ungleich-public
/
ungleich-otp
6
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Cleanup docs, remove debug print

This commit is contained in:
Nico Schottelius 2019-02-08 20:00:28 +01:00
parent 97b612e626
commit 1a54de525b
2 changed files with 32 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

63
README.md
View File

@ -18,14 +18,13 @@ Related documentation:
## Overview ## ## Overview ##
This repository the reference implementation of the ungleichotp This repository the reference implementation of the ungleichotp server.
server.
## Using the ungleichotpclient ## ## Using the ungleichotpclient ##
The client can be used to test the ungleich-otp-server.
All client commands need the parameters --auth-name and --auth-realm. All client commands need the parameters --auth-name and --auth-realm.
Also either --auth-seed or --auth-token needs to be specified. Also either --auth-seed or --auth-token needs to be specified.
``` ```
@ -40,9 +39,24 @@ python manage.py ungleichotpclient create \
### Creating new users ### Creating new users
``` ```
--name USERNAME --realm REALMOFUSER --token TOKENTOBEVERIFIED verify --name USERNAME --realm REALMOFUSER create
``` ```
The seed is randomly created.
### Listing users
```
list
```
### Deleting users
```
--name USERNAME --realm REALMOFUSER delete
```
### Verifying a token is correct ### Verifying a token is correct
Verify using: Verify using:
@ -58,25 +72,6 @@ You can also verify using a seed:
``` ```
## Sample 2018-12-30
create:
(venv) [23:07] line:ungleich-otp% python manage.py ungleichotpclient create --server-url http://localhost:8000/ungleichotp/ --auth-name info@ungleich.ch --auth-realm ungleich-admin --auth-seed PZKBPTHDGSLZBKIZ --name nico$(date +%s) --realm ungleich-admin
verify:
```
(venv) [23:07] line:ungleich-otp% python manage.py ungleichotpclient verify --server-url http://localhost:8000/ungleichotp/ --auth-name info@ungleich.ch --auth-realm ungleich-admin --auth-seed PZKBPTHDGSLZBKIZ --name nico1546206660 --realm ungleich-admin --seed IXTARIU4H2F574M3
```
list:
```
(venv) [23:14] line:ungleich-otp% python manage.py ungleichotpclient list --server-url http://localhost:8000/ungleichotp/ --auth-name info@ungleich.ch --auth-realm ungleich-admin --auth-seed PZKBPTHDGSLZBKIZ
```
## Server Setup instructions ## ## Server Setup instructions ##
This is a standard django project and thus can be easily setup using This is a standard django project and thus can be easily setup using
@ -105,13 +100,13 @@ All micro services that are trusted to authenticate another micro
service should have an entry in the ungleich-auth realm, which allows service should have an entry in the ungleich-auth realm, which allows
them to verify a token of somebody else. them to verify a token of somebody else.
```
| Name | Capabilities | | Name | Capabilities |
|------------------+--------------------------------------------| |------------------+--------------------------------------------|
| ungleich-admin | authenticate, create, delete, list, update | | ungleich-admin | authenticate, create, delete, list, update |
| ungleich-auth | authenticate | | ungleich-auth | authenticate |
| all other realms | NO ACCESS | | all other realms | NO ACCESS |
```
## Verify using http POST ## ## Verify using http POST ##
@ -165,8 +160,8 @@ your application.
## Limitations ## ## Limitations ##
* Name, Realm and seed are hard coded to 128 bytes length. This can be * Name, Realm and seed are hard coded to 128 bytes length.
changed, if necessary. This can be changed, if necessary.
* Only python3 support for ungleichotp * Only python3 support for ungleichotp
@ -191,8 +186,8 @@ your application.
- [x] (server) Implement creating new "User" by POST / Model based - [x] (server) Implement creating new "User" by POST / Model based
- [n] (server) Remove hard coded JSON in /verify (no - good enough for the moment) - [n] (server) Remove hard coded JSON in /verify (no - good enough for the moment)
- [x] (server) Fully rename server from ungleichotp to ungleichotpserver - [x] (server) Fully rename server from ungleichotp to ungleichotpserver
- [ ] (security) Ensure that only the right realms can verify - [x] (security) Ensure that only the right realms can verify
- [ ] (security) Ensure that only the right realms can manage - [x] (security) Ensure that only the right realms can manage
- [ ] (doc) Add proper documentation - [ ] (doc) Add proper documentation
- [ ] (server) Add tests for verify - [ ] (server) Add tests for verify
- [ ] (server) Add tests for authentication - [ ] (server) Add tests for authentication
@ -205,14 +200,18 @@ your application.
- [ ] (client) Bootstrap Django + DRF (including an object for CRUD) - [ ] (client) Bootstrap Django + DRF (including an object for CRUD)
- [ ] (client) Add custom authentication / remote auth - [ ] (client) Add custom authentication / remote auth
- [ ] (client) Show case: any realm vs. specific realm - [ ] (client) Show case: any realm vs. specific realm
- [ ] (library) Write a "client library" that can use ungleichotp - [x] (library) Write a "client library" that can use ungleichotp
- [ ] (library) extract generic parts from server - [x] (library) extract generic parts from server
- [ ] (library) upload to pypi - [ ] (library) upload to pypi
## Changelog ## Changelog
### 0.8, 2019-02-08
* Verify needed to call super()
### 0.6, 2018-11-18 ### 0.6, 2018-11-18
* Reuse TokenSerializer for VerifySerializer logic * Reuse TokenSerializer for VerifySerializer logic

2
otpauth/models.py
View File

@ -39,5 +39,5 @@ class OTPAuthentication(authentication.BaseAuthentication):
if not request.path == "/ungleichotp/verify/": if not request.path == "/ungleichotp/verify/":
raise exceptions.AuthenticationFailed() raise exceptions.AuthenticationFailed()
print("AUTH DONE: {} - {}".format(request.path, instance)) # print("AUTH DONE: {} - {}".format(request.path, instance))
return (instance, token) return (instance, token)