From 95b5b173d6d7d5be988e252f4d674bd4a534f741 Mon Sep 17 00:00:00 2001
From: William Colmenares <colmenares.william@gmail.com>
Date: Sat, 1 Jun 2019 08:03:59 -0400
Subject: [PATCH 1/6] added minimal flask app

---
 flaskapp/__init__.py |  0
 flaskapp/app.py      | 66 ++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 66 insertions(+)
 create mode 100644 flaskapp/__init__.py
 create mode 100644 flaskapp/app.py

diff --git a/flaskapp/__init__.py b/flaskapp/__init__.py
new file mode 100644
index 0000000..e69de29
diff --git a/flaskapp/app.py b/flaskapp/app.py
new file mode 100644
index 0000000..aaf142f
--- /dev/null
+++ b/flaskapp/app.py
@@ -0,0 +1,66 @@
+from flask import Flask, request, jsonify, json
+from flask_restful import Resource, Api
+import requests
+from decouple import config
+from pyotp import TOTP
+
+app = Flask(__name__)
+api = Api(app)
+
+
+def check_otp(name, realm, token):
+    data = {
+        "auth_name": config('AUTH_NAME', ''),
+        "auth_token": TOTP(config('AUTH_SEED', '')).now(),
+        "auth_realm": config('AUTH_REALM', ''),
+        "name": name,
+        "realm": realm,
+        "token": token
+    }
+    response = requests.post(
+        "https://{OTP_SERVER}{OTP_VERIFY_ENDPOINT}".format(
+            OTP_SERVER=config('OTP_SERVER', ''),
+            OTP_VERIFY_ENDPOINT=config('OTP_VERIFY_ENDPOINT', '/ungleichotp/verify/')
+        ),
+        data=data
+    )
+    return response.status_code
+
+
+class MainView(Resource):
+    def get(self):
+        return jsonify({'Detail': 'This view is open to users'})
+
+
+class ProtectedView(Resource):
+    def post(self):
+        data = request.get_json()
+        if data is not None:
+            try:
+                user = data['name']
+                realm = data['realm']
+                token = data['token']
+                assert(realm == config('REALM_ALLOWED'))
+                code = check_otp(user, realm, token)
+                assert(code == 200)
+            except KeyError or AssertionError:
+                response = app.response_class(response=json.dumps({'Message': 'Invalid data'}),
+                                              status=400,
+                                              mimetype='application/json')
+                return response
+
+            response = app.response_class(response=json.dumps({'data sent': data}),
+                                          status=200,
+                                          mimetype='application/json')
+            return response
+        else:
+            return app.response_class(response=json.dumps({'Message': 'invalid request'}),
+                               status=400,
+                               mimetype='application/json')
+
+
+api.add_resource(MainView, '/')
+api.add_resource(ProtectedView, '/protected')
+
+if __name__ == '__main__':
+    app.run(host='0.0.0.0')

From 71ee739fc4c10182bf9aee9ddcad7db32a774dc2 Mon Sep 17 00:00:00 2001
From: William Colmenares <colmenares.william@gmail.com>
Date: Sat, 1 Jun 2019 08:04:42 -0400
Subject: [PATCH 2/6] added requests and flask to requirements

---
 requirements.txt | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/requirements.txt b/requirements.txt
index b347564..9f2dfbb 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -2,7 +2,8 @@ pyotp>=2.2.6
 django>=2.1.2
 djangorestframework
 python-decouple>=3.1
-
+flask
+requests
 # DB
 psycopg2
 

From fdafe569fbc74a2591345fb367db57973aad564d Mon Sep 17 00:00:00 2001
From: William Colmenares <colmenares.william@gmail.com>
Date: Sat, 1 Jun 2019 08:05:11 -0400
Subject: [PATCH 3/6] Include flask in the wsgi file

---
 ungleichotpserver/wsgi.py | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/ungleichotpserver/wsgi.py b/ungleichotpserver/wsgi.py
index 1eed050..d8e0092 100644
--- a/ungleichotpserver/wsgi.py
+++ b/ungleichotpserver/wsgi.py
@@ -8,9 +8,14 @@ https://docs.djangoproject.com/en/2.1/howto/deployment/wsgi/
 """
 
 import os
-
 from django.core.wsgi import get_wsgi_application
+from flaskapp.app import app
+
+if __name__ == "__main__":
+    app.run()
 
 os.environ.setdefault('DJANGO_SETTINGS_MODULE', 'ungleichotpserver.settings')
 
 application = get_wsgi_application()
+
+

From d4d82ae1c34bb2a51a280d915731e7355c529211 Mon Sep 17 00:00:00 2001
From: William Colmenares <colmenares.william@gmail.com>
Date: Sun, 2 Jun 2019 09:00:18 -0400
Subject: [PATCH 4/6] new wsgi conf

---
 flaskapp/app.py           | 2 +-
 flaskapp/wsgi.py          | 4 ++++
 ungleichotpserver/wsgi.py | 4 ----
 3 files changed, 5 insertions(+), 5 deletions(-)
 create mode 100644 flaskapp/wsgi.py

diff --git a/flaskapp/app.py b/flaskapp/app.py
index aaf142f..19846b0 100644
--- a/flaskapp/app.py
+++ b/flaskapp/app.py
@@ -63,4 +63,4 @@ api.add_resource(MainView, '/')
 api.add_resource(ProtectedView, '/protected')
 
 if __name__ == '__main__':
-    app.run(host='0.0.0.0')
+    app.run()
diff --git a/flaskapp/wsgi.py b/flaskapp/wsgi.py
new file mode 100644
index 0000000..86ea110
--- /dev/null
+++ b/flaskapp/wsgi.py
@@ -0,0 +1,4 @@
+from flaskapp.app import app
+
+if __name__ == "__main__":
+    app.run()
diff --git a/ungleichotpserver/wsgi.py b/ungleichotpserver/wsgi.py
index d8e0092..8fc5f7e 100644
--- a/ungleichotpserver/wsgi.py
+++ b/ungleichotpserver/wsgi.py
@@ -9,10 +9,6 @@ https://docs.djangoproject.com/en/2.1/howto/deployment/wsgi/
 
 import os
 from django.core.wsgi import get_wsgi_application
-from flaskapp.app import app
-
-if __name__ == "__main__":
-    app.run()
 
 os.environ.setdefault('DJANGO_SETTINGS_MODULE', 'ungleichotpserver.settings')
 

From 170c7727e484f1b0c12cf9eddf77c544b80828c9 Mon Sep 17 00:00:00 2001
From: William Colmenares <colmenares.william@gmail.com>
Date: Wed, 5 Jun 2019 06:02:14 -0400
Subject: [PATCH 5/6] clean up catch error

---
 flaskapp/app.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/flaskapp/app.py b/flaskapp/app.py
index 19846b0..9e01226 100644
--- a/flaskapp/app.py
+++ b/flaskapp/app.py
@@ -43,7 +43,7 @@ class ProtectedView(Resource):
                 assert(realm == config('REALM_ALLOWED'))
                 code = check_otp(user, realm, token)
                 assert(code == 200)
-            except KeyError or AssertionError:
+            except (KeyError, AssertionError) as e:
                 response = app.response_class(response=json.dumps({'Message': 'Invalid data'}),
                                               status=400,
                                               mimetype='application/json')
@@ -63,4 +63,4 @@ api.add_resource(MainView, '/')
 api.add_resource(ProtectedView, '/protected')
 
 if __name__ == '__main__':
-    app.run()
+    app.run(host='::')

From b9ecd502454f9bbceb4aafc23c03c880f93b1d59 Mon Sep 17 00:00:00 2001
From: William Colmenares <colmenares.william@gmail.com>
Date: Wed, 5 Jun 2019 06:02:41 -0400
Subject: [PATCH 6/6] incude flask_restful

---
 requirements.txt | 1 +
 1 file changed, 1 insertion(+)

diff --git a/requirements.txt b/requirements.txt
index 9f2dfbb..f467678 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -3,6 +3,7 @@ django>=2.1.2
 djangorestframework
 python-decouple>=3.1
 flask
+flask_restful
 requests
 # DB
 psycopg2