Can 2FA be bypassed for dev users in local development?

[pacharanero]

I wondered if there woul dbe a way we could disable 2FA for local dev to reduce the time it takes to log in. Currently when setting up a new E12 dev env we have to create a 2FA method, set it up, and then use it to log in.

@anchit-chandran @eatyourpeas is this acceptable? I'm presuming we could use DEBUG=True or something to remove the 2FA requirement in local dev.

[eatyourpeas]

Anchit will know better as implemented this but from my understanding the 2FA is actually a python application that is added to the applications list in settings.py and cannot really be disabled because of all the dependencies. I think Anchit quickly go bored of the work flow but could not switch it off.

[anchit-chandran]

yes I really really tried to bypass it for development because of the annoyance but was personally unable. The issue centers around the 2fa package we use hooks into the auth workflow. Potential solutions:

1. (tried but couldn't get to work) - in development, the email with the code is logged to the console. Attempted to read this and pre-fill the code in the form so at least quicker to log in. However, for some reason it was saying the code being read in wasn't correct / the act of trying to read the code and pre-fill was flagged as suspicious.
2. another idea I was thinking of - is there some way we can pre-inject session variables / state? could mean everything from login to 2fa is automatically done, and you're taken directly to the main organisation view

[anchit-chandran]

NOTE: someone has already raised an issue for this on the package (jazzband/django-two-factor-auth#676). Tried bumping it, we can check again at a later point

[dc2007git]

Closing this since added in PR #778