Progressing, docs, queryset, viewset
This commit is contained in:
parent
bcd8c72e8e
commit
eb2c57b68a
5 changed files with 24 additions and 33 deletions
12
README.md
12
README.md
|
@ -4,7 +4,7 @@ ungleich-otp is a full blown authentication and authorisation service
|
|||
made for micro services.
|
||||
|
||||
The basic idea is that every micro service has a (long term) seed and
|
||||
creates time based tokens (TOTP, RFCXXXX).
|
||||
creates time based tokens (See python pyotp, RFC4226, RFC6238).
|
||||
|
||||
## Setup instructions ##
|
||||
|
||||
|
@ -54,8 +54,6 @@ them to verify a token of somebody else.
|
|||
| all other realms | NO ACCESS |
|
||||
|
||||
|
||||
## Status ##
|
||||
|
||||
## Usage: REST ##
|
||||
|
||||
- Use an existing token to connect to the service
|
||||
|
@ -68,10 +66,12 @@ Request JSON object:
|
|||
```
|
||||
{
|
||||
version: "1",
|
||||
appuuid: "your-app-uuid",
|
||||
name: "your-name",
|
||||
realm: "your-realm",
|
||||
token: "current time based token",
|
||||
appuuidtoverify: "appuuid that wants to be authenticated",
|
||||
tokentoverify: "current time based token of appuuidtoverify",
|
||||
verifyname: "name that wants to be authenticated",
|
||||
verifyrealm: "realm that wants to be authenticated",
|
||||
verifytoken: "token that wants to be authenticated",
|
||||
}
|
||||
```
|
||||
|
||||
|
|
|
@ -12,12 +12,3 @@ class OTPSeed(models.Model):
|
|||
|
||||
def __str__(self):
|
||||
return "'{}'@{}".format(self.name, self.realm)
|
||||
|
||||
|
||||
# V1
|
||||
# class OTPSeed(models.Model):
|
||||
# appuuid = models.UUIDField(primary_key=True, default=uuid.uuid4, editable=False)
|
||||
# appname = models.CharField(max_length=128)
|
||||
# username = models.CharField(max_length=128)
|
||||
# seed = models.CharField(max_length=128)
|
||||
# trusted = models.BooleanField(default=False)
|
||||
|
|
|
@ -31,18 +31,15 @@ class VerifySerializer(serializers.ModelSerializer):
|
|||
realm_in = validated_data.get('realm')
|
||||
|
||||
try:
|
||||
found_instance = otpauth.models.OTPSeed.objects.get(name=name_in, realm=realm_in)
|
||||
except OTPSeed.MultipleObjectsReturned:
|
||||
db_instance = otpauth.models.OTPSeed.objects.get(name=name_in, realm=realm_in)
|
||||
except (OTPSeed.MultipleObjectsReturned, OTPSeed.DoesNotExist):
|
||||
# FIXME: correct return?
|
||||
return None
|
||||
|
||||
# Generate token and compare
|
||||
totp = pyotp.TOTP()
|
||||
totp = pyotp.TOTP(db_instance.seed)
|
||||
|
||||
if totp.verify(token, valid_window=3):
|
||||
if totp.verify(token_in, valid_window=3):
|
||||
return "OK"
|
||||
else:
|
||||
return "FAIL"
|
||||
|
||||
|
||||
verifytoken = serializers.CharField(max_length=128)
|
||||
verifyrealm = serializers.CharField(max_length=128)
|
||||
|
|
|
@ -1,8 +1,11 @@
|
|||
from django.shortcuts import render
|
||||
from rest_framework import viewsets
|
||||
from otpauth.serializers import VerifySerializer
|
||||
from otpauth.serializer import VerifySerializer
|
||||
|
||||
# Create your views here.
|
||||
|
||||
class VerifyViewSet(viewsets.ModelViewSet):
|
||||
serializer_class = VerifySerializer
|
||||
|
||||
def get_queryset(self):
|
||||
return None
|
||||
|
|
|
@ -13,18 +13,12 @@ Including another URLconf
|
|||
1. Import the include() function: from django.urls import include, path
|
||||
2. Add a URL to urlpatterns: path('blog/', include('blog.urls'))
|
||||
"""
|
||||
|
||||
|
||||
from django.contrib import admin
|
||||
from django.urls import path
|
||||
# from django.conf.urls import url, include
|
||||
|
||||
|
||||
# urlpatterns = [
|
||||
|
||||
# url(r'^api-auth/', include('rest_framework.urls'))
|
||||
# ]
|
||||
|
||||
|
||||
from django.conf.urls import url, include
|
||||
|
||||
from django.contrib.auth.models import User
|
||||
from rest_framework import routers, serializers, viewsets
|
||||
|
||||
|
@ -43,6 +37,12 @@ class UserViewSet(viewsets.ModelViewSet):
|
|||
router = routers.DefaultRouter()
|
||||
router.register(r'users', UserViewSet)
|
||||
|
||||
from otpauth.models import OTPSeed
|
||||
from otpauth.views import VerifyViewSet
|
||||
|
||||
router.register(r'ungleichotp', VerifyViewSet, basename='ungleichotp')
|
||||
|
||||
|
||||
# Wire up our API using automatic URL routing.
|
||||
# Additionally, we include login URLs for the browsable API.
|
||||
urlpatterns = [
|
||||
|
|
Loading…
Reference in a new issue