2FA whitelist

[lchojnacki]

In our application, we would like to disable 2FA for certain IP addresses (located in the corporate network). It seems to me that this is impossible with the current implementation of 2FA in flask-security.

It seems to me that it would require adding another setting (SECURITY_TWO_FACTOR_IP_WHITELIST?) and updating this condition:

flask_security/views.py:164

if cv("TWO_FACTOR"):

to check whether the IP address of the request is on the whitelist.

What do you think?

[jwag956]

Missed this - 2FA is implemented in flask-security-too - to which I believe you should direct this question:
https://github.com/Flask-Middleware/flask-security/discussions

and yes - it would require a new feature/configuration variable.