Update doc, run actual authentication on verify

This commit is contained in:
Nico Schottelius 2019-02-08 19:25:07 +01:00
parent 8bd256a1d7
commit 97b612e626
4 changed files with 29 additions and 29 deletions

View file

@ -26,39 +26,38 @@ server.
## Using the ungleichotpclient ## ## Using the ungleichotpclient ##
All client commands need the parameters --auth-name and --auth-realm.
Also either --auth-seed or --auth-token needs to be specified.
``` ```
python manage.py ungleichotpclient create \ python manage.py ungleichotpclient create \
--server-url https://otp.ungleich.ch/ungleichotp/ --server-url https://otp.ungleich.ch/ungleichotp/
--name admin --auth-name admin
--realm ungleich-admin --auth-realm ungleich-admin
--seed AVALIDSEED [--auth-seed THESEEDFORADMIN]
[--auth-token THECURRENTTOKEN]
``` ```
Assuming you want to verify ### Creating new users
(name=ipv6only, realm=ungleich-intern, token=498593) is a
valid triple and you do have credentials to access ungleich-otp
(name=info@ungleich.ch, realm=ungleich-admin, seed=PZKBPTHDGSLZBKIZ),
then the following call will verify the token:
``` ```
UNGLEICHOTPNAME=info@ungleich.ch \ --name USERNAME --realm REALMOFUSER --token TOKENTOBEVERIFIED verify
UNGLEICHOTPREALM=ungleich-admin \ ```
UNGLEICHOTPSEED=PZKBPTHDGSLZBKIZ \
UNGLEICHOTPSERVER=http://localhost:8000/ungleichotp/verify/ \ ### Verifying a token is correct
python ungleichotpclient.py -n -r ungleich --token 498593
Verify using:
```
--name USERNAME --realm REALMOFUSER --token TOKENTOBEVERIFIED verify
``` ```
You can also verify using a seed: You can also verify using a seed:
``` ```
UNGLEICHOTPNAME=info@ungleich.ch \ --name USERNAME --realm REALMOFUSER --seed SEEDOFUSER verify
UNGLEICHOTPREALM=ungleich-admin \
UNGLEICHOTPSEED=PZKBPTHDGSLZBKIZ \
UNGLEICHOTPSERVER=http://localhost:8000/ungleichotp/verify/ \
python ungleichotpclient.py -n -r ungleich --seed CEKXVG3235PO2HDW
``` ```
The client requires pyotp.
## Sample 2018-12-30 ## Sample 2018-12-30

View file

@ -14,16 +14,16 @@ class Command(BaseCommand):
parser.add_argument('--server-url', required=True) parser.add_argument('--server-url', required=True)
# For creating / verifying # For creating / verifying
parser.add_argument('--name') parser.add_argument('--name', help="Name to create/verify")
parser.add_argument('--realm') parser.add_argument('--realm', help="Realm for create/verify")
parser.add_argument('--token') parser.add_argument('--token', help="Token for create/verify")
parser.add_argument('--seed') parser.add_argument('--seed', help="Seed for create/verify")
# How to authenticate against ungleich-otp # How to authenticate against ungleich-otp
parser.add_argument('--auth-name', required=True) parser.add_argument('--auth-name', required=True, help="Name for auth")
parser.add_argument('--auth-realm', required=True) parser.add_argument('--auth-realm', required=True, help="Realm for auth")
parser.add_argument('--auth-token') parser.add_argument('--auth-token', help="Token for auth")
parser.add_argument('--auth-seed') parser.add_argument('--auth-seed', help="Seed for auth")
parser.add_argument('command', choices=['create', parser.add_argument('command', choices=['create',
'delete', 'delete',

View file

@ -30,10 +30,8 @@ class OTPAuthentication(authentication.BaseAuthentication):
serializer = TokenSerializer(data=request.data) serializer = TokenSerializer(data=request.data)
if serializer.is_valid(): if serializer.is_valid():
print("trying to save... {}".format(serializer))
instance, token = serializer.save() instance, token = serializer.save()
else: else:
print("Invalide serialize,")
raise exceptions.AuthenticationFailed() raise exceptions.AuthenticationFailed()
# not dealing with admin realm -> can only be auth [see serializer] # not dealing with admin realm -> can only be auth [see serializer]

View file

@ -66,3 +66,6 @@ class VerifySerializer(TokenSerializer):
if not auth_realm == "ungleich-auth": if not auth_realm == "ungleich-auth":
raise exceptions.AuthenticationFailed() raise exceptions.AuthenticationFailed()
# Do the authentication part
super().save()