initial commit
This commit is contained in:
commit
227b2759c7
|
|
@ -0,0 +1,3 @@
|
|||
BASE_PREFIX=/uotp/
|
||||
ADMIN_REALM=ungleich-admin
|
||||
AUTH_REALM=ungleich-auth
|
||||
|
|
@ -0,0 +1,4 @@
|
|||
.vscode
|
||||
|
||||
.env
|
||||
client.py
|
||||
|
|
@ -0,0 +1,17 @@
|
|||
[[source]]
|
||||
name = "pypi"
|
||||
url = "https://pypi.org/simple"
|
||||
verify_ssl = true
|
||||
|
||||
[dev-packages]
|
||||
|
||||
[packages]
|
||||
flask = "*"
|
||||
flask-restful = "*"
|
||||
etcd3-wrapper-wip = {editable = true,git = "https://code.ungleich.ch/ungleich-public/etcd3_wrapper.git",ref = "wip"}
|
||||
python-decouple = "*"
|
||||
requests = "*"
|
||||
pyotp = "*"
|
||||
|
||||
[requires]
|
||||
python_version = "3.5"
|
||||
|
|
@ -0,0 +1,246 @@
|
|||
{
|
||||
"_meta": {
|
||||
"hash": {
|
||||
"sha256": "140985247e5362ad0317970c161febd85cdd856163f9269cc38d802fb8b7d3f6"
|
||||
},
|
||||
"pipfile-spec": 6,
|
||||
"requires": {
|
||||
"python_version": "3.5"
|
||||
},
|
||||
"sources": [
|
||||
{
|
||||
"name": "pypi",
|
||||
"url": "https://pypi.org/simple",
|
||||
"verify_ssl": true
|
||||
}
|
||||
]
|
||||
},
|
||||
"default": {
|
||||
"aniso8601": {
|
||||
"hashes": [
|
||||
"sha256:529dcb1f5f26ee0df6c0a1ee84b7b27197c3c50fc3a6321d66c544689237d072",
|
||||
"sha256:c033f63d028b9a58e3ab0c2c7d0532ab4bfa7452bfc788fbfe3ddabd327b181a"
|
||||
],
|
||||
"version": "==8.0.0"
|
||||
},
|
||||
"certifi": {
|
||||
"hashes": [
|
||||
"sha256:e4f3620cfea4f83eedc95b24abd9cd56f3c4b146dd0177e83a21b4eb49e21e50",
|
||||
"sha256:fd7c7c74727ddcf00e9acd26bba8da604ffec95bf1c2144e67aff7a8b50e6cef"
|
||||
],
|
||||
"version": "==2019.9.11"
|
||||
},
|
||||
"chardet": {
|
||||
"hashes": [
|
||||
"sha256:84ab92ed1c4d4f16916e05906b6b75a6c0fb5db821cc65e70cbd64a3e2a5eaae",
|
||||
"sha256:fc323ffcaeaed0e0a02bf4d117757b98aed530d9ed4531e3e15460124c106691"
|
||||
],
|
||||
"version": "==3.0.4"
|
||||
},
|
||||
"click": {
|
||||
"hashes": [
|
||||
"sha256:2335065e6395b9e67ca716de5f7526736bfa6ceead690adf616d925bdc622b13",
|
||||
"sha256:5b94b49521f6456670fdb30cd82a4eca9412788a93fa6dd6df72c94d5a8ff2d7"
|
||||
],
|
||||
"version": "==7.0"
|
||||
},
|
||||
"etcd3": {
|
||||
"hashes": [
|
||||
"sha256:25a524b9f032c6631ff0097532907dea81243eaa63c3744510fd1598cc4e0e87"
|
||||
],
|
||||
"version": "==0.10.0"
|
||||
},
|
||||
"etcd3-wrapper-wip": {
|
||||
"editable": true,
|
||||
"git": "https://code.ungleich.ch/ungleich-public/etcd3_wrapper.git",
|
||||
"ref": "76fb0bdf797199e9ea161dad1d004eea9b4520f8"
|
||||
},
|
||||
"flask": {
|
||||
"hashes": [
|
||||
"sha256:13f9f196f330c7c2c5d7a5cf91af894110ca0215ac051b5844701f2bfd934d52",
|
||||
"sha256:45eb5a6fd193d6cf7e0cf5d8a5b31f83d5faae0293695626f539a823e93b13f6"
|
||||
],
|
||||
"index": "pypi",
|
||||
