Commit 9711dc1e authored by William Colmenares's avatar William Colmenares

fix show message error when not valid credentials

parent 54aa8f47
......@@ -18,7 +18,6 @@ from decouple import config, Csv
from pyotp import TOTP
import logging
logger = logging.getLogger(__name__)
# Imports for the extra stuff not in django
......@@ -623,12 +622,18 @@ class SeedRetrieveCreate(APIView):
# authenticate the user against ldap
user = authenticate(username=username, password=password)
if user is not None:
req = requests.get(config('OTPSERVER'), data=json.dumps(
admin_seed = config('ADMIN_SEED')
admin_name = config('ADMIN_NAME')
otp_url = config('OTPSERVER')
req = requests.get(otp_url, data=json.dumps(
{
'auth_token': TOTP(config('ADMIN_SEED')).now,
'auth_name': config('ADMIN_NAME'),
'auth_token': TOTP(admin_seed).now(),
'auth_name': admin_name,
'auth_realm': 'ungleich-admin'}), headers={'Content-Type': 'application/json'})
response_data = json.loads(req)
response_data = json.loads(req.text)
for elem in response_data:
if elem['name'] == username and elem['realm'] == realm:
return Response('Your {} seed is {}'.format(realm, elem['seed']), 200)
......@@ -637,10 +642,10 @@ class SeedRetrieveCreate(APIView):
if realm not in allowed_realms:
return Response('Not allowed to perform this action.', 403)
else:
req = requests.post(config('OTPSERVER'), data=json.dumps(
req = requests.post(otp_url, data=json.dumps(
{
'auth_token': TOTP(config('ADMIN_SEED')).now,
'auth_name': config('ADMIN_NAME'),
'auth_token': TOTP(admin_seed).now(),
'auth_name': admin_name,
'auth_realm': 'ungleich-admin',
'name': username,
'realm': realm
......@@ -649,4 +654,7 @@ class SeedRetrieveCreate(APIView):
msg = json.loads(req.text)
return Response(msg, 201)
else:
return Response(json.loads(req.text))
return Response(json.loads(req.text), req.status_code)
else:
return Response('Invalid Credentials', 400)
\ No newline at end of file
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment