ungleich-public
/
ungleich-user
6
0
Fork 0
Code Issues 1 Pull Requests Projects Releases Wiki Activity

fix show message error when not valid credentials

This commit is contained in:
wcolmenares 2019-05-05 18:12:43 -04:00
parent 54aa8f474e
commit 9711dc1ecc
1 changed files with 17 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
dal/views.py
View File

@ -18,7 +18,6 @@ from decouple import config, Csv
from pyotp import TOTP from pyotp import TOTP
import logging import logging
logger = logging.getLogger(__name__) logger = logging.getLogger(__name__)
# Imports for the extra stuff not in django # Imports for the extra stuff not in django
@ -623,12 +622,18 @@ class SeedRetrieveCreate(APIView):
# authenticate the user against ldap # authenticate the user against ldap
user = authenticate(username=username, password=password) user = authenticate(username=username, password=password)
if user is not None: if user is not None:
req = requests.get(config('OTPSERVER'), data=json.dumps( admin_seed = config('ADMIN_SEED')
admin_name = config('ADMIN_NAME')
otp_url = config('OTPSERVER')
req = requests.get(otp_url, data=json.dumps(
{ {
'auth_token': TOTP(config('ADMIN_SEED')).now, 'auth_token': TOTP(admin_seed).now(),
'auth_name': config('ADMIN_NAME'), 'auth_name': admin_name,
'auth_realm': 'ungleich-admin'}), headers={'Content-Type': 'application/json'}) 'auth_realm': 'ungleich-admin'}), headers={'Content-Type': 'application/json'})
response_data = json.loads(req)
response_data = json.loads(req.text)
for elem in response_data: for elem in response_data:
if elem['name'] == username and elem['realm'] == realm: if elem['name'] == username and elem['realm'] == realm:
return Response('Your {} seed is {}'.format(realm, elem['seed']), 200) return Response('Your {} seed is {}'.format(realm, elem['seed']), 200)
@ -637,10 +642,10 @@ class SeedRetrieveCreate(APIView):
if realm not in allowed_realms: if realm not in allowed_realms:
return Response('Not allowed to perform this action.', 403) return Response('Not allowed to perform this action.', 403)
else: else:
req = requests.post(config('OTPSERVER'), data=json.dumps( req = requests.post(otp_url, data=json.dumps(
{ {
'auth_token': TOTP(config('ADMIN_SEED')).now, 'auth_token': TOTP(admin_seed).now(),
'auth_name': config('ADMIN_NAME'), 'auth_name': admin_name,
'auth_realm': 'ungleich-admin', 'auth_realm': 'ungleich-admin',
'name': username, 'name': username,
'realm': realm 'realm': realm
@ -649,4 +654,7 @@ class SeedRetrieveCreate(APIView):
msg = json.loads(req.text) msg = json.loads(req.text)
return Response(msg, 201) return Response(msg, 201)
else: else:
return Response(json.loads(req.text)) return Response(json.loads(req.text), req.status_code)
else:
return Response('Invalid Credentials', 400)