"version": "==1.1.1"
|
||||
},
|
||||
"flask-restful": {
|
||||
"hashes": [
|
||||
"sha256:ecd620c5cc29f663627f99e04f17d1f16d095c83dc1d618426e2ad68b03092f8",
|
||||
"sha256:f8240ec12349afe8df1db168ea7c336c4e5b0271a36982bff7394f93275f2ca9"
|
||||
],
|
||||
"index": "pypi",
|
||||
"version": "==0.3.7"
|
||||
},
|
||||
"grpcio": {
|
||||
"hashes": [
|
||||
"sha256:0302331e014fc4bac028b6ad480b33f7abfe20b9bdcca7be417124dda8f22115",
|
||||
"sha256:0aa0cce9c5eb1261b32173a20ed42b51308d55ce28ecc2021e868b3cb90d9503",
|
||||
"sha256:0c83947575300499adbc308e986d754e7f629be0bdd9bea1ffdd5cf76e1f1eff",
|
||||
"sha256:0ca26ff968d45efd4ef73447c4d4b34322ea8c7d06fbb6907ce9e5db78f1bbcb",
|
||||
"sha256:0cf80a7955760c2498f8821880242bb657d70998065ff0d2a082de5ffce230a7",
|
||||
"sha256:0d40706e57d9833fe0e023a08b468f33940e8909affa12547874216d36bba208",
|
||||
"sha256:11872069156de34c6f3f9a1deb46cc88bc35dfde88262c4c73eb22b39b16fc55",
|
||||
"sha256:16065227faae0ab0abf1789bfb92a2cd2ab5da87630663f93f8178026da40e0d",
|
||||
"sha256:1e33778277685f6fabb22539136269c87c029e39b6321ef1a639b756a1c0a408",
|
||||
"sha256:2b16be15b1ae656bc7a36642b8c7045be2dde2048bb4b67478003e9d9db8022a",
|
||||
"sha256:3701dfca3ada27ceef0d17f728ce9dfef155ed20c57979c2b05083082258c6c1",
|
||||
"sha256:41912ecaf482abf2de74c69f509878f99223f5dd6b2de1a09c955afd4de3cf9b",
|
||||
"sha256:4332cbd20544fe7406910137590f38b5b3a1f6170258e038652cf478c639430f",
|
||||
"sha256:44068ecbdc6467c2bff4d8198816c8a2701b6dd1ec16078fceb6adc7c1f577d6",
|
||||
"sha256:53115960e37059420e2d16a4b04b00dd2ab3b6c3c67babd01ffbfdcd7881a69b",
|
||||
"sha256:6e7027bcd4070414751e2a5e60706facb98a1fc636497c9bac5442fe37b8ae6b",
|
||||
"sha256:6ff57fb2f07b7226b5bec89e8e921ea9bd220f35f11e094f2ba38f09eecd49c6",
|
||||
"sha256:73240e244d7644654bbda1f309f4911748b6a1804b7a8897ddbe8a04c90f7407",
|
||||
"sha256:785234bbc469bc75e26c868789a2080ffb30bd6e93930167797729889ad06b0b",
|
||||
"sha256:82f9d3c7f91d2d1885631335c003c5d45ae1cd69cc0bc4893f21fef50b8151bc",
|
||||
"sha256:86bdc2a965510658407a1372eb61f0c92f763fdfb2795e4d038944da4320c950",
|
||||
"sha256:95e925b56676a55e6282b3de80a1cbad5774072159779c61eac02791dface049",
|
||||
"sha256:96673bb4f14bd3263613526d1e7e33fdb38a9130e3ce87bf52314965706e1900",
|
||||
"sha256:970014205e76920484679035b6fb4b16e02fc977e5aac4d22025da849c79dab9",
|
||||
"sha256:ace5e8bf11a1571f855f5dab38a9bd34109b6c9bc2864abf24a597598c7e3695",
|
||||
"sha256:ad375f03eb3b9cb75a24d91eab8609e134d34605f199efc41e20dd642bdac855",
|
||||
"sha256:b819c4c7dcf0de76788ce5f95daad6d4e753d6da2b6a5f84e5bb5b5ce95fddc4",
|
||||
"sha256:c17943fd340cbd906db49f3f03c7545e5a66b617e8348b2c7a0d2c759d216af1",
|
||||
"sha256:d21247150dea86dabd3b628d8bc4b563036db3d332b3f4db3c5b1b0b122cb4f6",
|
||||
"sha256:d4d500a7221116de9767229ff5dd10db91f789448d85befb0adf5a37b0cd83b5",
