Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
U
ungleich-otp
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Service Desk
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Operations
Operations
Incidents
Environments
Packages & Registries
Packages & Registries
Package Registry
Container Registry
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Mondi Ravi
ungleich-otp
Commits
1a54de52
Commit
1a54de52
authored
Feb 08, 2019
by
Nico Schottelius
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Cleanup docs, remove debug print
parent
97b612e6
Pipeline
#167
canceled with stages
Changes
2
Pipelines
1
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
27 additions
and
28 deletions
+27
-28
README.md
README.md
+26
-27
otpauth/models.py
otpauth/models.py
+1
-1
No files found.
README.md
View file @
1a54de52
...
...
@@ -18,14 +18,13 @@ Related documentation:
## Overview ##
This repository the reference implementation of the ungleichotp
server.
This repository the reference implementation of the ungleichotp server.
## Using the ungleichotpclient ##
The client can be used to test the ungleich-otp-server.
All client commands need the parameters --auth-name and --auth-realm.
Also either --auth-seed or --auth-token needs to be specified.
```
...
...
@@ -40,40 +39,36 @@ python manage.py ungleichotpclient create \
### Creating new users
```
--name USERNAME --realm REALMOFUSER
--token TOKENTOBEVERIFIED verify
--name USERNAME --realm REALMOFUSER
create
```
### Verifying a token is correct
The seed is randomly created.
Verify using:
### Listing users
```
--name USERNAME --realm REALMOFUSER --token TOKENTOBEVERIFIED verify
list
```
You can also verify using a seed:
### Deleting users
```
--name USERNAME --realm REALMOFUSER
--seed SEEDOFUSER verify
--name USERNAME --realm REALMOFUSER
delete
```
### Verifying a token is correct
## Sample 2018-12-30
create:
(venv) [23:07] line:ungleich-otp% python manage.py ungleichotpclient create --server-url http://localhost:8000/ungleichotp/ --auth-name info@ungleich.ch --auth-realm ungleich-admin --auth-seed PZKBPTHDGSLZBKIZ --name nico$(date +%s) --realm ungleich-admin
verify:
Verify using:
```
(venv) [23:07] line:ungleich-otp% python manage.py ungleichotpclient verify --server-url http://localhost:8000/ungleichotp/ --auth-name info@ungleich.ch --auth-realm ungleich-admin --auth-seed PZKBPTHDGSLZBKIZ --name nico1546206660 --realm ungleich-admin --seed IXTARIU4H2F574M3
--name USERNAME --realm REALMOFUSER --token TOKENTOBEVERIFIED verify
```
list
:
You can also verify using a seed
:
```
(venv) [23:14] line:ungleich-otp% python manage.py ungleichotpclient list --server-url http://localhost:8000/ungleichotp/ --auth-name info@ungleich.ch --auth-realm ungleich-admin --auth-seed PZKBPTHDGSLZBKIZ
--name USERNAME --realm REALMOFUSER --seed SEEDOFUSER verify
```
...
...
@@ -105,13 +100,13 @@ All micro services that are trusted to authenticate another micro
service should have an entry in the ungleich-auth realm, which allows
them to verify a token of somebody else.
```
| Name | Capabilities |
|------------------+--------------------------------------------|
| ungleich-admin | authenticate, create, delete, list, update |
| ungleich-auth | authenticate |
| all other realms | NO ACCESS |
```
## Verify using http POST ##
...
...
@@ -165,8 +160,8 @@ your application.
## Limitations ##
*
Name, Realm and seed are hard coded to 128 bytes length.
This can be
changed, if necessary.
*
Name, Realm and seed are hard coded to 128 bytes length.
This can be
changed, if necessary.
*
Only python3 support for ungleichotp
...
...
@@ -191,8 +186,8 @@ your application.
-
[x] (server) Implement creating new "User" by POST / Model based
-
[n] (server) Remove hard coded JSON in /verify (no - good enough for the moment)
-
[x] (server) Fully rename server from ungleichotp to ungleichotpserver
-
[
] (security) Ensure that only the right realms can verify
-
[
] (security) Ensure that only the right realms can manage
-
[
x
] (security) Ensure that only the right realms can verify
-
[
x
] (security) Ensure that only the right realms can manage
-
[ ] (doc) Add proper documentation
-
[ ] (server) Add tests for verify
-
[ ] (server) Add tests for authentication
...
...
@@ -205,14 +200,18 @@ your application.
-
[ ] (client) Bootstrap Django + DRF (including an object for CRUD)
-
[ ] (client) Add custom authentication / remote auth
-
[ ] (client) Show case: any realm vs. specific realm
-
[
] (library) Write a "client library" that can use ungleichotp
-
[
] (library) extract generic parts from server
-
[
x
] (library) Write a "client library" that can use ungleichotp
-
[
x
] (library) extract generic parts from server
-
[ ] (library) upload to pypi
## Changelog
### 0.8, 2019-02-08
*
Verify needed to call super()
### 0.6, 2018-11-18
*
Reuse TokenSerializer for VerifySerializer logic
...
...
otpauth/models.py
View file @
1a54de52
...
...
@@ -39,5 +39,5 @@ class OTPAuthentication(authentication.BaseAuthentication):
if
not
request
.
path
==
"/ungleichotp/verify/"
:
raise
exceptions
.
AuthenticationFailed
()
print
(
"AUTH DONE: {} - {}"
.
format
(
request
.
path
,
instance
))
#
print("AUTH DONE: {} - {}".format(request.path, instance))
return
(
instance
,
token
)
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment