Compare commits
6 Commits
Author | SHA1 | Date |
---|---|---|
wcolmenares | b9ecd50245 | |
wcolmenares | 170c7727e4 | |
wcolmenares | d4d82ae1c3 | |
wcolmenares | fdafe569fb | |
wcolmenares | 71ee739fc4 | |
wcolmenares | 95b5b173d6 |
|
@ -0,0 +1,66 @@
|
||||||
|
from flask import Flask, request, jsonify, json
|
||||||
|
from flask_restful import Resource, Api
|
||||||
|
import requests
|
||||||
|
from decouple import config
|
||||||
|
from pyotp import TOTP
|
||||||
|
|
||||||
|
app = Flask(__name__)
|
||||||
|
api = Api(app)
|
||||||
|
|
||||||
|
|
||||||
|
def check_otp(name, realm, token):
|
||||||
|
data = {
|
||||||
|
"auth_name": config('AUTH_NAME', ''),
|
||||||
|
"auth_token": TOTP(config('AUTH_SEED', '')).now(),
|
||||||
|
"auth_realm": config('AUTH_REALM', ''),
|
||||||
|
"name": name,
|
||||||
|
"realm": realm,
|
||||||
|
"token": token
|
||||||
|
}
|
||||||
|
response = requests.post(
|
||||||
|
"https://{OTP_SERVER}{OTP_VERIFY_ENDPOINT}".format(
|
||||||
|
OTP_SERVER=config('OTP_SERVER', ''),
|
||||||
|
OTP_VERIFY_ENDPOINT=config('OTP_VERIFY_ENDPOINT', '/ungleichotp/verify/')
|
||||||
|
),
|
||||||
|
data=data
|
||||||
|
)
|
||||||
|
return response.status_code
|
||||||
|
|
||||||
|
|
||||||
|
class MainView(Resource):
|
||||||
|
def get(self):
|
||||||
|
return jsonify({'Detail': 'This view is open to users'})
|
||||||
|
|
||||||
|
|
||||||
|
class ProtectedView(Resource):
|
||||||
|
def post(self):
|
||||||
|
data = request.get_json()
|
||||||
|
if data is not None:
|
||||||
|
try:
|
||||||
|
user = data['name']
|
||||||
|
realm = data['realm']
|
||||||
|
token = data['token']
|
||||||
|
assert(realm == config('REALM_ALLOWED'))
|
||||||
|
code = check_otp(user, realm, token)
|
||||||
|
assert(code == 200)
|
||||||
|
except (KeyError, AssertionError) as e:
|
||||||
|
response = app.response_class(response=json.dumps({'Message': 'Invalid data'}),
|
||||||
|
status=400,
|
||||||
|
mimetype='application/json')
|
||||||
|
return response
|
||||||
|
|
||||||
|
response = app.response_class(response=json.dumps({'data sent': data}),
|
||||||
|
status=200,
|
||||||
|
mimetype='application/json')
|
||||||
|
return response
|
||||||
|
else:
|
||||||
|
return app.response_class(response=json.dumps({'Message': 'invalid request'}),
|
||||||
|
status=400,
|
||||||
|
mimetype='application/json')
|
||||||
|
|
||||||
|
|
||||||
|
api.add_resource(MainView, '/')
|
||||||
|
api.add_resource(ProtectedView, '/protected')
|
||||||
|
|
||||||
|
if __name__ == '__main__':
|
||||||
|
app.run(host='::')
|
|
@ -0,0 +1,4 @@
|
||||||
|
from flaskapp.app import app
|
||||||
|
|
||||||
|
if __name__ == "__main__":
|
||||||
|
app.run()
|
|
@ -2,7 +2,9 @@ pyotp>=2.2.6
|
||||||
django>=2.1.2
|
django>=2.1.2
|
||||||
djangorestframework
|
djangorestframework
|
||||||
python-decouple>=3.1
|
python-decouple>=3.1
|
||||||
|
flask
|
||||||
|
flask_restful
|
||||||
|
requests
|
||||||
# DB
|
# DB
|
||||||
psycopg2
|
psycopg2
|
||||||
|
|
||||||
|
|
|
@ -8,9 +8,10 @@ https://docs.djangoproject.com/en/2.1/howto/deployment/wsgi/
|
||||||
"""
|
"""
|
||||||
|
|
||||||
import os
|
import os
|
||||||
|
|
||||||
from django.core.wsgi import get_wsgi_application
|
from django.core.wsgi import get_wsgi_application
|
||||||
|
|
||||||
os.environ.setdefault('DJANGO_SETTINGS_MODULE', 'ungleichotpserver.settings')
|
os.environ.setdefault('DJANGO_SETTINGS_MODULE', 'ungleichotpserver.settings')
|
||||||
|
|
||||||
application = get_wsgi_application()
|
application = get_wsgi_application()
|
||||||
|
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue