondary authentication methods including sending OTP based code by:\n\n* E-mail\n* SMS / text\n* 3rd party mobile apps\n* `YubiKey`_\n\n| Developers can easily add their own authentication backends supporting any communication channel.\n\nFeatures\n********\n\n* Easily pluggable and compatible with `django-rest-framework`_\n* Allows user to pick an additional authentication method from range of backends defined by a developer. Read more: `backends`_\n* Comes out of a box with email, SMS, mobile apps and YubiKey support\n\nSupported versions\n******************\n\n* Python 3.7, 3.8, 3.9, 3.10\n* Django 2.0, 2.1, 2.2, 3.0, 3.1, 3.2, 4.0, 4.1\n* Django REST Framework 3.10, 3.11, 3.12, 3.13, 3.14\n\n| If you are going to use JWT authentication:\n\n* `djangorestframework-simplejwt`_ \u003e= 4.3.0\n\nQuick Start\n***********\n\n1. Install the package using pip:\n\n.. code-block:: python\n\n    pip install django-trench\n\nor add it to your requirements file.\n\n2. Add ``trench`` library to INSTALLED_APPS in your app settings file:\n\n.. code-block:: python\n\n    INSTALLED_APPS = (\n        ...,\n        'rest_framework',\n        'rest_framework.authtoken',  # In case of implementing Token Based Authentication\n        ...,\n        'trench',\n    )\n\n3. Run migrations\n\n| Read further in: `installation`_.\n\nTranslation\n***********\n\nTrench uses Transifex service to translate our package into other languages.\n\nWe will appreciate your help with translation.\n\nhttps://www.transifex.com/merixstudio/django-trench/dashboard/\n\n.. _backends: https://django-trench.readthedocs.io/en/latest/backends.html\n.. _installation: https://django-trench.readthedocs.io/en/latest/installation.html\n.. _django-rest-framework: http://www.django-rest-framework.org\n.. _djoser: https://github.com/sunscrapers/djoser\n.. _django-rest-framework-jwt: https://github.com/GetBlimp/django-rest-framework-jwt\n.. _djangorestframework-simplejwt: https://github.com/davesque/django-rest-framework-simplejwt\n.. _YubiKey: https://www.yubico.com/\n\n\nLocal development\n*****************\n\n1. Clone the repo.\n\n2. Crete virtual environment named e.g. :code:`.venv`:\n\n    .. code-block:: shell\n\n        virtualenv .venv\n\n3. Activate the virtual environment:\n\n    .. code-block:: shell\n\n        source .venv/bin/activate\n\n4. Install dependencies:\n\n    .. code-block:: shell\n\n        pip install black mypy\n        pip install -r testproject/requirements.txt\n\n5. Set environment variables:\n\n    .. code-block:: shell\n\n        export PYTHONPATH=./testproject\n        export DJANGO_SETTINGS_MODULE=settings\n        export SECRET_KEY=YOURsecretGOEShere\n\n6. Create a symbolic link to the :code:`trench/` module inside the :code:`testproject/` directory to emulate the :code:`trench` package being installed.\n\n    .. code-block:: shell\n\n        # make sure you run this command from the root directory of this project\n        ln -s $(pwd)/trench/ $(pwd)/testproject/trench\n\n7. Check whether the tests are passing:\n\n    .. code-block:: shell\n\n        pytest --cov=testproject/trench testproject/tests/\n\nRemember - anytime you change something in the :code:`django-trench` source code you need to re-build and re-install\nthe package (steps 6-7) for the changes to be present during e.g. running the tests.\n\n8. [OPTIONAL] To make the tests run faster you can try to execute them in parallel.\n    To do so you need to install the :code:`pytest-xdist` package and run the tests\n    with additional parameter of :code:`-n 8` where :code:`8` stands for the number\n    of threads that will be spawned for executing the tests. Depending on the machine\n    you're using using this tool can speed up the test execution process up to 5 times.\n\n    .. code-block:: shell\n\n        pytest -n 8 --cov=testproject/trench testproject/tests/\n","funding_links":[],"categories":["Python"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmerixstudio%2Fdjango-trench","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmerixstudio%2Fdjango-trench","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmerixstudio%2Fdjango-trench/lists"}