From 97b612e62627cd6a3db806af3525f20bfd6047dd Mon Sep 17 00:00:00 2001 From: Nico Schottelius Date: Fri, 8 Feb 2019 19:25:07 +0100 Subject: [PATCH] Update doc, run actual authentication on verify --- README.md | 37 +++++++++---------- .../management/commands/ungleichotpclient.py | 16 ++++---- otpauth/models.py | 2 - otpauth/serializer.py | 3 ++ 4 files changed, 29 insertions(+), 29 deletions(-) diff --git a/README.md b/README.md index ce3f56b..078eb02 100644 --- a/README.md +++ b/README.md @@ -26,39 +26,38 @@ server. ## Using the ungleichotpclient ## +All client commands need the parameters --auth-name and --auth-realm. +Also either --auth-seed or --auth-token needs to be specified. ``` python manage.py ungleichotpclient create \ --server-url https://otp.ungleich.ch/ungleichotp/ - --name admin - --realm ungleich-admin - --seed AVALIDSEED + --auth-name admin + --auth-realm ungleich-admin + [--auth-seed THESEEDFORADMIN] + [--auth-token THECURRENTTOKEN] ``` -Assuming you want to verify -(name=ipv6only, realm=ungleich-intern, token=498593) is a -valid triple and you do have credentials to access ungleich-otp -(name=info@ungleich.ch, realm=ungleich-admin, seed=PZKBPTHDGSLZBKIZ), -then the following call will verify the token: +### Creating new users ``` -UNGLEICHOTPNAME=info@ungleich.ch \ -UNGLEICHOTPREALM=ungleich-admin \ -UNGLEICHOTPSEED=PZKBPTHDGSLZBKIZ \ -UNGLEICHOTPSERVER=http://localhost:8000/ungleichotp/verify/ \ - python ungleichotpclient.py -n -r ungleich --token 498593 +--name USERNAME --realm REALMOFUSER --token TOKENTOBEVERIFIED verify +``` + +### Verifying a token is correct + +Verify using: + +``` +--name USERNAME --realm REALMOFUSER --token TOKENTOBEVERIFIED verify ``` You can also verify using a seed: ``` -UNGLEICHOTPNAME=info@ungleich.ch \ -UNGLEICHOTPREALM=ungleich-admin \ -UNGLEICHOTPSEED=PZKBPTHDGSLZBKIZ \ -UNGLEICHOTPSERVER=http://localhost:8000/ungleichotp/verify/ \ - python ungleichotpclient.py -n -r ungleich --seed CEKXVG3235PO2HDW +--name USERNAME --realm REALMOFUSER --seed SEEDOFUSER verify ``` -The client requires pyotp. + ## Sample 2018-12-30 diff --git a/otpauth/management/commands/ungleichotpclient.py b/otpauth/management/commands/ungleichotpclient.py index 1cd0465..73f2483 100644 --- a/otpauth/management/commands/ungleichotpclient.py +++ b/otpauth/management/commands/ungleichotpclient.py @@ -14,16 +14,16 @@ class Command(BaseCommand): parser.add_argument('--server-url', required=True) # For creating / verifying - parser.add_argument('--name') - parser.add_argument('--realm') - parser.add_argument('--token') - parser.add_argument('--seed') + parser.add_argument('--name', help="Name to create/verify") + parser.add_argument('--realm', help="Realm for create/verify") + parser.add_argument('--token', help="Token for create/verify") + parser.add_argument('--seed', help="Seed for create/verify") # How to authenticate against ungleich-otp - parser.add_argument('--auth-name', required=True) - parser.add_argument('--auth-realm', required=True) - parser.add_argument('--auth-token') - parser.add_argument('--auth-seed') + parser.add_argument('--auth-name', required=True, help="Name for auth") + parser.add_argument('--auth-realm', required=True, help="Realm for auth") + parser.add_argument('--auth-token', help="Token for auth") + parser.add_argument('--auth-seed', help="Seed for auth") parser.add_argument('command', choices=['create', 'delete', diff --git a/otpauth/models.py b/otpauth/models.py index 4afcf4d..35862a0 100644 --- a/otpauth/models.py +++ b/otpauth/models.py @@ -30,10 +30,8 @@ class OTPAuthentication(authentication.BaseAuthentication): serializer = TokenSerializer(data=request.data) if serializer.is_valid(): - print("trying to save... {}".format(serializer)) instance, token = serializer.save() else: - print("Invalide serialize,") raise exceptions.AuthenticationFailed() # not dealing with admin realm -> can only be auth [see serializer] diff --git a/otpauth/serializer.py b/otpauth/serializer.py index 4c0b089..21edb8f 100644 --- a/otpauth/serializer.py +++ b/otpauth/serializer.py @@ -66,3 +66,6 @@ class VerifySerializer(TokenSerializer): if not auth_realm == "ungleich-auth": raise exceptions.AuthenticationFailed() + + # Do the authentication part + super().save()