From 200699486ad03849eb5fc7a804ad04f26670b965 Mon Sep 17 00:00:00 2001
From: William Colmenares <colmenares.william@gmail.com>
Date: Sun, 5 May 2019 16:44:02 -0400
Subject: [PATCH] rest interface for retrieve-create users seed

---
 dal/urls.py  |  4 +++-
 dal/views.py | 44 ++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 47 insertions(+), 1 deletion(-)

diff --git a/dal/urls.py b/dal/urls.py
index 394a8ba..6142eab 100644
--- a/dal/urls.py
+++ b/dal/urls.py
@@ -14,7 +14,8 @@ from .views import (
     LogOut,
     ResetRequest,
     UserCreateAPI,
-    ActivateAccount
+    ActivateAccount,
+    SeedRetrieveCreate
 )
 
 urlpatterns = [
@@ -29,5 +30,6 @@ urlpatterns = [
     path('reset/<str:user>/<str:token>/', ResetRequest.as_view()),
     path('activate/<str:user>/<str:pwd>/<str:firstname>/<str:lastname>/<str:email>/<str:token>/', ActivateAccount.as_view()),
     path('reset/', ResetRequest.as_view(), name="reset"),
+    path('otp/', SeedRetrieveCreate.as_view(), name="seed"),
     path('', Index.as_view(), name="login_index"),
 ]
\ No newline at end of file
diff --git a/dal/views.py b/dal/views.py
index f2d8b62..9a66a9f 100644
--- a/dal/views.py
+++ b/dal/views.py
@@ -14,6 +14,8 @@ from rest_framework.response import Response
 from .models import ResetToken
 from .forms import LoginForm
 from .ungleich_ldap import LdapManager
+from decouple import config, Csv
+from pyotp import TOTP
 
 import logging
 
@@ -26,6 +28,8 @@ from datetime import datetime
 
 from random import choice, randint
 import string
+import requests
+import json
 
 from django.conf import settings
 from django.contrib.auth.mixins import LoginRequiredMixin
@@ -606,3 +610,43 @@ class UserCreateAPI(APIView):
         except:
             return Response('Failed to send the email', 201)
         return Response('Email with activation link successfully sent', 200)
+
+
+class SeedRetrieveCreate(APIView):
+    def post(self, request):
+        try:
+            username = request.data['username']
+            password = request.data['password']
+            realm = request.data['realm']
+        except KeyError:
+            return Response('You need to specify username, password, and realm values', 400)
+        # authenticate the user against ldap
+        user = authenticate(username=username, password=password)
+        if user is not None:
+            req = requests.get(config('OTPSERVER'), data=json.dumps(
+                {
+                    'auth_token': TOTP(config('ADMIN_SEED')).now,
+                    'auth_name': config('ADMIN_NAME'),
+                    'auth_realm': 'ungleich-admin'}), headers={'Content-Type': 'application/json'})
+            response_data = json.loads(req)
+            for elem in response_data:
+                if elem['name'] == username and elem['realm'] == realm:
+                    return Response('Your {} seed is {}'.format(realm, elem['seed']), 200)
+            # If doesn't find a match then check if the realm is allowed and create the user
+            allowed_realms = config('ALLOWED_REALMS', cast=Csv())
+            if realm not in allowed_realms:
+                return Response('Not allowed to perform this action.', 403)
+            else:
+                req = requests.post(config('OTPSERVER'), data=json.dumps(
+                    {
+                        'auth_token': TOTP(config('ADMIN_SEED')).now,
+                        'auth_name': config('ADMIN_NAME'),
+                        'auth_realm': 'ungleich-admin',
+                        'name': username,
+                        'realm': realm
+                    }), headers={'Content-Type': 'application/json'})
+                if req.status_code == 201:
+                    msg = json.loads(req.text)
+                    return Response(msg, 201)
+                else:
+                    return Response(json.loads(req.text))