This repository contains a minimal implementation of enabling/disabling 2FA in a FastAPI application using PyOTP and qrcode.
-
User Signup with Optional MFA
Register a new user with the option to enable MFA. When enabled, the server generates a secret and provisioning URI, and the user can scan the QR code to configure their authenticator app. -
Login with 2FA
After providing valid credentials, if MFA is enabled the user is prompted for an OTP generated by their authenticator app. -
Disable MFA
Users can disable MFA by verifying their password and an OTP. After disabling, they must manually remove the account from their authenticator app.
How it works can see workflows.md
- Clone the repository:
git clone https://github.com/agfianf/color-correction
- Install the dependencies:
- via pip:
source .venv/bin/activate pip install -r requirements.txt
- or via uv:
uv sync source .venv/bin/activate
- via pip:
- Run the application:
cd app python main.py
-
Signup with MFA:
Send a POST request to /signup with:
{ "username": "your_username", "password": "your_password", "enable_mfa": true }
Retrieve the provisioning URI from the response. Optionally, access /qrcode/your_username to view the QR code image.
-
Login with MFA:
Use /login to verify your username and password. If MFA is enabled, follow up with a POST request to /login-2fa by providing your OTP.
-
Disable MFA:
Send a POST request to /disable-mfa with:
{ "username": "your_username", "password": "your_password", "token": "your_current_OTP" }
After receiving a success response for MFA disablement, manually remove the account from your authenticator app.