rest interface for retrieve-create users seed

2019-05-05 16:44:02 -04:00 · 2019-05-05 16:44:02 -04:00 · 200699486a
parent 503e31cc69
commit 200699486a
2 changed files with 47 additions and 1 deletions
--- a/dal/urls.py
+++ b/dal/urls.py
@ -14,7 +14,8 @@ from .views import (
    LogOut,
    ResetRequest,
    UserCreateAPI,
-    ActivateAccount
+    ActivateAccount,
+    SeedRetrieveCreate
 )

 urlpatterns = [
@ -29,5 +30,6 @@ urlpatterns = [
    path('reset/<str:user>/<str:token>/', ResetRequest.as_view()),
    path('activate/<str:user>/<str:pwd>/<str:firstname>/<str:lastname>/<str:email>/<str:token>/', ActivateAccount.as_view()),
    path('reset/', ResetRequest.as_view(), name="reset"),
+    path('otp/', SeedRetrieveCreate.as_view(), name="seed"),
    path('', Index.as_view(), name="login_index"),
 ]
--- a/dal/views.py
+++ b/dal/views.py
@ -14,6 +14,8 @@ from rest_framework.response import Response
 from .models import ResetToken
 from .forms import LoginForm
 from .ungleich_ldap import LdapManager
+from decouple import config, Csv
+from pyotp import TOTP

 import logging

@ -26,6 +28,8 @@ from datetime import datetime

 from random import choice, randint
 import string
+import requests
+import json

 from django.conf import settings
 from django.contrib.auth.mixins import LoginRequiredMixin
@ -606,3 +610,43 @@ class UserCreateAPI(APIView):
        except:
            return Response('Failed to send the email', 201)
        return Response('Email with activation link successfully sent', 200)
+
+
+class SeedRetrieveCreate(APIView):
+    def post(self, request):
+        try:
+            username = request.data['username']
+            password = request.data['password']
+            realm = request.data['realm']
+        except KeyError:
+            return Response('You need to specify username, password, and realm values', 400)
+        # authenticate the user against ldap
+        user = authenticate(username=username, password=password)
+        if user is not None:
+            req = requests.get(config('OTPSERVER'), data=json.dumps(
+                {
+                    'auth_token': TOTP(config('ADMIN_SEED')).now,
+                    'auth_name': config('ADMIN_NAME'),
+                    'auth_realm': 'ungleich-admin'}), headers={'Content-Type': 'application/json'})
+            response_data = json.loads(req)
+            for elem in response_data:
+                if elem['name'] == username and elem['realm'] == realm:
+                    return Response('Your {} seed is {}'.format(realm, elem['seed']), 200)
+            # If doesn't find a match then check if the realm is allowed and create the user
+            allowed_realms = config('ALLOWED_REALMS', cast=Csv())
+            if realm not in allowed_realms:
+                return Response('Not allowed to perform this action.', 403)
+            else:
+                req = requests.post(config('OTPSERVER'), data=json.dumps(
+                    {
+                        'auth_token': TOTP(config('ADMIN_SEED')).now,
+                        'auth_name': config('ADMIN_NAME'),
+                        'auth_realm': 'ungleich-admin',
+                        'name': username,
+                        'realm': realm
+                    }), headers={'Content-Type': 'application/json'})
+                if req.status_code == 201:
+                    msg = json.loads(req.text)
+                    return Response(msg, 201)
+                else:
+                    return Response(json.loads(req.text))