Update doc, run actual authentication on verify

This commit is contained in:
Nico Schottelius 2019-02-08 19:25:07 +01:00
parent 8bd256a1d7
commit 11cb2c1d8b
4 changed files with 29 additions and 29 deletions

View file

@ -26,39 +26,38 @@ server.
## Using the ungleichotpclient ##
All client commands need the parameters --auth-name and --auth-realm.
Also either --auth-seed or --auth-token needs to be specified.
```
python manage.py ungleichotpclient create \
--server-url https://otp.ungleich.ch/ungleichotp/
--name admin
--realm ungleich-admin
--seed AVALIDSEED
--auth-name admin
--auth-realm ungleich-admin
[--auth-seed THESEEDFORADMIN]
[--auth-token THECURRENTTOKEN]
```
Assuming you want to verify
(name=ipv6only, realm=ungleich-intern, token=498593) is a
valid triple and you do have credentials to access ungleich-otp
(name=info@ungleich.ch, realm=ungleich-admin, seed=PZKBPTHDGSLZBKIZ),
then the following call will verify the token:
### Creating new users
```
UNGLEICHOTPNAME=info@ungleich.ch \
UNGLEICHOTPREALM=ungleich-admin \
UNGLEICHOTPSEED=PZKBPTHDGSLZBKIZ \
UNGLEICHOTPSERVER=http://localhost:8000/ungleichotp/verify/ \
python ungleichotpclient.py -n -r ungleich --token 498593
--name USERNAME --realm REALMOFUSER --token TOKENTOBEVERIFIED verify
```
### Verifying a token is correct
Verify using:
```
--name USERNAME --realm REALMOFUSER --token TOKENTOBEVERIFIED verify
```
You can also verify using a seed:
```
UNGLEICHOTPNAME=info@ungleich.ch \
UNGLEICHOTPREALM=ungleich-admin \
UNGLEICHOTPSEED=PZKBPTHDGSLZBKIZ \
UNGLEICHOTPSERVER=http://localhost:8000/ungleichotp/verify/ \
python ungleichotpclient.py -n -r ungleich --seed CEKXVG3235PO2HDW
--name USERNAME --realm REALMOFUSER --seed SEEDOFUSER verify
```
The client requires pyotp.
## Sample 2018-12-30

View file

@ -14,16 +14,16 @@ class Command(BaseCommand):
parser.add_argument('--server-url', required=True)
# For creating / verifying
parser.add_argument('--name')
parser.add_argument('--realm')
parser.add_argument('--token')
parser.add_argument('--seed')
parser.add_argument('--name', help="Name to create/verify")
parser.add_argument('--realm', help="Realm for create/verify")
parser.add_argument('--token', help="Token for create/verify")
parser.add_argument('--seed', help="Seed for create/verify")
# How to authenticate against ungleich-otp
parser.add_argument('--auth-name', required=True)
parser.add_argument('--auth-realm', required=True)
parser.add_argument('--auth-token')
parser.add_argument('--auth-seed')
parser.add_argument('--auth-name', required=True, help="Name for auth")
parser.add_argument('--auth-realm', required=True, help="Realm for auth")
parser.add_argument('--auth-token', help="Token for auth")
parser.add_argument('--auth-seed', help="Seed for auth")
parser.add_argument('command', choices=['create',
'delete',

View file

@ -30,10 +30,8 @@ class OTPAuthentication(authentication.BaseAuthentication):
serializer = TokenSerializer(data=request.data)
if serializer.is_valid():
print("trying to save... {}".format(serializer))
instance, token = serializer.save()
else:
print("Invalide serialize,")
raise exceptions.AuthenticationFailed()
# not dealing with admin realm -> can only be auth [see serializer]

View file

@ -66,3 +66,6 @@ class VerifySerializer(TokenSerializer):
if not auth_realm == "ungleich-auth":
raise exceptions.AuthenticationFailed()
# Do the authentication part
super().save()