diff --git a/dal/views.py b/dal/views.py index 9a66a9f..7e74e3f 100644 --- a/dal/views.py +++ b/dal/views.py @@ -18,7 +18,6 @@ from decouple import config, Csv from pyotp import TOTP import logging - logger = logging.getLogger(__name__) # Imports for the extra stuff not in django @@ -623,12 +622,18 @@ class SeedRetrieveCreate(APIView): # authenticate the user against ldap user = authenticate(username=username, password=password) if user is not None: - req = requests.get(config('OTPSERVER'), data=json.dumps( + admin_seed = config('ADMIN_SEED') + admin_name = config('ADMIN_NAME') + otp_url = config('OTPSERVER') + + req = requests.get(otp_url, data=json.dumps( { - 'auth_token': TOTP(config('ADMIN_SEED')).now, - 'auth_name': config('ADMIN_NAME'), + 'auth_token': TOTP(admin_seed).now(), + 'auth_name': admin_name, 'auth_realm': 'ungleich-admin'}), headers={'Content-Type': 'application/json'}) - response_data = json.loads(req) + + response_data = json.loads(req.text) + for elem in response_data: if elem['name'] == username and elem['realm'] == realm: return Response('Your {} seed is {}'.format(realm, elem['seed']), 200) @@ -637,10 +642,10 @@ class SeedRetrieveCreate(APIView): if realm not in allowed_realms: return Response('Not allowed to perform this action.', 403) else: - req = requests.post(config('OTPSERVER'), data=json.dumps( + req = requests.post(otp_url, data=json.dumps( { - 'auth_token': TOTP(config('ADMIN_SEED')).now, - 'auth_name': config('ADMIN_NAME'), + 'auth_token': TOTP(admin_seed).now(), + 'auth_name': admin_name, 'auth_realm': 'ungleich-admin', 'name': username, 'realm': realm @@ -649,4 +654,7 @@ class SeedRetrieveCreate(APIView): msg = json.loads(req.text) return Response(msg, 201) else: - return Response(json.loads(req.text)) + return Response(json.loads(req.text), req.status_code) + + else: + return Response('Invalid Credentials', 400) \ No newline at end of file