Commit 20069948 authored by William Colmenares's avatar William Colmenares

rest interface for retrieve-create users seed

parent 503e31cc
......@@ -14,7 +14,8 @@ from .views import (
LogOut,
ResetRequest,
UserCreateAPI,
ActivateAccount
ActivateAccount,
SeedRetrieveCreate
)
urlpatterns = [
......@@ -29,5 +30,6 @@ urlpatterns = [
path('reset/<str:user>/<str:token>/', ResetRequest.as_view()),
path('activate/<str:user>/<str:pwd>/<str:firstname>/<str:lastname>/<str:email>/<str:token>/', ActivateAccount.as_view()),
path('reset/', ResetRequest.as_view(), name="reset"),
path('otp/', SeedRetrieveCreate.as_view(), name="seed"),
path('', Index.as_view(), name="login_index"),
]
\ No newline at end of file
......@@ -14,6 +14,8 @@ from rest_framework.response import Response
from .models import ResetToken
from .forms import LoginForm
from .ungleich_ldap import LdapManager
from decouple import config, Csv
from pyotp import TOTP
import logging
......@@ -26,6 +28,8 @@ from datetime import datetime
from random import choice, randint
import string
import requests
import json
from django.conf import settings
from django.contrib.auth.mixins import LoginRequiredMixin
......@@ -606,3 +610,43 @@ class UserCreateAPI(APIView):
except:
return Response('Failed to send the email', 201)
return Response('Email with activation link successfully sent', 200)
class SeedRetrieveCreate(APIView):
def post(self, request):
try:
username = request.data['username']
password = request.data['password']
realm = request.data['realm']
except KeyError:
return Response('You need to specify username, password, and realm values', 400)
# authenticate the user against ldap
user = authenticate(username=username, password=password)
if user is not None:
req = requests.get(config('OTPSERVER'), data=json.dumps(
{
'auth_token': TOTP(config('ADMIN_SEED')).now,
'auth_name': config('ADMIN_NAME'),
'auth_realm': 'ungleich-admin'}), headers={'Content-Type': 'application/json'})
response_data = json.loads(req)
for elem in response_data:
if elem['name'] == username and elem['realm'] == realm:
return Response('Your {} seed is {}'.format(realm, elem['seed']), 200)
# If doesn't find a match then check if the realm is allowed and create the user
allowed_realms = config('ALLOWED_REALMS', cast=Csv())
if realm not in allowed_realms:
return Response('Not allowed to perform this action.', 403)
else:
req = requests.post(config('OTPSERVER'), data=json.dumps(
{
'auth_token': TOTP(config('ADMIN_SEED')).now,
'auth_name': config('ADMIN_NAME'),
'auth_realm': 'ungleich-admin',
'name': username,
'realm': realm
}), headers={'Content-Type': 'application/json'})
if req.status_code == 201:
msg = json.loads(req.text)
return Response(msg, 201)
else:
return Response(json.loads(req.text))
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment