Update doc, run actual authentication on verify
This commit is contained in:
parent
8bd256a1d7
commit
97b612e626
4 changed files with 29 additions and 29 deletions
37
README.md
37
README.md
|
@ -26,39 +26,38 @@ server.
|
|||
|
||||
## Using the ungleichotpclient ##
|
||||
|
||||
All client commands need the parameters --auth-name and --auth-realm.
|
||||
Also either --auth-seed or --auth-token needs to be specified.
|
||||
```
|
||||
python manage.py ungleichotpclient create \
|
||||
--server-url https://otp.ungleich.ch/ungleichotp/
|
||||
--name admin
|
||||
--realm ungleich-admin
|
||||
--seed AVALIDSEED
|
||||
--auth-name admin
|
||||
--auth-realm ungleich-admin
|
||||
[--auth-seed THESEEDFORADMIN]
|
||||
[--auth-token THECURRENTTOKEN]
|
||||
```
|
||||
|
||||
Assuming you want to verify
|
||||
(name=ipv6only, realm=ungleich-intern, token=498593) is a
|
||||
valid triple and you do have credentials to access ungleich-otp
|
||||
(name=info@ungleich.ch, realm=ungleich-admin, seed=PZKBPTHDGSLZBKIZ),
|
||||
then the following call will verify the token:
|
||||
### Creating new users
|
||||
|
||||
```
|
||||
UNGLEICHOTPNAME=info@ungleich.ch \
|
||||
UNGLEICHOTPREALM=ungleich-admin \
|
||||
UNGLEICHOTPSEED=PZKBPTHDGSLZBKIZ \
|
||||
UNGLEICHOTPSERVER=http://localhost:8000/ungleichotp/verify/ \
|
||||
python ungleichotpclient.py -n -r ungleich --token 498593
|
||||
--name USERNAME --realm REALMOFUSER --token TOKENTOBEVERIFIED verify
|
||||
```
|
||||
|
||||
### Verifying a token is correct
|
||||
|
||||
Verify using:
|
||||
|
||||
```
|
||||
--name USERNAME --realm REALMOFUSER --token TOKENTOBEVERIFIED verify
|
||||
```
|
||||
|
||||
You can also verify using a seed:
|
||||
|
||||
```
|
||||
UNGLEICHOTPNAME=info@ungleich.ch \
|
||||
UNGLEICHOTPREALM=ungleich-admin \
|
||||
UNGLEICHOTPSEED=PZKBPTHDGSLZBKIZ \
|
||||
UNGLEICHOTPSERVER=http://localhost:8000/ungleichotp/verify/ \
|
||||
python ungleichotpclient.py -n -r ungleich --seed CEKXVG3235PO2HDW
|
||||
--name USERNAME --realm REALMOFUSER --seed SEEDOFUSER verify
|
||||
```
|
||||
|
||||
The client requires pyotp.
|
||||
|
||||
|
||||
## Sample 2018-12-30
|
||||
|
||||
|
|
|
@ -14,16 +14,16 @@ class Command(BaseCommand):
|
|||
parser.add_argument('--server-url', required=True)
|
||||
|
||||
# For creating / verifying
|
||||
parser.add_argument('--name')
|
||||
parser.add_argument('--realm')
|
||||
parser.add_argument('--token')
|
||||
parser.add_argument('--seed')
|
||||
parser.add_argument('--name', help="Name to create/verify")
|
||||
parser.add_argument('--realm', help="Realm for create/verify")
|
||||
parser.add_argument('--token', help="Token for create/verify")
|
||||
parser.add_argument('--seed', help="Seed for create/verify")
|
||||
|
||||
# How to authenticate against ungleich-otp
|
||||
parser.add_argument('--auth-name', required=True)
|
||||
parser.add_argument('--auth-realm', required=True)
|
||||
parser.add_argument('--auth-token')
|
||||
parser.add_argument('--auth-seed')
|
||||
parser.add_argument('--auth-name', required=True, help="Name for auth")
|
||||
parser.add_argument('--auth-realm', required=True, help="Realm for auth")
|
||||
parser.add_argument('--auth-token', help="Token for auth")
|
||||
parser.add_argument('--auth-seed', help="Seed for auth")
|
||||
|
||||
parser.add_argument('command', choices=['create',
|
||||
'delete',
|
||||
|
|
|
@ -30,10 +30,8 @@ class OTPAuthentication(authentication.BaseAuthentication):
|
|||
serializer = TokenSerializer(data=request.data)
|
||||
|
||||
if serializer.is_valid():
|
||||
print("trying to save... {}".format(serializer))
|
||||
instance, token = serializer.save()
|
||||
else:
|
||||
print("Invalide serialize,")
|
||||
raise exceptions.AuthenticationFailed()
|
||||
|
||||
# not dealing with admin realm -> can only be auth [see serializer]
|
||||
|
|
|
@ -66,3 +66,6 @@ class VerifySerializer(TokenSerializer):
|
|||
|
||||
if not auth_realm == "ungleich-auth":
|
||||
raise exceptions.AuthenticationFailed()
|
||||
|
||||
# Do the authentication part
|
||||
super().save()
|
||||
|
|
Loading…
Reference in a new issue