ungleich-otp/ungleichotpserver/otpauth/serializer.py

from rest_framework import serializers, exceptions
from otpauth.models import OTPSeed
import pyotp
import otpauth

# For accessing / modifying the data
class OTPSerializer(serializers.ModelSerializer):
    class Meta:
        model = OTPSeed
        fields = ('name', 'realm', 'seed')
        read_only_fields = ('seed',)

    def create(self, validated_data):
        validated_data['seed'] = pyotp.random_base32()
        return OTPSeed.objects.create(**validated_data)

# For parsing authentication
class TokenSerializer(serializers.Serializer):
    name = serializers.CharField(max_length=128)
    token = serializers.CharField(max_length=128)
    realm = serializers.CharField(max_length=128)

    token_name = 'token'
    name_name = 'name'
    realm_name = 'realm'

    def save(self):
        token_in = self.validated_data.get(self.token_name)
        name_in =  self.validated_data.get(self.name_name)
        realm_in =  self.validated_data.get(self.realm_name)

        # print("auth: {} {} {} ({} {} {} -- {})".format(token_in, name_in, realm_in, self.token_name, self.name_name, self.realm_name, self.validated_data))

        # 1. Verify that the connection might authenticate
        try:
            db_instance = otpauth.models.OTPSeed.objects.get(name=name_in, realm=realm_in)
        except (OTPSeed.MultipleObjectsReturned, OTPSeed.DoesNotExist):
            raise exceptions.AuthenticationFailed()

        totp = pyotp.TOTP(db_instance.seed)

        if not totp.verify(token_in, valid_window=3):
            raise exceptions.AuthenticationFailed()

        return (db_instance, token_in)

# For verifying a token
class VerifySerializer(TokenSerializer):
    verifyname = serializers.CharField(max_length=128)
    verifytoken = serializers.CharField(max_length=128)
    verifyrealm = serializers.CharField(max_length=128)

    token_name = 'verifytoken'
    name_name = 'verifyname'
    realm_name = 'verifyrealm'
In between commit w/ serializer error 2018-11-17 16:46:16 +00:00			`from rest_framework import serializers, exceptions`
Begin to implement auth logic 2018-11-17 10:21:35 +00:00			`from otpauth.models import OTPSeed`
			`import pyotp`
In between commit w/ serializer error 2018-11-17 16:46:16 +00:00			`import otpauth`
Begin to implement auth logic 2018-11-17 10:21:35 +00:00
Be python friendly, don't use dashes 2018-11-18 13:33:30 +00:00			`# For accessing / modifying the data`
Add general viewset/serializer for otpseed 2018-11-17 20:54:59 +00:00			`class OTPSerializer(serializers.ModelSerializer):`
			`class Meta:`
			`model = OTPSeed`
Cleanup, expose seed read only 2018-11-17 21:15:17 +00:00			`fields = ('name', 'realm', 'seed')`
			`read_only_fields = ('seed',)`

Implement seed generating 2018-11-17 21:28:17 +00:00			`def create(self, validated_data):`
Cleanup! 2018-11-17 21:53:51 +00:00			`validated_data['seed'] = pyotp.random_base32()`
Implement seed generating 2018-11-17 21:28:17 +00:00			`return OTPSeed.objects.create(**validated_data)`
Begin to implement auth logic 2018-11-17 10:21:35 +00:00
Be python friendly, don't use dashes 2018-11-18 13:33:30 +00:00			`# For parsing authentication`
Begin to phase in custom authentication 2018-11-18 11:38:50 +00:00			`class TokenSerializer(serializers.Serializer):`
			`name = serializers.CharField(max_length=128)`
			`token = serializers.CharField(max_length=128)`
			`realm = serializers.CharField(max_length=128)`

++ doc, begin improving serializers 2018-11-18 12:24:09 +00:00			`token_name = 'token'`
			`name_name = 'name'`
			`realm_name = 'realm'`

Begin to phase in custom authentication 2018-11-18 11:38:50 +00:00			`def save(self):`
Redef the VerifySerializer 2018-11-18 12:25:15 +00:00			`token_in = self.validated_data.get(self.token_name)`
			`name_in = self.validated_data.get(self.name_name)`
			`realm_in = self.validated_data.get(self.realm_name)`
Begin to phase in custom authentication 2018-11-18 11:38:50 +00:00
Cleanup dev code 2018-11-18 12:42:16 +00:00			`# print("auth: {} {} {} ({} {} {} -- {})".format(token_in, name_in, realm_in, self.token_name, self.name_name, self.realm_name, self.validated_data))`
Debug++ 2018-11-18 12:29:07 +00:00
Begin to phase in custom authentication 2018-11-18 11:38:50 +00:00			`# 1. Verify that the connection might authenticate`
			`try:`
			`db_instance = otpauth.models.OTPSeed.objects.get(name=name_in, realm=realm_in)`
			`except (OTPSeed.MultipleObjectsReturned, OTPSeed.DoesNotExist):`
			`raise exceptions.AuthenticationFailed()`

			`totp = pyotp.TOTP(db_instance.seed)`

			`if not totp.verify(token_in, valid_window=3):`
			`raise exceptions.AuthenticationFailed()`

Auth: set token as request.auth 2018-11-18 12:05:21 +00:00			`return (db_instance, token_in)`
++ doc, begin improving serializers 2018-11-18 12:24:09 +00:00
Be python friendly, don't use dashes 2018-11-18 13:33:30 +00:00			`# For verifying a token`
++ doc, begin improving serializers 2018-11-18 12:24:09 +00:00			`class VerifySerializer(TokenSerializer):`
Finish the verifyserializer 2018-11-18 12:35:06 +00:00			`verifyname = serializers.CharField(max_length=128)`
			`verifytoken = serializers.CharField(max_length=128)`
			`verifyrealm = serializers.CharField(max_length=128)`

++ doc, begin improving serializers 2018-11-18 12:24:09 +00:00			`token_name = 'verifytoken'`
			`name_name = 'verifyname'`
			`realm_name = 'verifyrealm'`