|
||||
"sha256:e2a942a3cfccbbca21a90c144867112698ef36486345c285da9e98c466f22b22",
|
||||
"sha256:e983273dca91cb8a5043bc88322eb48e2b8d4e4998ff441a1ee79ced89db3909"
|
||||
],
|
||||
"version": "==1.24.1"
|
||||
},
|
||||
"idna": {
|
||||
"hashes": [
|
||||
"sha256:c357b3f628cf53ae2c4c05627ecc484553142ca23264e593d327bcde5e9c3407",
|
||||
"sha256:ea8b7f6188e6fa117537c3df7da9fc686d485087abf6ac197f9c46432f7e4a3c"
|
||||
],
|
||||
"version": "==2.8"
|
||||
},
|
||||
"itsdangerous": {
|
||||
"hashes": [
|
||||
"sha256:321b033d07f2a4136d3ec762eac9f16a10ccd60f53c0c91af90217ace7ba1f19",
|
||||
"sha256:b12271b2047cb23eeb98c8b5622e2e5c5e9abd9784a153e9d8ef9cb4dd09d749"
|
||||
],
|
||||
"version": "==1.1.0"
|
||||
},
|
||||
"jinja2": {
|
||||
"hashes": [
|
||||
"sha256:74320bb91f31270f9551d46522e33af46a80c3d619f4a4bf42b3164d30b5911f",
|
||||
"sha256:9fe95f19286cfefaa917656583d020be14e7859c6b0252588391e47db34527de"
|
||||
],
|
||||
"version": "==2.10.3"
|
||||
},
|
||||
"markupsafe": {
|
||||
"hashes": [
|
||||
"sha256:00bc623926325b26bb9605ae9eae8a215691f33cae5df11ca5424f06f2d1f473",
|
||||
"sha256:09027a7803a62ca78792ad89403b1b7a73a01c8cb65909cd876f7fcebd79b161",
|
||||
"sha256:09c4b7f37d6c648cb13f9230d847adf22f8171b1ccc4d5682398e77f40309235",
|
||||
"sha256:1027c282dad077d0bae18be6794e6b6b8c91d58ed8a8d89a89d59693b9131db5",
|
||||
"sha256:24982cc2533820871eba85ba648cd53d8623687ff11cbb805be4ff7b4c971aff",
|
||||
"sha256:29872e92839765e546828bb7754a68c418d927cd064fd4708fab9fe9c8bb116b",
|
||||
"sha256:43a55c2930bbc139570ac2452adf3d70cdbb3cfe5912c71cdce1c2c6bbd9c5d1",
|
||||
"sha256:46c99d2de99945ec5cb54f23c8cd5689f6d7177305ebff350a58ce5f8de1669e",
|
||||
"sha256:500d4957e52ddc3351cabf489e79c91c17f6e0899158447047588650b5e69183",
|
||||
"sha256:535f6fc4d397c1563d08b88e485c3496cf5784e927af890fb3c3aac7f933ec66",
|
||||
"sha256:62fe6c95e3ec8a7fad637b7f3d372c15ec1caa01ab47926cfdf7a75b40e0eac1",
|
||||
"sha256:6dd73240d2af64df90aa7c4e7481e23825ea70af4b4922f8ede5b9e35f78a3b1",
|
||||
"sha256:717ba8fe3ae9cc0006d7c451f0bb265ee07739daf76355d06366154ee68d221e",
|
||||
"sha256:79855e1c5b8da654cf486b830bd42c06e8780cea587384cf6545b7d9ac013a0b",
|
||||
"sha256:7c1699dfe0cf8ff607dbdcc1e9b9af1755371f92a68f706051cc8c37d447c905",
|
||||
"sha256:88e5fcfb52ee7b911e8bb6d6aa2fd21fbecc674eadd44118a9cc3863f938e735",
|
||||
"sha256:8defac2f2ccd6805ebf65f5eeb132adcf2ab57aa11fdf4c0dd5169a004710e7d",
|
||||
"sha256:98c7086708b163d425c67c7a91bad6e466bb99d797aa64f965e9d25c12111a5e",
|
||||
"sha256:9add70b36c5666a2ed02b43b335fe19002ee5235efd4b8a89bfcf9005bebac0d",
|
||||
"sha256:9bf40443012702a1d2070043cb6291650a0841ece432556f784f004937f0f32c",
|
||||
"sha256:ade5e387d2ad0d7ebf59146cc00c8044acbd863725f887353a10df825fc8ae21",
|
