Cleanup!
This commit is contained in:
Nico Schottelius
parent
2d147d961c
commit
a0d15ecf23
4 changed files with 23 additions and 149 deletions
136
README.md
136
README.md
|
|
@ -78,143 +78,31 @@ Request JSON object:
|
||||||
|
|
||||||
Response JSON object:
|
Response JSON object:
|
||||||
|
|
||||||
Either
|
Either HTTP 200 with
|
||||||
```
|
```
|
||||||
{
|
{
|
||||||
status: "OK",
|
status: "OK",
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
OR
|
OR return code 403:
|
||||||
|
|
||||||
|
* If token for authenticating is wrong, you get
|
||||||
|
|
||||||
```
|
```
|
||||||
{
|
{"detail":"Incorrect authentication credentials."}
|
||||||
status: "FAIL",
|
|
||||||
}
|
|
||||||
```
|
```
|
||||||
|
|
||||||
### POST /register
|
* If token that is being verified is wrong, you get
|
||||||
|
|
||||||
Register a new seed. Returns an app ID.
|
|
||||||
|
|
||||||
Request JSON object:
|
|
||||||
|
|
||||||
```
|
```
|
||||||
{
|
{"detail":"You do not have permission to perform this action."}
|
||||||
version: "1",
|
|
||||||
appuuid: "your-app-uuid",
|
|
||||||
token: "current time based token",
|
|
||||||
username: "user this app belongs to",
|
|
||||||
appname: "name of your web app"
|
|
||||||
}
|
|
||||||
```
|
```
|
||||||
|
|
||||||
Response JSON object:
|
### GET, POST, ... /ungleichotp/
|
||||||
|
|
||||||
```
|
Standard django rest framework behaviour for updating / listing
|
||||||
{
|
objects.
|
||||||
status: "OK",
|
|
||||||
appuuid: "UUID of your app",
|
|
||||||
}
|
|
||||||
```
|
|
||||||
|
|
||||||
OR
|
|
||||||
|
|
||||||
```
|
|
||||||
{
|
|
||||||
status: "FAIL",
|
|
||||||
error: "Reason for failure"
|
|
||||||
}
|
|
||||||
```
|
|
||||||
|
|
||||||
### POST /app/register
|
|
||||||
|
|
||||||
Register a new app. Returns an app ID.
|
|
||||||
|
|
||||||
Request JSON object:
|
|
||||||
|
|
||||||
```
|
|
||||||
{
|
|
||||||
version: "1",
|
|
||||||
appuuid: "your-app-uuid",
|
|
||||||
token: "current time based token",
|
|
||||||
username: "user this app belongs to",
|
|
||||||
appname: "name of your web app"
|
|
||||||
}
|
|
||||||
```
|
|
||||||
|
|
||||||
Response JSON object:
|
|
||||||
|
|
||||||
```
|
|
||||||
{
|
|
||||||
status: "OK",
|
|
||||||
appuuid: "UUID of your app",
|
|
||||||
}
|
|
||||||
```
|
|
||||||
|
|
||||||
OR
|
|
||||||
|
|
||||||
```
|
|
||||||
{
|
|
||||||
status: "FAIL",
|
|
||||||
error: "Reason for failure"
|
|
||||||
}
|
|
||||||
```
|
|
||||||
|
|
||||||
### GET /app
|
|
||||||
|
|
||||||
List all registered apps for the current user.
