Update doc, run actual authentication on verify

2019-02-08 19:25:07 +01:00 · 2019-02-08 19:25:07 +01:00 · 97b612e626
parent 8bd256a1d7
commit 97b612e626
4 changed files with 29 additions and 29 deletions
--- a/README.md
+++ b/README.md
@ -26,39 +26,38 @@ server.
 ## Using the ungleichotpclient ##
 All client commands need the parameters --auth-name and --auth-realm.
 Also either --auth-seed or --auth-token needs to be specified.
 ```
 python manage.py ungleichotpclient create \
    --server-url https://otp.ungleich.ch/ungleichotp/
-    --name admin
+    --auth-name admin
-    --realm ungleich-admin
+    --auth-realm ungleich-admin
-    --seed AVALIDSEED
+    [--auth-seed THESEEDFORADMIN]
    [--auth-token THECURRENTTOKEN]
 ```
-Assuming you want to verify
+### Creating new users
 (name=ipv6only, realm=ungleich-intern, token=498593) is a
 valid triple and you do have credentials to access ungleich-otp
 (name=info@ungleich.ch, realm=ungleich-admin, seed=PZKBPTHDGSLZBKIZ),
 then the following call will verify the token:
 ```
-UNGLEICHOTPNAME=info@ungleich.ch \
+--name USERNAME --realm REALMOFUSER --token TOKENTOBEVERIFIED verify
-UNGLEICHOTPREALM=ungleich-admin \
+```
-UNGLEICHOTPSEED=PZKBPTHDGSLZBKIZ \
+
-UNGLEICHOTPSERVER=http://localhost:8000/ungleichotp/verify/ \
+### Verifying a token is correct
-    python ungleichotpclient.py -n  -r ungleich --token 498593
+
 Verify using:
 ```
 --name USERNAME --realm REALMOFUSER --token TOKENTOBEVERIFIED verify
 ```
 You can also verify using a seed:
 ```
-UNGLEICHOTPNAME=info@ungleich.ch \
+--name USERNAME --realm REALMOFUSER --seed SEEDOFUSER verify
 UNGLEICHOTPREALM=ungleich-admin \
 UNGLEICHOTPSEED=PZKBPTHDGSLZBKIZ \
 UNGLEICHOTPSERVER=http://localhost:8000/ungleichotp/verify/ \
    python ungleichotpclient.py -n  -r ungleich --seed CEKXVG3235PO2HDW
 ```
-The client requires pyotp.
+
 ## Sample 2018-12-30
--- a/otpauth/management/commands/ungleichotpclient.py
+++ b/otpauth/management/commands/ungleichotpclient.py
@ -14,16 +14,16 @@ class Command(BaseCommand):
        parser.add_argument('--server-url', required=True)
        # For creating / verifying
-        parser.add_argument('--name')
+        parser.add_argument('--name', help="Name to create/verify")
-        parser.add_argument('--realm')
+        parser.add_argument('--realm', help="Realm for create/verify")
-        parser.add_argument('--token')
+        parser.add_argument('--token', help="Token for create/verify")
-        parser.add_argument('--seed')
+        parser.add_argument('--seed', help="Seed for create/verify")
        # How to authenticate against ungleich-otp
-        parser.add_argument('--auth-name', required=True)
+        parser.add_argument('--auth-name', required=True, help="Name for auth")
-        parser.add_argument('--auth-realm', required=True)
+        parser.add_argument('--auth-realm', required=True, help="Realm for auth")
-        parser.add_argument('--auth-token')
+        parser.add_argument('--auth-token', help="Token for auth")
-        parser.add_argument('--auth-seed')
+        parser.add_argument('--auth-seed', help="Seed for auth")
        parser.add_argument('command', choices=['create',
                                                'delete',
--- a/otpauth/models.py
+++ b/otpauth/models.py
@ -30,10 +30,8 @@ class OTPAuthentication(authentication.BaseAuthentication):
        serializer = TokenSerializer(data=request.data)
        if serializer.is_valid():
            print("trying to save... {}".format(serializer))
            instance, token = serializer.save()
        else:
            print("Invalide serialize,")
            raise exceptions.AuthenticationFailed()
        # not dealing with admin realm -> can only be auth [see serializer]
--- a/otpauth/serializer.py
+++ b/otpauth/serializer.py
@ -66,3 +66,6 @@ class VerifySerializer(TokenSerializer):
        if not auth_realm == "ungleich-auth":
            raise exceptions.AuthenticationFailed()
        # Do the authentication part
        super().save()