||||
"sha256:b00c1de48212e4cc9603895652c5c410df699856a2853135b3967591e4beebc2",
|
||||
"sha256:b1282f8c00509d99fef04d8ba936b156d419be841854fe901d8ae224c59f0be5",
|
||||
"sha256:b2051432115498d3562c084a49bba65d97cf251f5a331c64a12ee7e04dacc51b",
|
||||
"sha256:ba59edeaa2fc6114428f1637ffff42da1e311e29382d81b339c1817d37ec93c6",
|
||||
"sha256:c8716a48d94b06bb3b2524c2b77e055fb313aeb4ea620c8dd03a105574ba704f",
|
||||
"sha256:cd5df75523866410809ca100dc9681e301e3c27567cf498077e8551b6d20e42f",
|
||||
"sha256:e249096428b3ae81b08327a63a485ad0878de3fb939049038579ac0ef61e17e7"
|
||||
],
|
||||
"version": "==1.1.1"
|
||||
},
|
||||
"protobuf": {
|
||||
"hashes": [
|
||||
"sha256:125713564d8cfed7610e52444c9769b8dcb0b55e25cc7841f2290ee7bc86636f",
|
||||
"sha256:1accdb7a47e51503be64d9a57543964ba674edac103215576399d2d0e34eac77",
|
||||
"sha256:27003d12d4f68e3cbea9eb67427cab3bfddd47ff90670cb367fcd7a3a89b9657",
|
||||
"sha256:3264f3c431a631b0b31e9db2ae8c927b79fc1a7b1b06b31e8e5bcf2af91fe896",
|
||||
"sha256:3c5ab0f5c71ca5af27143e60613729e3488bb45f6d3f143dc918a20af8bab0bf",
|
||||
"sha256:45dcf8758873e3f69feab075e5f3177270739f146255225474ee0b90429adef6",
|
||||
"sha256:56a77d61a91186cc5676d8e11b36a5feb513873e4ae88d2ee5cf530d52bbcd3b",
|
||||
"sha256:5984e4947bbcef5bd849d6244aec507d31786f2dd3344139adc1489fb403b300",
|
||||
"sha256:6b0441da73796dd00821763bb4119674eaf252776beb50ae3883bed179a60b2a",
|
||||
"sha256:6f6677c5ade94d4fe75a912926d6796d5c71a2a90c2aeefe0d6f211d75c74789",
|
||||
"sha256:84a825a9418d7196e2acc48f8746cf1ee75877ed2f30433ab92a133f3eaf8fbe",
|
||||
"sha256:b842c34fe043ccf78b4a6cf1019d7b80113707d68c88842d061fa2b8fb6ddedc",
|
||||
"sha256:ca33d2f09dae149a1dcf942d2d825ebb06343b77b437198c9e2ef115cf5d5bc1",
|
||||
"sha256:db83b5c12c0cd30150bb568e6feb2435c49ce4e68fe2d7b903113f0e221e58fe",
|
||||
"sha256:f50f3b1c5c1c1334ca7ce9cad5992f098f460ffd6388a3cabad10b66c2006b09",
|
||||
"sha256:f99f127909731cafb841c52f9216e447d3e4afb99b17bebfad327a75aee206de"
|
||||
],
|
||||
"version": "==3.10.0"
|
||||
},
|
||||
"pyotp": {
|
||||
"hashes": [
|
||||
"sha256:c88f37fd47541a580b744b42136f387cdad481b560ef410c0d85c957eb2a2bc0",
|
||||
"sha256:fc537e8acd985c5cbf51e11b7d53c42276fee017a73aec7c07380695671ca1a1"
|
||||
],
|
||||
"index": "pypi",
|
||||
"version": "==2.3.0"
|
||||
},
|
||||
"python-decouple": {
|
||||
"hashes": [
|
||||
"sha256:1317df14b43efee4337a4aa02914bf004f010cd56d6c4bd894e6474ec8c4fe2d"
|
||||
],
|
||||
"index": "pypi",
|
||||
"version": "==3.1"
|
||||
},
|
||||
"pytz": {
|
||||
"hashes": [
|
||||
"sha256:1c557d7d0e871de1f5ccd5833f60fb2550652da6be2693c1e02300743d21500d",
|
||||
"sha256:b02c06db6cf09c12dd25137e563b31700d3b80fcc4ad23abb7a315f2789819be"
|
||||
],
|
||||
"version": "==2019.3"
|
||||
},
|
||||
"requests": {
|
||||