|
|
||||||
|
|
||||||
Request JSON object:
|
|
||||||
|
|
||||||
```
|
|
||||||
{
|
|
||||||
version: "1",
|
|
||||||
appuuid: "your-app-uuid",
|
|
||||||
token: "current time based token"
|
|
||||||
}
|
|
||||||
```
|
|
||||||
|
|
||||||
Response JSON object:
|
|
||||||
|
|
||||||
```
|
|
||||||
{
|
|
||||||
status: "OK",
|
|
||||||
apps: [
|
|
||||||
{
|
|
||||||
name: "name of your web app"
|
|
||||||
appuuid: "UUID of your app",
|
|
||||||
},
|
|
||||||
{
|
|
||||||
name: "name of your second web app"
|
|
||||||
appuuid: "UUID of your second app",
|
|
||||||
}
|
|
||||||
]
|
|
||||||
}
|
|
||||||
```
|
|
||||||
|
|
||||||
### GET /app/UUID
|
|
||||||
|
|
||||||
Get seed for APP to be used as a token
|
|
||||||
|
|
||||||
Request JSON object:
|
|
||||||
|
|
||||||
```
|
|
||||||
{
|
|
||||||
version: "1",
|
|
||||||
appuuid: "your-app-uuid",
|
|
||||||
token: "current time based token"
|
|
||||||
}
|
|
||||||
```
|
|
||||||
|
|
||||||
Response JSON object:
|
|
||||||
|
|
||||||
```
|
|
||||||
{
|
|
||||||
status: "OK",
|
|
||||||
seed: "seed of your app"
|
|
||||||
}
|
|
||||||
```
|
|
||||||
|
|
||||||
|
|
||||||
## Usage: OTP
|
## Usage: OTP
|
||||||
|
|
@ -296,6 +184,7 @@ Don’t forget to point AUTH_USER_MODEL to it. Do this before creating any migra
|
||||||
- [x] Implement registering of new entries
|
- [x] Implement registering of new entries
|
||||||
- [x] OTPSerializer: allow to read seed for admin
|
- [x] OTPSerializer: allow to read seed for admin
|
||||||
- [x] Implement deleting entry
|
- [x] Implement deleting entry
|
||||||
|
- [x] Include verify in ModelSerializer
|
||||||
- [ ] Remove hard coded JSON (?)
|
- [ ] Remove hard coded JSON (?)
|
||||||
- [ ] Use Custom authentication (?) - needs to have a user
|
- [ ] Use Custom authentication (?) - needs to have a user
|
||||||
- [ ] Maybe we map name+realm == User (?)
|
- [ ] Maybe we map name+realm == User (?)
|
||||||
|
|
@ -305,3 +194,6 @@ Don’t forget to point AUTH_USER_MODEL to it. Do this before creating any migra
|
||||||
- custom auth method
|
- custom auth method
|
||||||
- [ ] Implement creating new "User"
|
- [ ] Implement creating new "User"
|
||||||
- by POST / Model based
|
- by POST / Model based
|
||||||
|
- [ ] move totp constants into settings
|
||||||
|
- [ ] move field lengths into settings
|
||||||
|
- [ ] make settings adjustable by environment (?)
|
||||||
|
|
|
||||||
|
|
@ -10,15 +10,7 @@ class OTPSerializer(serializers.ModelSerializer):
|
||||||
read_only_fields = ('seed',)
|
read_only_fields = ('seed',)
|
||||||
|
|
||||||
def create(self, validated_data):
|
def create(self, validated_data):
|
||||||
print(validated_data)
|
validated_data['seed'] = pyotp.random_base32()
|
||||||
print("BEING CALLED??")
|
|
||||||
name = validated_data.get('name')
|
|
||||||
realm = validated_data.get('realm')
|
|
||||||
|
|
||||||
# validated_data
|
|
||||||
seed = pyotp.random_base32()
|
|
||||||
validated_data['seed'] = seed
|
|
||||||
|
|
||||||
return OTPSeed.objects.create(**validated_data)
|
return OTPSeed.objects.create(**validated_data)
|
||||||
|
|
||||||
class VerifySerializer(serializers.Serializer):
|
class VerifySerializer(serializers.Serializer):
|
||||||
|
|
@ -30,25 +22,20 @@ class VerifySerializer(serializers.Serializer):
|
||||||
verifytoken = serializers.CharField(max_length=128)
|
verifytoken = serializers.CharField(max_length=128)
|
||||||
verifyrealm = serializers.CharField(max_length=128)
|
verifyrealm = serializers.CharField(max_length=128)
|
||||||
|
|
||||||
def create(self, validated_data):
|
def save(self):
|
