diff --git a/README.md b/README.md index 078eb02..e9e85b7 100644 --- a/README.md +++ b/README.md @@ -18,14 +18,13 @@ Related documentation: ## Overview ## -This repository the reference implementation of the ungleichotp -server. - - +This repository the reference implementation of the ungleichotp server. ## Using the ungleichotpclient ## +The client can be used to test the ungleich-otp-server. + All client commands need the parameters --auth-name and --auth-realm. Also either --auth-seed or --auth-token needs to be specified. ``` @@ -40,9 +39,24 @@ python manage.py ungleichotpclient create \ ### Creating new users ``` ---name USERNAME --realm REALMOFUSER --token TOKENTOBEVERIFIED verify +--name USERNAME --realm REALMOFUSER create ``` +The seed is randomly created. + +### Listing users + +``` +list +``` + +### Deleting users + +``` +--name USERNAME --realm REALMOFUSER delete +``` + + ### Verifying a token is correct Verify using: @@ -58,25 +72,6 @@ You can also verify using a seed: ``` - -## Sample 2018-12-30 - -create: -(venv) [23:07] line:ungleich-otp% python manage.py ungleichotpclient create --server-url http://localhost:8000/ungleichotp/ --auth-name info@ungleich.ch --auth-realm ungleich-admin --auth-seed PZKBPTHDGSLZBKIZ --name nico$(date +%s) --realm ungleich-admin - -verify: - -``` -(venv) [23:07] line:ungleich-otp% python manage.py ungleichotpclient verify --server-url http://localhost:8000/ungleichotp/ --auth-name info@ungleich.ch --auth-realm ungleich-admin --auth-seed PZKBPTHDGSLZBKIZ --name nico1546206660 --realm ungleich-admin --seed IXTARIU4H2F574M3 -``` - -list: - -``` -(venv) [23:14] line:ungleich-otp% python manage.py ungleichotpclient list --server-url http://localhost:8000/ungleichotp/ --auth-name info@ungleich.ch --auth-realm ungleich-admin --auth-seed PZKBPTHDGSLZBKIZ -``` - - ## Server Setup instructions ## This is a standard django project and thus can be easily setup using @@ -105,13 +100,13 @@ All micro services that are trusted to authenticate another micro service should have an entry in the ungleich-auth realm, which allows them to verify a token of somebody else. - +``` | Name | Capabilities | |------------------+--------------------------------------------| | ungleich-admin | authenticate, create, delete, list, update | | ungleich-auth | authenticate | | all other realms | NO ACCESS | - +``` ## Verify using http POST ## @@ -165,8 +160,8 @@ your application. ## Limitations ## -* Name, Realm and seed are hard coded to 128 bytes length. This can be - changed, if necessary. +* Name, Realm and seed are hard coded to 128 bytes length. + This can be changed, if necessary. * Only python3 support for ungleichotp @@ -191,8 +186,8 @@ your application. - [x] (server) Implement creating new "User" by POST / Model based - [n] (server) Remove hard coded JSON in /verify (no - good enough for the moment) - [x] (server) Fully rename server from ungleichotp to ungleichotpserver -- [ ] (security) Ensure that only the right realms can verify -- [ ] (security) Ensure that only the right realms can manage +- [x] (security) Ensure that only the right realms can verify +- [x] (security) Ensure that only the right realms can manage - [ ] (doc) Add proper documentation - [ ] (server) Add tests for verify - [ ] (server) Add tests for authentication @@ -205,14 +200,18 @@ your application. - [ ] (client) Bootstrap Django + DRF (including an object for CRUD) - [ ] (client) Add custom authentication / remote auth - [ ] (client) Show case: any realm vs. specific realm -- [ ] (library) Write a "client library" that can use ungleichotp -- [ ] (library) extract generic parts from server +- [x] (library) Write a "client library" that can use ungleichotp +- [x] (library) extract generic parts from server - [ ] (library) upload to pypi ## Changelog +### 0.8, 2019-02-08 + +* Verify needed to call super() + ### 0.6, 2018-11-18 * Reuse TokenSerializer for VerifySerializer logic diff --git a/otpauth/models.py b/otpauth/models.py index 35862a0..de2ad3e 100644 --- a/otpauth/models.py +++ b/otpauth/models.py @@ -39,5 +39,5 @@ class OTPAuthentication(authentication.BaseAuthentication): if not request.path == "/ungleichotp/verify/": raise exceptions.AuthenticationFailed() - print("AUTH DONE: {} - {}".format(request.path, instance)) + # print("AUTH DONE: {} - {}".format(request.path, instance)) return (instance, token)