"hashes": [
|
||||
"sha256:11e007a8a2aa0323f5a921e9e6a2d7e4e67d9877e85773fba9ba6419025cbeb4",
|
||||
"sha256:9cf5292fcd0f598c671cfc1e0d7d1a7f13bb8085e9a590f48c010551dc6c4b31"
|
||||
],
|
||||
"index": "pypi",
|
||||
"version": "==2.22.0"
|
||||
},
|
||||
"six": {
|
||||
"hashes": [
|
||||
"sha256:3350809f0555b11f552448330d0b52d5f24c91a322ea4a15ef22629740f3761c",
|
||||
"sha256:d16a0141ec1a18405cd4ce8b4613101da75da0e9a7aec5bdd4fa804d0e0eba73"
|
||||
],
|
||||
"version": "==1.12.0"
|
||||
},
|
||||
"tenacity": {
|
||||
"hashes": [
|
||||
"sha256:6a7511a59145c2e319b7d04ddd93c12d48cc3d3c8fa42c2846d33a620ee91f57",
|
||||
"sha256:a4eb168dbf55ed2cae27e7c6b2bd48ab54dabaf294177d998330cf59f294c112"
|
||||
],
|
||||
"version": "==5.1.1"
|
||||
},
|
||||
"urllib3": {
|
||||
"hashes": [
|
||||
"sha256:3de946ffbed6e6746608990594d08faac602528ac7015ac28d33cee6a45b7398",
|
||||
"sha256:9a107b99a5393caf59c7aa3c1249c16e6879447533d0887f4336dde834c7be86"
|
||||
],
|
||||
"version": "==1.25.6"
|
||||
},
|
||||
"werkzeug": {
|
||||
"hashes": [
|
||||
"sha256:7280924747b5733b246fe23972186c6b348f9ae29724135a6dfc1e53cea433e7",
|
||||
"sha256:e5f4a1f98b52b18a93da705a7458e55afb26f32bff83ff5d19189f92462d65c4"
|
||||
],
|
||||
"version": "==0.16.0"
|
||||
}
|
||||
},
|
||||
"develop": {}
|
||||
}
|
||||
|
|
@ -0,0 +1,125 @@
|
|||
import pyotp
|
||||
import decouple
|
||||
from os.path import join
|
||||
|
||||
from flask import Flask, request
|
||||
from flask_restful import Resource, Api
|
||||
from schemas import OTPSchema, CreateOTPSchema
|
||||
|
||||
from config import etcd_client
|
||||
from helper import is_valid_otp
|
||||
|
||||
app = Flask(__name__)
|
||||
api = Api(app)
|
||||
|
||||
def create_admin_if_dont_exists(etcd_client):
|
||||
_key = join(
|
||||
decouple.config('BASE_PREFIX'),
|
||||
decouple.config('ADMIN_REALM'),
|
||||
'admin',
|
||||
)
|
||||
if etcd_client.get(_key) is None:
|
||||
print('admin does not exists!. So, creating one')
|
||||
_value = {
|
||||
'seed': pyotp.random_base32(),
|
||||
}
|
||||
etcd_client.put(_key, _value, value_in_json=True)
|
||||
|
||||
|
||||
|
||||
create_admin_if_dont_exists(etcd_client)
|
||||
|
||||
|
||||
class Verify(Resource):
|
||||
@staticmethod
|
||||
def get():
|
||||
data = request.json
|
||||
schema = OTPSchema(data)
|
||||
if schema.is_valid():
|
||||
return {'message': 'Verified'}, 200
|
||||
else:
|
||||
return schema.get_errors(), 400
|
||||
|
||||
# try:
|
||||
# name = data['name']
|
||||
# realm = data['realm']
|
||||
# token = data['token']
|
||||
|
||||
# auth_name = data['auth-name']
|
||||
# auth_realm = data['auth-realm']
|
||||
# auth_token = data['auth-token']
|
||||
# except Exception:
|
||||
# return {
|
||||
# "message": "Your provided data is not correct."
|
