2018-11-17 10:21:35 +00:00
|
|
|
import pyotp
|
2018-11-17 16:46:16 +00:00
|
|
|
import otpauth
|
2018-12-30 17:20:24 +00:00
|
|
|
from rest_framework import serializers, exceptions
|
|
|
|
from otpauth.models import OTPSeed
|
2018-11-17 10:21:35 +00:00
|
|
|
|
2018-11-18 13:33:30 +00:00
|
|
|
# For accessing / modifying the data
|
2018-11-17 20:54:59 +00:00
|
|
|
class OTPSerializer(serializers.ModelSerializer):
|
|
|
|
class Meta:
|
|
|
|
model = OTPSeed
|
2018-11-17 21:15:17 +00:00
|
|
|
fields = ('name', 'realm', 'seed')
|
|
|
|
read_only_fields = ('seed',)
|
|
|
|
|
2018-11-17 21:28:17 +00:00
|
|
|
def create(self, validated_data):
|
2018-11-17 21:53:51 +00:00
|
|
|
validated_data['seed'] = pyotp.random_base32()
|
2018-11-17 21:28:17 +00:00
|
|
|
return OTPSeed.objects.create(**validated_data)
|
2018-11-17 10:21:35 +00:00
|
|
|
|
2018-11-18 13:33:30 +00:00
|
|
|
# For parsing authentication
|
2018-11-18 11:38:50 +00:00
|
|
|
class TokenSerializer(serializers.Serializer):
|
|
|
|
name = serializers.CharField(max_length=128)
|
|
|
|
token = serializers.CharField(max_length=128)
|
|
|
|
realm = serializers.CharField(max_length=128)
|
|
|
|
|
2018-11-18 12:24:09 +00:00
|
|
|
token_name = 'token'
|
|
|
|
name_name = 'name'
|
|
|
|
realm_name = 'realm'
|
|
|
|
|
2018-11-18 11:38:50 +00:00
|
|
|
def save(self):
|
2018-11-18 12:25:15 +00:00
|
|
|
token_in = self.validated_data.get(self.token_name)
|
|
|
|
name_in = self.validated_data.get(self.name_name)
|
|
|
|
realm_in = self.validated_data.get(self.realm_name)
|
2018-11-18 11:38:50 +00:00
|
|
|
|
2018-11-18 14:41:47 +00:00
|
|
|
print("auth: {} {} {} ({} {} {} -- {})".format(token_in, name_in, realm_in, self.token_name, self.name_name, self.realm_name, self.validated_data))
|
2018-11-18 12:29:07 +00:00
|
|
|
|
2018-11-18 11:38:50 +00:00
|
|
|
# 1. Verify that the connection might authenticate
|
|
|
|
try:
|
|
|
|
db_instance = otpauth.models.OTPSeed.objects.get(name=name_in, realm=realm_in)
|
|
|
|
except (OTPSeed.MultipleObjectsReturned, OTPSeed.DoesNotExist):
|
|
|
|
raise exceptions.AuthenticationFailed()
|
|
|
|
|
|
|
|
totp = pyotp.TOTP(db_instance.seed)
|
|
|
|
|
|
|
|
if not totp.verify(token_in, valid_window=3):
|
|
|
|
raise exceptions.AuthenticationFailed()
|
|
|
|
|
2018-11-18 12:05:21 +00:00
|
|
|
return (db_instance, token_in)
|
2018-11-18 12:24:09 +00:00
|
|
|
|
2018-11-18 13:33:30 +00:00
|
|
|
# For verifying a token
|
2018-11-18 12:24:09 +00:00
|
|
|
class VerifySerializer(TokenSerializer):
|
2018-11-18 12:35:06 +00:00
|
|
|
verifyname = serializers.CharField(max_length=128)
|
|
|
|
verifytoken = serializers.CharField(max_length=128)
|
|
|
|
verifyrealm = serializers.CharField(max_length=128)
|
|
|
|
|
2018-11-18 12:24:09 +00:00
|
|
|
token_name = 'verifytoken'
|
|
|
|
name_name = 'verifyname'
|
|
|
|
realm_name = 'verifyrealm'
|