diff --git a/otpauth/serializer.py b/otpauth/serializer.py index 21edb8f..2b7e74e 100644 --- a/otpauth/serializer.py +++ b/otpauth/serializer.py @@ -1,8 +1,11 @@ +import logging import pyotp import otpauth from rest_framework import serializers, exceptions from otpauth.models import OTPSeed +logger = logging.getLogger(__name__) + # For accessing / modifying the data -- currently unused class OTPSerializer(serializers.ModelSerializer): class Meta: @@ -32,21 +35,30 @@ class TokenSerializer(serializers.Serializer): # only 2 special realms can login if not auth_realm in ["ungleich-admin", "ungleich-auth" ]: + logger.error("Auth-realm is neither ungleich-admin " + "nor ungleich-auth".format() + ) raise exceptions.AuthenticationFailed() - print("auth: [{}]{}@'{}' {} + {})".format(self.name_name, auth_name, auth_realm, auth_token, self.validated_data)) + logger.debug("auth: [{}]{}@'{}' {} + {})".format( + self.name_name, auth_name, auth_realm, + auth_token, self.validated_data + )) # 1. Verify that the connection might authenticate try: db_instance = otpauth.models.OTPSeed.objects.get(name=auth_name, realm=auth_realm) except (OTPSeed.MultipleObjectsReturned, OTPSeed.DoesNotExist): - print("does not exist") + logger.error("OTPSeed name: {}, realm: {} does not exist".format( + auth_name, auth_realm + )) raise exceptions.AuthenticationFailed() totp = pyotp.TOTP(db_instance.seed) - print("calculated token = {}".format(totp.now())) + logger.debug("calculated token = {}".format(totp.now())) if not totp.verify(auth_token, valid_window=3): + logger.error("totp not verified") raise exceptions.AuthenticationFailed() return (db_instance, auth_token) @@ -65,6 +77,7 @@ class VerifySerializer(TokenSerializer): auth_realm = self.validated_data.get("auth_realm") if not auth_realm == "ungleich-auth": + logger.error("Auth-realm is not ungleich-auth") raise exceptions.AuthenticationFailed() # Do the authentication part