||||
# }
|
||||
# else:
|
||||
# if is_valid_otp(auth_name, auth_realm, auth_token):
|
||||
# _key = join(decouple.config("BASE_PREFIX"), realm, name)
|
||||
# entry = etcd_client.get(_key, value_in_json=True)
|
||||
# if entry:
|
||||
# totp = pyotp.TOTP(entry.value['seed'])
|
||||
# try:
|
||||
# is_token_valid = totp.verify(token)
|
||||
# except:
|
||||
# return {'message': 'Invalid Data'}, 400
|
||||
# else:
|
||||
# if is_token_valid:
|
||||
# return {'message': 'Verified'}, 200
|
||||
# else:
|
||||
# return {'message': 'Invalid token'}, 400
|
||||
# else:
|
||||
# return {"message": "No such Account Found"}, 400
|
||||
# else:
|
||||
# return {'message': 'Invalid Auth Credentials'}, 400
|
||||
|
||||
|
||||
class Create(Resource):
|
||||
@staticmethod
|
||||
def post():
|
||||
data = request.json
|
||||
|
||||
schema = CreateOTPSchema(data)
|
||||
if schema.is_valid():
|
||||
_key = join(decouple.config('BASE_PREFIX'), data['realm'], data['name'])
|
||||
|
||||
if etcd_client.get(_key) is None:
|
||||
_value = {
|
||||
'seed': pyotp.random_base32(),
|
||||
}
|
||||
etcd_client.put(_key, _value, value_in_json=True)
|
||||
return {'message': 'Account Created\n'
|
||||
'name: {}, realm: {}, seed: {}'.format(data['name'],data['realm'], _value['seed'])}
|
||||
else:
|
||||
return schema.get_errors()
|
||||
# try:
|
||||
# name = data['name']
|
||||
# realm = data['realm']
|
||||
# admin_name = data['admin-name']
|
||||
# admin_realm = data['admin-realm']
|
||||
# admin_token = data['admin-token']
|
||||
# except Exception:
|
||||
# return {'message': 'Invalid Data'}, 400
|
||||
# else:
|
||||
# if admin_realm == decouple.config('ADMIN_REALM'):
|
||||
# if is_valid_otp(admin_name, admin_realm, admin_token):
|
||||
# _key = join(decouple.config('BASE_PREFIX'), realm, name)
|
||||
|
||||
# if etcd_client.get(_key) is None:
|
||||
# _value = {
|
||||
# 'seed': pyotp.random_base32(),
|
||||
# }
|
||||
# etcd_client.put(_key, _value, value_in_json=True)
|
||||
# return {'message': 'Account Created\n'
|
||||
# 'name: {}, realm: {}, seed: {}'.format(name, realm, _value['seed'])}
|
||||
# else:
|
||||
# return {'message': 'Account already exists'}, 400
|
||||
# else:
|
||||
# return {'message': 'Invalid Admin OTP Credentials'}
|
||||
# else:
|
||||
# return {'message': 'Admin must be from {} realm'.format(decouple.config('ADMIN_REALM'))}
|
||||
|
||||
api.add_resource(Verify, "/verify")
|
||||
api.add_resource(Create, "/create")
|
||||
|
||||
if __name__ == "__main__":
|
||||
app.run(debug=True)
|
||||
|
|
@ -0,0 +1,4 @@
|
|||
from etcd3_wrapper import Etcd3Wrapper
|
||||
from decouple import config
|
||||
|
||||
etcd_client = Etcd3Wrapper()
|
||||
|
|
@ -0,0 +1,19 @@
|
|||
import pyotp
|
||||
|
||||
from decouple import config
