Update doc, run actual authentication on verify
This commit is contained in:
parent
8bd256a1d7
commit
97b612e626
4 changed files with 29 additions and 29 deletions
37
README.md
37
README.md
|
@ -26,39 +26,38 @@ server.
|
||||||
|
|
||||||
## Using the ungleichotpclient ##
|
## Using the ungleichotpclient ##
|
||||||
|
|
||||||
|
All client commands need the parameters --auth-name and --auth-realm.
|
||||||
|
Also either --auth-seed or --auth-token needs to be specified.
|
||||||
```
|
```
|
||||||
python manage.py ungleichotpclient create \
|
python manage.py ungleichotpclient create \
|
||||||
--server-url https://otp.ungleich.ch/ungleichotp/
|
--server-url https://otp.ungleich.ch/ungleichotp/
|
||||||
--name admin
|
--auth-name admin
|
||||||
--realm ungleich-admin
|
--auth-realm ungleich-admin
|
||||||
--seed AVALIDSEED
|
[--auth-seed THESEEDFORADMIN]
|
||||||
|
[--auth-token THECURRENTTOKEN]
|
||||||
```
|
```
|
||||||
|
|
||||||
Assuming you want to verify
|
### Creating new users
|
||||||
(name=ipv6only, realm=ungleich-intern, token=498593) is a
|
|
||||||
valid triple and you do have credentials to access ungleich-otp
|
|
||||||
(name=info@ungleich.ch, realm=ungleich-admin, seed=PZKBPTHDGSLZBKIZ),
|
|
||||||
then the following call will verify the token:
|
|
||||||
|
|
||||||
```
|
```
|
||||||
UNGLEICHOTPNAME=info@ungleich.ch \
|
--name USERNAME --realm REALMOFUSER --token TOKENTOBEVERIFIED verify
|
||||||
UNGLEICHOTPREALM=ungleich-admin \
|
```
|
||||||
UNGLEICHOTPSEED=PZKBPTHDGSLZBKIZ \
|
|
||||||
UNGLEICHOTPSERVER=http://localhost:8000/ungleichotp/verify/ \
|
### Verifying a token is correct
|
||||||
python ungleichotpclient.py -n -r ungleich --token 498593
|
|
||||||
|
Verify using:
|
||||||
|
|
||||||
|
```
|
||||||
|
--name USERNAME --realm REALMOFUSER --token TOKENTOBEVERIFIED verify
|
||||||
```
|
```
|
||||||
|
|
||||||
You can also verify using a seed:
|
You can also verify using a seed:
|
||||||
|
|
||||||
```
|
```
|
||||||
UNGLEICHOTPNAME=info@ungleich.ch \
|
--name USERNAME --realm REALMOFUSER --seed SEEDOFUSER verify
|
||||||
UNGLEICHOTPREALM=ungleich-admin \
|
|
||||||
UNGLEICHOTPSEED=PZKBPTHDGSLZBKIZ \
|
|
||||||
UNGLEICHOTPSERVER=http://localhost:8000/ungleichotp/verify/ \
|
|
||||||
python ungleichotpclient.py -n -r ungleich --seed CEKXVG3235PO2HDW
|
|
||||||
```
|
```
|
||||||
|
|
||||||
The client requires pyotp.
|
|
||||||
|
|
||||||
## Sample 2018-12-30
|
## Sample 2018-12-30
|
||||||
|
|
||||||
|
|
|
@ -14,16 +14,16 @@ class Command(BaseCommand):
|
||||||
parser.add_argument('--server-url', required=True)
|
parser.add_argument('--server-url', required=True)
|
||||||
|
|
||||||
# For creating / verifying
|
# For creating / verifying
|
||||||
parser.add_argument('--name')
|
parser.add_argument('--name', help="Name to create/verify")
|
||||||
parser.add_argument('--realm')
|
parser.add_argument('--realm', help="Realm for create/verify")
|
||||||
parser.add_argument('--token')
|
parser.add_argument('--token', help="Token for create/verify")
|
||||||
parser.add_argument('--seed')
|
parser.add_argument('--seed', help="Seed for create/verify")
|
||||||
|
|
||||||
# How to authenticate against ungleich-otp
|
# How to authenticate against ungleich-otp
|
||||||
parser.add_argument('--auth-name', required=True)
|
parser.add_argument('--auth-name', required=True, help="Name for auth")
|
||||||
parser.add_argument('--auth-realm', required=True)
|
parser.add_argument('--auth-realm', required=True, help="Realm for auth")
|
||||||
parser.add_argument('--auth-token')
|
parser.add_argument('--auth-token', help="Token for auth")
|
||||||
parser.add_argument('--auth-seed')
|
parser.add_argument('--auth-seed', help="Seed for auth")
|
||||||
|
|
||||||
parser.add_argument('command', choices=['create',
|
parser.add_argument('command', choices=['create',
|
||||||
'delete',
|
'delete',
|
||||||
|
|
|
@ -30,10 +30,8 @@ class OTPAuthentication(authentication.BaseAuthentication):
|
||||||
serializer = TokenSerializer(data=request.data)
|
serializer = TokenSerializer(data=request.data)
|
||||||
|
|
||||||
if serializer.is_valid():
|
if serializer.is_valid():
|
||||||
print("trying to save... {}".format(serializer))
|
|
||||||
instance, token = serializer.save()
|
instance, token = serializer.save()
|
||||||
else:
|
else:
|
||||||
print("Invalide serialize,")
|
|
||||||
raise exceptions.AuthenticationFailed()
|
raise exceptions.AuthenticationFailed()
|
||||||
|
|
||||||
# not dealing with admin realm -> can only be auth [see serializer]
|
# not dealing with admin realm -> can only be auth [see serializer]
|
||||||
|
|
|
@ -66,3 +66,6 @@ class VerifySerializer(TokenSerializer):
|
||||||
|
|
||||||
if not auth_realm == "ungleich-auth":
|
if not auth_realm == "ungleich-auth":
|
||||||
raise exceptions.AuthenticationFailed()
|
raise exceptions.AuthenticationFailed()
|
||||||
|
|
||||||
|
# Do the authentication part
|
||||||
|
super().save()
|
||||||
|
|
Loading…
Reference in a new issue