++ doc, begin improving serializers

2018-11-18 13:24:09 +01:00 · 2018-11-18 13:24:09 +01:00 · d0a3cdce52
commit d0a3cdce52
parent b16d484406
3 changed files with 29 additions and 1 deletions
--- a/README.md
+++ b/README.md
@ -203,4 +203,14 @@ Don’t forget to point AUTH_USER_MODEL to it. Do this before creating any migra
 - [ ] make settings adjustable by environment (?)
 - [ ] Remove hard coded JSON (?)

+
+### To document
+
+* Login via username password interactively
+* Login via name/realm/token rest
+
 ## Changelog
+
+### 0.5, 2018-11-18
+
+* Require authentication on all rest endpoints by token
--- a/ungleichotp/otpauth/serializer.py
+++ b/ungleichotp/otpauth/serializer.py
@ -13,7 +13,14 @@ class OTPSerializer(serializers.ModelSerializer):
        validated_data['seed'] = pyotp.random_base32()
        return OTPSeed.objects.create(**validated_data)

-class VerifySerializer(serializers.Serializer):
+class VerifySerializerV1(serializers.Serializer):
+    """
+    This is the first version of the serializer that would authenticate the request
+    itself. This is not necessary anymore starting from version 0.5
+
+    Code to be removed prior to 1.0
+    """
+
    name = serializers.CharField(max_length=128)
    token = serializers.CharField(max_length=128)
    realm = serializers.CharField(max_length=128)
@ -62,6 +69,10 @@ class TokenSerializer(serializers.Serializer):
    token = serializers.CharField(max_length=128)
    realm = serializers.CharField(max_length=128)

+    token_name = 'token'
+    name_name = 'name'
+    realm_name = 'realm'
+
    def save(self):
        token_in = self.validated_data.get('token')
        name_in =  self.validated_data.get('name')
@ -79,3 +90,8 @@ class TokenSerializer(serializers.Serializer):
            raise exceptions.AuthenticationFailed()

        return (db_instance, token_in)
+
+class VerifySerializer(TokenSerializer):
+    token_name = 'verifytoken'
+    name_name = 'verifyname'
+    realm_name = 'verifyrealm'
--- a/ungleichotp/otpauth/views.py
+++ b/ungleichotp/otpauth/views.py
@ -11,6 +11,7 @@ from django.http import HttpResponse, JsonResponse
 from otpauth.serializer import VerifySerializer, OTPSerializer
 from otpauth.models import OTPSeed

+# Version 2 model - model based ++ verify action
 class OTPVerifyViewSet(viewsets.ModelViewSet):
    serializer_class = OTPSerializer
    queryset = OTPSeed.objects.all()
@ -26,6 +27,7 @@ class OTPVerifyViewSet(viewsets.ModelViewSet):
        return JsonResponse(serializer.errors, status=400)


+# Version 1 model - should be removed
 class VerifyViewSet(viewsets.ViewSet):
    serializer_class = VerifySerializer