|
||||
from os.path import join
|
||||
|
||||
|
||||
def is_valid_otp(etcd_client, name, realm, token):
|
||||
_key = join(config("BASE_PREFIX"), realm, name)
|
||||
entry = etcd_client.get(_key, value_in_json=True)
|
||||
if entry:
|
||||
totp = pyotp.TOTP(entry.value['seed'])
|
||||
try:
|
||||
is_token_valid = totp.verify(token)
|
||||
except:
|
||||
return False
|
||||
else:
|
||||
return is_token_valid
|
||||
|
||||
return False
|
||||
|
|
@ -0,0 +1,154 @@
|
|||
import json
|
||||
import decouple
|
||||
import pyotp
|
||||
|
||||
from os.path import join
|
||||
|
||||
from helper import is_valid_otp
|
||||
from config import etcd_client
|
||||
class Field:
|
||||
def __init__(self, _name, _type, _value=None):
|
||||
self.name = _name
|
||||
self.value = _value
|
||||
self.type = _type
|
||||
self.__errors = []
|
||||
|
||||
def validation(self):
|
||||
return True
|
||||
|
||||
def is_valid(self):
|
||||
if self.value == KeyError:
|
||||
self.add_error("'{}' field is a required field".format(self.name))
|
||||
else:
|
||||
if not isinstance(self.value, self.type):
|
||||
self.add_error("Incorrect Type for '{}' field".format(self.name))
|
||||
else:
|
||||
self.validation()
|
||||
|
||||
if self.__errors:
|
||||
return False
|
||||
return True
|
||||
|
||||
def get_errors(self):
|
||||
return self.__errors
|
||||
|
||||
def add_error(self, error):
|
||||
self.__errors.append(error)
|
||||
|
||||
class BaseSchema:
|
||||
def __init__(self, data, fields=None):
|
||||
_ = data # suppress linter warning
|
||||
self.__errors = []
|
||||
if fields is None:
|
||||
self.fields = []
|
||||
else:
|
||||
self.fields = fields
|
||||
|
||||
def validation(self):
|
||||
# custom validation is optional
|
||||
return True
|
||||
|
||||
def is_valid(self):
|
||||
for field in self.fields:
|
||||
field.is_valid()
|
||||
self.add_field_errors(field)
|
||||
|
||||
for parent in self.__class__.__bases__:
|
||||
try:
|
||||
parent.validation(self)
|
||||
except AttributeError:
|
||||
pass
|
||||
if not self.__errors:
|
||||
self.validation()
|
||||
|
||||
if self.__errors:
|
||||
return False
|
||||
return True
|
||||
|
||||
def get_errors(self):
|
||||
return {"message": self.__errors}
|
||||
|
||||
def add_field_errors(self, field: Field):
|
||||
self.__errors += field.get_errors()
|
||||
|
||||
def add_error(self, error):
|
||||
self.__errors.append(error)
|
||||
|
||||
class OTPSchema(BaseSchema):
|
||||
def __init__(self, data: dict, fields=None):
|
||||
self.name = Field("name", str, data.get("name", KeyError))
|
||||
self.realm = Field("realm", str, data.get("realm", KeyError))
|
||||
self.token = Field("token", str, data.get("token", KeyError))
|
||||
|
||||
self.auth_name = Field("auth-name", str,
|
||||
