Progressing, docs, queryset, viewset

This commit is contained in:
Nico Schottelius 2018-11-17 11:39:42 +01:00
parent bcd8c72e8e
commit eb2c57b68a
5 changed files with 24 additions and 33 deletions

View file

@ -4,7 +4,7 @@ ungleich-otp is a full blown authentication and authorisation service
made for micro services.
The basic idea is that every micro service has a (long term) seed and
creates time based tokens (TOTP, RFCXXXX).
creates time based tokens (See python pyotp, RFC4226, RFC6238).
## Setup instructions ##
@ -54,8 +54,6 @@ them to verify a token of somebody else.
| all other realms | NO ACCESS |
## Status ##
## Usage: REST ##
- Use an existing token to connect to the service
@ -68,10 +66,12 @@ Request JSON object:
```
{
version: "1",
appuuid: "your-app-uuid",
name: "your-name",
realm: "your-realm",
token: "current time based token",
appuuidtoverify: "appuuid that wants to be authenticated",
tokentoverify: "current time based token of appuuidtoverify",
verifyname: "name that wants to be authenticated",
verifyrealm: "realm that wants to be authenticated",
verifytoken: "token that wants to be authenticated",
}
```

View file

@ -12,12 +12,3 @@ class OTPSeed(models.Model):
def __str__(self):
return "'{}'@{}".format(self.name, self.realm)
# V1
# class OTPSeed(models.Model):
# appuuid = models.UUIDField(primary_key=True, default=uuid.uuid4, editable=False)
# appname = models.CharField(max_length=128)
# username = models.CharField(max_length=128)
# seed = models.CharField(max_length=128)
# trusted = models.BooleanField(default=False)

View file

@ -31,18 +31,15 @@ class VerifySerializer(serializers.ModelSerializer):
realm_in = validated_data.get('realm')
try:
found_instance = otpauth.models.OTPSeed.objects.get(name=name_in, realm=realm_in)
except OTPSeed.MultipleObjectsReturned:
db_instance = otpauth.models.OTPSeed.objects.get(name=name_in, realm=realm_in)
except (OTPSeed.MultipleObjectsReturned, OTPSeed.DoesNotExist):
# FIXME: correct return?
return None
# Generate token and compare
totp = pyotp.TOTP()
totp = pyotp.TOTP(db_instance.seed)
if totp.verify(token, valid_window=3):
if totp.verify(token_in, valid_window=3):
return "OK"
else:
return "FAIL"
verifytoken = serializers.CharField(max_length=128)
verifyrealm = serializers.CharField(max_length=128)

View file

@ -1,8 +1,11 @@
from django.shortcuts import render
from rest_framework import viewsets
from otpauth.serializers import VerifySerializer
from otpauth.serializer import VerifySerializer
# Create your views here.
class VerifyViewSet(viewsets.ModelViewSet):
serializer_class = VerifySerializer
def get_queryset(self):
return None

View file

@ -13,18 +13,12 @@ Including another URLconf
1. Import the include() function: from django.urls import include, path
2. Add a URL to urlpatterns: path('blog/', include('blog.urls'))
"""
from django.contrib import admin
from django.urls import path
# from django.conf.urls import url, include
# urlpatterns = [
# url(r'^api-auth/', include('rest_framework.urls'))
# ]
from django.conf.urls import url, include
from django.contrib.auth.models import User
from rest_framework import routers, serializers, viewsets
@ -43,6 +37,12 @@ class UserViewSet(viewsets.ModelViewSet):
router = routers.DefaultRouter()
router.register(r'users', UserViewSet)
from otpauth.models import OTPSeed
from otpauth.views import VerifyViewSet
router.register(r'ungleichotp', VerifyViewSet, basename='ungleichotp')
# Wire up our API using automatic URL routing.
# Additionally, we include login URLs for the browsable API.
urlpatterns = [