ungleich-otp/otpauth/models.py

from django.db import models
from django.contrib.auth.models import AbstractUser
from rest_framework import exceptions
from rest_framework import authentication


class OTPSeed(AbstractUser):
    id       = models.AutoField(primary_key=True)
    name     = models.CharField(max_length=128)
    realm    = models.CharField(max_length=128)
    seed     = models.CharField(max_length=128)

    class Meta:
        unique_together = (('name', 'realm'),)

    def save(self, *args, **kwargs):
        """
        inject username to ensure it stays unique / is setup at all
        """
        self.username = "{}@{}".format(self.name, self.realm)
        super().save(*args, **kwargs)

    def __str__(self):
        return "'{}'@{} -- {}".format(self.name, self.realm, self.username)

from otpauth.serializer import TokenSerializer

class OTPAuthentication(authentication.BaseAuthentication):
    def authenticate(self, request):
        serializer = TokenSerializer(data=request.data)

        if serializer.is_valid():
            instance, token = serializer.save()
        else:
            raise exceptions.AuthenticationFailed()

        # not dealing with admin realm -> can only be auth [see serializer]
        if not instance.realm == "ungleich-admin":
            if not request.path == "/ungleichotp/verify/":
                raise exceptions.AuthenticationFailed()

        # print("AUTH DONE: {} - {}".format(request.path, instance))
        return (instance, token)