data.get("auth-name", KeyError))
|
||||
self.auth_realm = Field("auth-realm", str,
|
||||
data.get("auth-realm", KeyError))
|
||||
self.auth_token = Field("auth-token", str,
|
||||
data.get("auth-token", KeyError))
|
||||
self.auth_realm.validation = self.auth_realm_validation
|
||||
_fields = [self.name, self.realm, self.token,
|
||||
self.auth_name, self.auth_realm,
|
||||
self.auth_token]
|
||||
if fields:
|
||||
_fields += fields
|
||||
super().__init__(data=data, fields=_fields)
|
||||
|
||||
|
||||
def auth_realm_validation(self):
|
||||
if self.auth_realm.value != decouple.config("AUTH_REALM"):
|
||||
self.add_error(
|
||||
"Authentication realm must be {}".format(decouple.config("AUTH_REALM"))
|
||||
)
|
||||
def validation(self):
|
||||
if is_valid_otp(etcd_client, self.auth_name.value,
|
||||
self.auth_realm.value, self.auth_token.value):
|
||||
|
||||
if is_valid_otp(etcd_client, self.name.value,
|
||||
self.realm.value, self.token.value):
|
||||
_key = join(decouple.config("BASE_PREFIX"),
|
||||
self.realm.value, self.name.value)
|
||||
entry = etcd_client.get(_key, value_in_json=True)
|
||||
if not entry:
|
||||
self.add_error("No such Account Found")
|
||||
else:
|
||||
self.add_error("Invalid OTP Credentials")
|
||||
else:
|
||||
self.add_error("Invalid Auth Credentials")
|
||||
|
||||
|
||||
class CreateOTPSchema(BaseSchema):
|
||||
def __init__(self, data: dict, fields=None):
|
||||
self.name = Field("name", str, data.get("name", KeyError))
|
||||
self.realm = Field("realm", str, data.get("realm", KeyError))
|
||||
|
||||
self.admin_name = Field("admin-name", str,
|
||||
data.get("admin-name", KeyError))
|
||||
self.admin_realm = Field("admin-realm", str,
|
||||
data.get("admin-realm", KeyError))
|
||||
self.admin_token = Field("admin-token", str,
|
||||
data.get("admin-token", KeyError))
|
||||
|
||||
self.admin_realm.validation = self.admin_realm_validation
|
||||
_fields = [self.name, self.realm,
|
||||
self.admin_name, self.admin_realm,
|
||||
self.admin_token]
|
||||
if fields:
|
||||
_fields += fields
|
||||
super().__init__(data=data, fields=_fields)
|
||||
|
||||
def admin_realm_validation(self):
|
||||
if self.admin_realm.value != decouple.config("ADMIN_REALM"):
|
||||
self.add_field_errors(
|
||||
'Admin must be from {} realm'.format(decouple.config('ADMIN_REALM'))
|
||||
)
|
||||
def validation(self):
|
||||
if is_valid_otp(etcd_client, self.admin_name.value,
|
||||
self.admin_realm.value, self.admin_token.value):
|
||||
|
||||
_key = join(decouple.config("BASE_PREFIX"),
|
||||
self.realm.value, self.name.value)
|
||||
if etcd_client.get(_key):
|
||||
self.add_error("Account already exists")
|
||||
else:
|
||||
self.add_error("Invalid Admin OTP Credentials")
|
||||
Loading…
Reference in New Issue