from rest_framework import serializers, exceptions from otpauth.models import OTPSeed import pyotp import otpauth class OTPSerializer(serializers.ModelSerializer): class Meta: model = OTPSeed fields = ('name', 'realm') class VerifySerializer(serializers.Serializer): name = serializers.CharField(max_length=128) token = serializers.CharField(max_length=128) realm = serializers.CharField(max_length=128) verifyname = serializers.CharField(max_length=128) verifytoken = serializers.CharField(max_length=128) verifyrealm = serializers.CharField(max_length=128) def create(self, validated_data): token_in = validated_data.get('token') name_in = validated_data.get('name') realm_in = validated_data.get('realm') verifytoken = validated_data.get('verifytoken') verifyname = validated_data.get('verifyname') verifyrealm = validated_data.get('verifyrealm') # 1. Verify that the connection might authenticate try: db_instance = otpauth.models.OTPSeed.objects.get(name=name_in, realm=realm_in) except (OTPSeed.MultipleObjectsReturned, OTPSeed.DoesNotExist): raise exceptions.AuthenticationFailed() print("serializer found object") totp = pyotp.TOTP(db_instance.seed) if not totp.verify(token_in, valid_window=3): raise exceptions.AuthenticationFailed() # 2. Verify the requested data try: verifyinstance = otpauth.models.OTPSeed.objects.get(name=verifyname, realm=verifyrealm) except (OTPSeed.MultipleObjectsReturned, OTPSeed.DoesNotExist): raise exceptions.PermissionDenied() totp = pyotp.TOTP(verifyinstance.seed) if not totp.verify(verifytoken, valid_window=3): raise exceptions.PermissionDenied() print("All verified!") return verifyinstance