Require authentication on all rest endpoints

This commit is contained in:
Nico Schottelius 2018-11-18 13:10:51 +01:00
parent 9dc6e02029
commit b16d484406
2 changed files with 18 additions and 6 deletions

View File

@ -190,12 +190,17 @@ Dont forget to point AUTH_USER_MODEL to it. Do this before creating any migra
- password is used for admin login (?)
- seed
- custom auth method
- [ ] try to fake username for django based on name+realm (?)
- [ ] maybe overwrite get_username() (?)
- [ ] Use Custom authentication (?) - needs to have a user
- [ ] Implement creating new "User"
- [n] try to fake username for django based on name+realm (?)
- [n] maybe overwrite get_username() (?)
- [x] Use Custom authentication - needs to have a user!
- [x] Implement creating new "User"
- by POST / Model based
- [ ] Add tests for verify
- [ ] Add tests for authentication
- [ ] Add proper documentation
- [ ] move totp constants into settings
- [ ] move field lengths into settings
- [ ] make settings adjustable by environment (?)
- [ ] Remove hard coded JSON (?)
## Changelog

View File

@ -102,14 +102,23 @@ AUTH_PASSWORD_VALIDATORS = [
]
# Customer user model so that we can use our tokens for authentication!
AUTH_USER_MODEL = 'otpauth.OTPSeed'
# Custom authentication so we can use tokens ourselves
REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES': (
'rest_framework.authentication.SessionAuthentication',
'otpauth.models.OTPAuthentication'
),
'DEFAULT_PERMISSION_CLASSES': (
'rest_framework.permissions.IsAuthenticated',
)
}
# Internationalization
# https://docs.djangoproject.com/en/2.1/topics/i18n/
@ -128,5 +137,3 @@ USE_TZ = True
# https://docs.djangoproject.com/en/2.1/howto/static-files/
STATIC_URL = '/static/'
AUTH_USER_MODEL = 'otpauth.OTPSeed'