Add TOTP-based Multi-Factor Authentication (MFA) for local users

Global MFA toggle in Security settings, QR code setup on first login, 6-digit TOTP verification on subsequent logins. Azure AD users exempt. Admins can reset user MFA. TOTP secrets encrypted at rest with Fernet. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-08 23:14:06 +01:00
parent 647630ff19
commit 3d28f13054
13 changed files with 615 additions and 62 deletions
--- a/requirements.txt
+++ b/requirements.txt
@@ -18,6 +18,8 @@ urllib3<2
 psutil==5.9.7
 pyyaml==6.0.1
 msal==1.28.0
+pyotp==2.9.0
+qrcode[pil]==7.4.2
 pytest==7.4.3
 pytest-asyncio==0.23.2
 pytest-httpx==0.28.0