Potentially incorrect use of DRF's APISettings that makes it impossible to add a custom 2FA backend

[niespodd]

I came across this when I tried to add a custom 2FA backend.

The library uses APISettings from DRF as a base class for TrenchAPISettings:

class TrenchAPISettings(APISettings):
    _FIELD_USER_SETTINGS = "_user_settings"
    _FIELD_TRENCH_AUTH = "TRENCH_AUTH"

This wouldn't be a big deal if the TrenchAPISettings would not parse defaults during config load. Effectively, making it impossible to add any new custom backends.

There is a silent KeyError thrown by for k, v in self.defaults[self._FIELD_MFA_METHODS][method_name].items(): and the only way to get around it is to monkey-patch the constant and override trench_settings.

It is worth mentioning that aforementioned DRF's APISettings explicitly states within its implementation that:

    This is an internal class that is only compatible with settings namespaced
    under the REST_FRAMEWORK name. It is not intended to be used by 3rd-party
    apps, and test helpers like `override_settings` may not work as expected.

[allow-cookies]

Hi, thank you for noticing this issue and reporting it. You've made a good point about using the DRF's Settings object. We will try to address this issue in the following release.

[jaimefma]

That would be awesome!

[jamievleeshouwer]

Is this PR going to get merged? It has been sitting for more than a year.

Similarly, I am also unable to add a custom backend because of this issue.

[jamievleeshouwer]

A workaround until this is fixed is to do a monkey patch as @niespodd mentions.

This is the snippet I have used if anyone needs code examples...

import trench.settings
trench.settings.DEFAULTS['MFA_METHODS']['your_custom_method'] = {}
...Keep on doing cool code

It sets a key with a blank dictionary in the default settings (to avoid the KeyError)
Because the KeyError is now avoided, your custom method will now be populated with the data from your settengs.py as the doco describes.