From 6f7d02f7fcc3e381962f677a7a67cf9cb28da60d Mon Sep 17 00:00:00 2001
From: Nico Schottelius <nico@nico-notebook.schottelius.org>
Date: Sat, 17 Nov 2018 22:15:17 +0100
Subject: [PATCH] Cleanup, expose seed read only

---
 README.md                         |  2 ++
 ungleichotp/otpauth/serializer.py |  8 +++++++-
 ungleichotp/otpauth/views.py      | 13 +++++++++++++
 3 files changed, 22 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index e5dece4..31d2292 100644
--- a/README.md
+++ b/README.md
@@ -292,6 +292,7 @@ Don’t forget to point AUTH_USER_MODEL to it. Do this before creating any migra
 ## TODOs
 
 - [x] serialize / input request
+- [x] Make seed read only
 - [ ] Remove hard coded JSON
 - [ ] Implement registering of new entries
 - [ ] Use Custom authentication (?) - needs to have a user
@@ -303,3 +304,4 @@ Don’t forget to point AUTH_USER_MODEL to it. Do this before creating any migra
 - [ ] Implement creating new "User"
   - by POST / Model based
 - [ ] Implement deleting "User"
+- [ ] OTPSerializer: allow to read seed for admin
diff --git a/ungleichotp/otpauth/serializer.py b/ungleichotp/otpauth/serializer.py
index 4625adc..bc7a084 100644
--- a/ungleichotp/otpauth/serializer.py
+++ b/ungleichotp/otpauth/serializer.py
@@ -6,7 +6,9 @@ import otpauth
 class OTPSerializer(serializers.ModelSerializer):
     class Meta:
         model = OTPSeed
-        fields = ('name', 'realm')
+        fields = ('name', 'realm', 'seed')
+        read_only_fields = ('seed',)
+
 
 class VerifySerializer(serializers.Serializer):
     name = serializers.CharField(max_length=128)
@@ -18,6 +20,7 @@ class VerifySerializer(serializers.Serializer):
     verifyrealm = serializers.CharField(max_length=128)
 
     def create(self, validated_data):
+        print("all going to be verified - CREATE")
         token_in = validated_data.get('token')
         name_in =  validated_data.get('name')
         realm_in =  validated_data.get('realm')
@@ -55,3 +58,6 @@ class VerifySerializer(serializers.Serializer):
 
         print("All verified!")
         return verifyinstance
+
+    def verify(self, validated_data):
+        print("all going to be verified - AAAAAAAA")
diff --git a/ungleichotp/otpauth/views.py b/ungleichotp/otpauth/views.py
index 9fb6b42..03ac6da 100644
--- a/ungleichotp/otpauth/views.py
+++ b/ungleichotp/otpauth/views.py
@@ -1,6 +1,10 @@
 from django.shortcuts import render
+
 from rest_framework import viewsets
 from rest_framework.parsers import JSONParser
+from rest_framework.decorators import action
+from rest_framework.response import Response
+
 
 from django.http import HttpResponse, JsonResponse
 
@@ -11,6 +15,15 @@ class OTPVerifyViewSet(viewsets.ModelViewSet):
     serializer_class = OTPSerializer
     queryset = OTPSeed.objects.all()
 
+    @action(detail=False, methods=['post'])
+    def verify(self, request):
+        serializer = VerifySerializer(data=request.data)
+        if serializer.is_valid():
+            print(serializer)
+            return Response({'status': 'OK'})
+
+        return JsonResponse(serializer.errors, status=400)
+
 
 class VerifyViewSet(viewsets.ViewSet):
     serializer_class = VerifySerializer