||||||
print("all going to be verified - CREATE")
|
token_in = self.validated_data.get('token')
|
||||||
token_in = validated_data.get('token')
|
name_in = self.validated_data.get('name')
|
||||||
name_in = validated_data.get('name')
|
realm_in = self.validated_data.get('realm')
|
||||||
realm_in = validated_data.get('realm')
|
verifytoken = self.validated_data.get('verifytoken')
|
||||||
|
verifyname = self.validated_data.get('verifyname')
|
||||||
verifytoken = validated_data.get('verifytoken')
|
verifyrealm = self.validated_data.get('verifyrealm')
|
||||||
verifyname = validated_data.get('verifyname')
|
|
||||||
verifyrealm = validated_data.get('verifyrealm')
|
|
||||||
|
|
||||||
# 1. Verify that the connection might authenticate
|
# 1. Verify that the connection might authenticate
|
||||||
|
|
||||||
try:
|
try:
|
||||||
db_instance = otpauth.models.OTPSeed.objects.get(name=name_in, realm=realm_in)
|
db_instance = otpauth.models.OTPSeed.objects.get(name=name_in, realm=realm_in)
|
||||||
except (OTPSeed.MultipleObjectsReturned, OTPSeed.DoesNotExist):
|
except (OTPSeed.MultipleObjectsReturned, OTPSeed.DoesNotExist):
|
||||||
raise exceptions.AuthenticationFailed()
|
raise exceptions.AuthenticationFailed()
|
||||||
|
|
||||||
print("serializer found object")
|
|
||||||
|
|
||||||
totp = pyotp.TOTP(db_instance.seed)
|
totp = pyotp.TOTP(db_instance.seed)
|
||||||
|
|
||||||
if not totp.verify(token_in, valid_window=3):
|
if not totp.verify(token_in, valid_window=3):
|
||||||
|
|
@ -56,7 +43,6 @@ class VerifySerializer(serializers.Serializer):
|
||||||
|
|
||||||
|
|
||||||
# 2. Verify the requested data
|
# 2. Verify the requested data
|
||||||
|
|
||||||
try:
|
try:
|
||||||
verifyinstance = otpauth.models.OTPSeed.objects.get(name=verifyname, realm=verifyrealm)
|
verifyinstance = otpauth.models.OTPSeed.objects.get(name=verifyname, realm=verifyrealm)
|
||||||
except (OTPSeed.MultipleObjectsReturned, OTPSeed.DoesNotExist):
|
except (OTPSeed.MultipleObjectsReturned, OTPSeed.DoesNotExist):
|
||||||
|
|
@ -69,6 +55,3 @@ class VerifySerializer(serializers.Serializer):
|
||||||
|
|
||||||
print("All verified!")
|
print("All verified!")
|
||||||
return verifyinstance
|
return verifyinstance
|
||||||
|
|
||||||
def verify(self, validated_data):
|
|
||||||
print("all going to be verified - AAAAAAAA")
|
|
||||||
|
|
|
||||||
|
|
@ -20,6 +20,7 @@ class OTPVerifyViewSet(viewsets.ModelViewSet):
|
||||||
serializer = VerifySerializer(data=request.data)
|
serializer = VerifySerializer(data=request.data)
|
||||||
if serializer.is_valid():
|
if serializer.is_valid():
|
||||||
print(serializer)
|
print(serializer)
|
||||||
|
serializer.save()
|
||||||
return Response({'status': 'OK'})
|
return Response({'status': 'OK'})
|
||||||
|
|
||||||
return JsonResponse(serializer.errors, status=400)
|
return JsonResponse(serializer.errors, status=400)
|
||||||
|
|
|
||||||
|
|
@ -28,8 +28,6 @@ router = routers.DefaultRouter()
|
||||||
router.register(r'ungleichotp', VerifyViewSet, basename='ungleichotp')
|
router.register(r'ungleichotp', VerifyViewSet, basename='ungleichotp')
|
||||||
router.register(r'ungleichotpv2', OTPVerifyViewSet, basename='ungleichotpv2')
|
router.register(r'ungleichotpv2', OTPVerifyViewSet, basename='ungleichotpv2')
|
||||||
|
|
||||||
print(router.urls)
|
|
||||||
|
|
||||||
urlpatterns = [
|
urlpatterns = [
|
||||||
path('admin/', admin.site.urls),
|
path('admin/', admin.site.urls),
|
||||||
url(r'^', include(router.urls)),
|
url(r'^', include(router.urls)),
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue