Progressing, docs, queryset, viewset

README.md

@@ -4,7 +4,7 @@ ungleich-otp is a full blown authentication and authorisation service
 made for micro services.
 
 The basic idea is that every micro service has a (long term) seed and
-creates time based tokens (TOTP, RFCXXXX).
+creates time based tokens (See python pyotp, RFC4226, RFC6238).
 
 ## Setup instructions ##
 
@@ -54,8 +54,6 @@ them to verify a token of somebody else.
 | all other realms | NO ACCESS                                  |
 
 
-## Status ##
-
 ## Usage: REST ##
 
 - Use an existing token to connect to the service
@@ -68,10 +66,12 @@ Request JSON object:
 ```
 {
     version: "1",
-    appuuid: "your-app-uuid",
+    name: "your-name",
+    realm: "your-realm",
     token: "current time based token",
-    appuuidtoverify: "appuuid that wants to be authenticated",
-    tokentoverify: "current time based token of appuuidtoverify",
+    verifyname: "name that wants to be authenticated",
+    verifyrealm: "realm that wants to be authenticated",
+    verifytoken: "token that wants to be authenticated",
 }
 ```
 

ungleichotp/otpauth/models.py

@@ -12,12 +12,3 @@ class OTPSeed(models.Model):
 
     def __str__(self):
         return "'{}'@{}".format(self.name, self.realm)
-
-
-# V1
-# class OTPSeed(models.Model):
-#     appuuid  = models.UUIDField(primary_key=True, default=uuid.uuid4, editable=False)
-#     appname  = models.CharField(max_length=128)
-#     username = models.CharField(max_length=128)
-#     seed     = models.CharField(max_length=128)
-#     trusted  = models.BooleanField(default=False)

ungleichotp/otpauth/serializer.py

@@ -31,18 +31,15 @@ class VerifySerializer(serializers.ModelSerializer):
         realm_in =  validated_data.get('realm')
 
         try:
-            found_instance = otpauth.models.OTPSeed.objects.get(name=name_in, realm=realm_in)
-        except OTPSeed.MultipleObjectsReturned:
+            db_instance = otpauth.models.OTPSeed.objects.get(name=name_in, realm=realm_in)
+        except (OTPSeed.MultipleObjectsReturned, OTPSeed.DoesNotExist):
+            # FIXME: correct return?
             return None
 
         # Generate token and compare
-        totp = pyotp.TOTP()
+        totp = pyotp.TOTP(db_instance.seed)
 
-        if totp.verify(token, valid_window=3):
+        if totp.verify(token_in, valid_window=3):
             return "OK"
         else:
             return "FAIL"
-
-
-        verifytoken = serializers.CharField(max_length=128)
-        verifyrealm = serializers.CharField(max_length=128)

ungleichotp/otpauth/views.py

@@ -1,8 +1,11 @@
 from django.shortcuts import render
 from rest_framework import viewsets
-from otpauth.serializers import VerifySerializer
+from otpauth.serializer import VerifySerializer
 
 # Create your views here.
 
 class VerifyViewSet(viewsets.ModelViewSet):
     serializer_class = VerifySerializer
+
+    def get_queryset(self):
+        return None

ungleichotp/ungleichotp/urls.py

@@ -13,18 +13,12 @@ Including another URLconf
     1. Import the include() function: from django.urls import include, path
     2. Add a URL to urlpatterns:  path('blog/', include('blog.urls'))
 """
+
+
 from django.contrib import admin
 from django.urls import path
-# from django.conf.urls import url, include
-
-
-# urlpatterns = [
-
-#     url(r'^api-auth/', include('rest_framework.urls'))
-# ]
-
-
 from django.conf.urls import url, include
+
 from django.contrib.auth.models import User
 from rest_framework import routers, serializers, viewsets
 
@@ -43,6 +37,12 @@ class UserViewSet(viewsets.ModelViewSet):
 router = routers.DefaultRouter()
 router.register(r'users', UserViewSet)
 
+from otpauth.models import OTPSeed
+from otpauth.views import VerifyViewSet
+
+router.register(r'ungleichotp', VerifyViewSet, basename='ungleichotp')
+
+
 # Wire up our API using automatic URL routing.
 # Additionally, we include login URLs for the browsable API.
 urlpatterns = [