From eb2c57b68a3c1ec9e6bed2bd3275cf565bd803b8 Mon Sep 17 00:00:00 2001 From: Nico Schottelius Date: Sat, 17 Nov 2018 11:39:42 +0100 Subject: [PATCH] Progressing, docs, queryset, viewset --- README.md | 12 ++++++------ ungleichotp/otpauth/models.py | 9 --------- ungleichotp/otpauth/serializer.py | 13 +++++-------- ungleichotp/otpauth/views.py | 5 ++++- ungleichotp/ungleichotp/urls.py | 18 +++++++++--------- 5 files changed, 24 insertions(+), 33 deletions(-) diff --git a/README.md b/README.md index cbf420b..790d189 100644 --- a/README.md +++ b/README.md @@ -4,7 +4,7 @@ ungleich-otp is a full blown authentication and authorisation service made for micro services. The basic idea is that every micro service has a (long term) seed and -creates time based tokens (TOTP, RFCXXXX). +creates time based tokens (See python pyotp, RFC4226, RFC6238). ## Setup instructions ## @@ -54,8 +54,6 @@ them to verify a token of somebody else. | all other realms | NO ACCESS | -## Status ## - ## Usage: REST ## - Use an existing token to connect to the service @@ -68,10 +66,12 @@ Request JSON object: ``` { version: "1", - appuuid: "your-app-uuid", + name: "your-name", + realm: "your-realm", token: "current time based token", - appuuidtoverify: "appuuid that wants to be authenticated", - tokentoverify: "current time based token of appuuidtoverify", + verifyname: "name that wants to be authenticated", + verifyrealm: "realm that wants to be authenticated", + verifytoken: "token that wants to be authenticated", } ``` diff --git a/ungleichotp/otpauth/models.py b/ungleichotp/otpauth/models.py index 0ca6ec7..29e9606 100644 --- a/ungleichotp/otpauth/models.py +++ b/ungleichotp/otpauth/models.py @@ -12,12 +12,3 @@ class OTPSeed(models.Model): def __str__(self): return "'{}'@{}".format(self.name, self.realm) - - -# V1 -# class OTPSeed(models.Model): -# appuuid = models.UUIDField(primary_key=True, default=uuid.uuid4, editable=False) -# appname = models.CharField(max_length=128) -# username = models.CharField(max_length=128) -# seed = models.CharField(max_length=128) -# trusted = models.BooleanField(default=False) diff --git a/ungleichotp/otpauth/serializer.py b/ungleichotp/otpauth/serializer.py index f9f1f54..afd2d8d 100644 --- a/ungleichotp/otpauth/serializer.py +++ b/ungleichotp/otpauth/serializer.py @@ -31,18 +31,15 @@ class VerifySerializer(serializers.ModelSerializer): realm_in = validated_data.get('realm') try: - found_instance = otpauth.models.OTPSeed.objects.get(name=name_in, realm=realm_in) - except OTPSeed.MultipleObjectsReturned: + db_instance = otpauth.models.OTPSeed.objects.get(name=name_in, realm=realm_in) + except (OTPSeed.MultipleObjectsReturned, OTPSeed.DoesNotExist): + # FIXME: correct return? return None # Generate token and compare - totp = pyotp.TOTP() + totp = pyotp.TOTP(db_instance.seed) - if totp.verify(token, valid_window=3): + if totp.verify(token_in, valid_window=3): return "OK" else: return "FAIL" - - - verifytoken = serializers.CharField(max_length=128) - verifyrealm = serializers.CharField(max_length=128) diff --git a/ungleichotp/otpauth/views.py b/ungleichotp/otpauth/views.py index bb721aa..cccfc30 100644 --- a/ungleichotp/otpauth/views.py +++ b/ungleichotp/otpauth/views.py @@ -1,8 +1,11 @@ from django.shortcuts import render from rest_framework import viewsets -from otpauth.serializers import VerifySerializer +from otpauth.serializer import VerifySerializer # Create your views here. class VerifyViewSet(viewsets.ModelViewSet): serializer_class = VerifySerializer + + def get_queryset(self): + return None diff --git a/ungleichotp/ungleichotp/urls.py b/ungleichotp/ungleichotp/urls.py index 070c371..ae364df 100644 --- a/ungleichotp/ungleichotp/urls.py +++ b/ungleichotp/ungleichotp/urls.py @@ -13,18 +13,12 @@ Including another URLconf 1. Import the include() function: from django.urls import include, path 2. Add a URL to urlpatterns: path('blog/', include('blog.urls')) """ + + from django.contrib import admin from django.urls import path -# from django.conf.urls import url, include - - -# urlpatterns = [ - -# url(r'^api-auth/', include('rest_framework.urls')) -# ] - - from django.conf.urls import url, include + from django.contrib.auth.models import User from rest_framework import routers, serializers, viewsets @@ -43,6 +37,12 @@ class UserViewSet(viewsets.ModelViewSet): router = routers.DefaultRouter() router.register(r'users', UserViewSet) +from otpauth.models import OTPSeed +from otpauth.views import VerifyViewSet + +router.register(r'ungleichotp', VerifyViewSet, basename='ungleichotp') + + # Wire up our API using automatic URL routing. # Additionally, we include login URLs for the browsable API. urlpatterns = [