From 41c49800ee365b00e47bf00a2f16608769d5b2ab Mon Sep 17 00:00:00 2001 From: Nico Schottelius Date: Sat, 17 Nov 2018 01:11:17 +0100 Subject: [PATCH] Begin integration of django rest framework --- README.md | 101 ++++++++++++++++++---------- requirements.txt | 5 ++ ungleichotp/ungleichotp/settings.py | 1 + ungleichotp/ungleichotp/urls.py | 31 +++++++++ 4 files changed, 101 insertions(+), 37 deletions(-) diff --git a/README.md b/README.md index da9ba1e..abcd781 100644 --- a/README.md +++ b/README.md @@ -1,57 +1,50 @@ # ungleich-otp -The ungleich OTP service that allows you access to the ungleich micro -service infrastructure. +ungleich-otp is a full blown authentication and authorisation service +made for micro services. -We are using +The basic idea is that every micro service has a (long term) seed and +creates time based tokens (TOTP, RFCXXXX). -- nameko for internal communication -- django for the DB + admin interface +## Setup instructions ## -## Status - -In development, pre production. - -## Usage: WEB - -- No user interface (UI) supported (?) - -> idea is to keep flow logic in ungleich-dynamicweb - -## Usage: BUS - -### RPC: verify(appuuid, token, appuuidtoverify, tokentoverify) - -Verify whether the requesting app is authenticated. This is only -allowed to be used for trusted appuuids. - -Returns a JSON object: - -Either -``` -{ - status: "OK" -} -``` - -OR +This is a standard django project and thus can be easily setup using ``` -{ - status: "FAIL" -} +pip install -r requirements.txt ``` +To bootstrap the application, you need your very first trusted seed to +access the application. You can generate it using +``` +to be filled in +``` -## Usage: REST +After that, you can run the application using + +``` +python manage.py runserver +``` + +The usual instructions on how to setup an https proxy should be followed. + +## Realms ## + +Access is granting/denied based on realms. There are two reserved +realms, all other realms can be used by the users: + +* ungleich-admin: realm?? + +## Status ## + +## Usage: REST ## - Use an existing token to connect to the service - All REST based messages: JSON ### POST: /verify -Not sure if this one will be publicly available. - Request JSON object: ``` @@ -81,6 +74,40 @@ OR } ``` +### POST /register + +Register a new seed. Returns an app ID. + +Request JSON object: + +``` +{ + version: "1", + appuuid: "your-app-uuid", + token: "current time based token", + username: "user this app belongs to", + appname: "name of your web app" +} +``` + +Response JSON object: + +``` +{ + status: "OK", + appuuid: "UUID of your app", +} +``` + +OR + +``` +{ + status: "FAIL", + error: "Reason for failure" +} +``` + ### POST /app/register Register a new app. Returns an app ID. diff --git a/requirements.txt b/requirements.txt index fe2ee42..622b30d 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,2 +1,7 @@ pyotp>=2.2.6 django>=2.1.2 +djangorestframework + +# Recommended +markdown +django-filter diff --git a/ungleichotp/ungleichotp/settings.py b/ungleichotp/ungleichotp/settings.py index 9e900e7..61d8119 100644 --- a/ungleichotp/ungleichotp/settings.py +++ b/ungleichotp/ungleichotp/settings.py @@ -37,6 +37,7 @@ INSTALLED_APPS = [ 'django.contrib.sessions', 'django.contrib.messages', 'django.contrib.staticfiles', + 'rest_framework', 'otpauth' ] diff --git a/ungleichotp/ungleichotp/urls.py b/ungleichotp/ungleichotp/urls.py index a33c5bb..070c371 100644 --- a/ungleichotp/ungleichotp/urls.py +++ b/ungleichotp/ungleichotp/urls.py @@ -15,7 +15,38 @@ Including another URLconf """ from django.contrib import admin from django.urls import path +# from django.conf.urls import url, include + +# urlpatterns = [ + +# url(r'^api-auth/', include('rest_framework.urls')) +# ] + + +from django.conf.urls import url, include +from django.contrib.auth.models import User +from rest_framework import routers, serializers, viewsets + +# Serializers define the API representation. +class UserSerializer(serializers.HyperlinkedModelSerializer): + class Meta: + model = User + fields = ('url', 'username', 'email', 'is_staff') + +# ViewSets define the view behavior. +class UserViewSet(viewsets.ModelViewSet): + queryset = User.objects.all() + serializer_class = UserSerializer + +# Routers provide an easy way of automatically determining the URL conf. +router = routers.DefaultRouter() +router.register(r'users', UserViewSet) + +# Wire up our API using automatic URL routing. +# Additionally, we include login URLs for the browsable API. urlpatterns = [ path('admin/', admin.site.urls), + url(r'^', include(router.urls)), + url(r'^api-auth/', include('rest_framework.urls', namespace='rest_framework')) ]