Can verify token

This commit is contained in:
Nico Schottelius 2018-11-17 18:48:12 +01:00
parent 02dd509a5a
commit 6b22532e98
4 changed files with 57 additions and 28 deletions

View file

@ -259,3 +259,8 @@ DATABASES = {
}
}
```
## TODOs
- [ ] serialize / input request
- [ ] Remove hard coded JSON

View file

@ -34,16 +34,36 @@ class VerifySerializer(serializers.Serializer):
name_in = validated_data.get('name')
realm_in = validated_data.get('realm')
verifytoken = validated_data.get('verifytoken')
verifyname = validated_data.get('verifyname')
verifyrealm = validated_data.get('verifyrealm')
# 1. Verify that the connection might authenticate
try:
db_instance = otpauth.models.OTPSeed.objects.get(name=name_in, realm=realm_in)
except (OTPSeed.MultipleObjectsReturned, OTPSeed.DoesNotExist):
raise exceptions.PermissionDenied()
raise exceptions.AuthenticationFailed()
print("serializer found object")
print("here?")
# Generate token and compare
totp = pyotp.TOTP(db_instance.seed)
if totp.verify(token_in, valid_window=3):
return "OK"
else:
return "FAIL"
if not totp.verify(token_in, valid_window=3):
raise exceptions.AuthenticationFailed()
# 2. Verify the requested data
try:
verifyinstance = otpauth.models.OTPSeed.objects.get(name=verifyname, realm=verifyrealm)
except (OTPSeed.MultipleObjectsReturned, OTPSeed.DoesNotExist):
raise exceptions.PermissionDenied()
totp = pyotp.TOTP(verifyinstance.seed)
if not totp.verify(verifytoken, valid_window=3):
raise exceptions.PermissionDenied()
print("All verified!")
return verifyinstance

View file

@ -1,11 +1,31 @@
from django.shortcuts import render
from rest_framework import viewsets
from rest_framework.parsers import JSONParser
from otpauth.serializer import VerifySerializer
from django.http import HttpResponse, JsonResponse
# Create your views here.
import json
class VerifyViewSet(viewsets.ModelViewSet):
class VerifyViewSetV1(viewsets.ModelViewSet):
serializer_class = VerifySerializer
def get_queryset(self):
return None
class VerifyViewSet(viewsets.ViewSet):
serializer_class = VerifySerializer
def create(self, request):
data = JSONParser().parse(request)
serializer = VerifySerializer(data=data)
if serializer.is_valid():
print("is valid")
print(serializer)
#serializer.save()
return JsonResponse(serializer.data, status=201)
return JsonResponse(serializer.errors, status=400)
def get_queryset(self):
return []

View file

@ -18,33 +18,17 @@ Including another URLconf
from django.contrib import admin
from django.urls import path
from django.conf.urls import url, include
from django.contrib.auth.models import User
from rest_framework import routers, serializers, viewsets
# Serializers define the API representation.
class UserSerializer(serializers.HyperlinkedModelSerializer):
class Meta:
model = User
fields = ('url', 'username', 'email', 'is_staff')
# ViewSets define the view behavior.
class UserViewSet(viewsets.ModelViewSet):
queryset = User.objects.all()
serializer_class = UserSerializer
# Routers provide an easy way of automatically determining the URL conf.
router = routers.DefaultRouter()
router.register(r'users', UserViewSet)
from otpauth.models import OTPSeed
from otpauth.views import VerifyViewSet
router = routers.DefaultRouter()
router.register(r'ungleichotp', VerifyViewSet, basename='ungleichotp')
print(router.urls)
# Wire up our API using automatic URL routing.
# Additionally, we include login URLs for the browsable API.
urlpatterns = [
path('admin/', admin.site.urls),
url(r'^', include(router.urls)),