initial commit

This commit is contained in:
ahmadbilalkhalid 2019-10-07 22:13:42 +05:00
commit 227b2759c7
8 changed files with 572 additions and 0 deletions

3
.env.sample Normal file
View file

@ -0,0 +1,3 @@
BASE_PREFIX=/uotp/
ADMIN_REALM=ungleich-admin
AUTH_REALM=ungleich-auth

4
.gitignore vendored Normal file
View file

@ -0,0 +1,4 @@
.vscode
.env
client.py

17
Pipfile Normal file
View file

@ -0,0 +1,17 @@
[[source]]
name = "pypi"
url = "https://pypi.org/simple"
verify_ssl = true
[dev-packages]
[packages]
flask = "*"
flask-restful = "*"
etcd3-wrapper-wip = {editable = true,git = "https://code.ungleich.ch/ungleich-public/etcd3_wrapper.git",ref = "wip"}
python-decouple = "*"
requests = "*"
pyotp = "*"
[requires]
python_version = "3.5"

246
Pipfile.lock generated Normal file
View file

@ -0,0 +1,246 @@
{
"_meta": {
"hash": {
"sha256": "140985247e5362ad0317970c161febd85cdd856163f9269cc38d802fb8b7d3f6"
},
"pipfile-spec": 6,
"requires": {
"python_version": "3.5"
},
"sources": [
{
"name": "pypi",
"url": "https://pypi.org/simple",
"verify_ssl": true
}
]
},
"default": {
"aniso8601": {
"hashes": [
"sha256:529dcb1f5f26ee0df6c0a1ee84b7b27197c3c50fc3a6321d66c544689237d072",
"sha256:c033f63d028b9a58e3ab0c2c7d0532ab4bfa7452bfc788fbfe3ddabd327b181a"
],
"version": "==8.0.0"
},
"certifi": {
"hashes": [
"sha256:e4f3620cfea4f83eedc95b24abd9cd56f3c4b146dd0177e83a21b4eb49e21e50",
"sha256:fd7c7c74727ddcf00e9acd26bba8da604ffec95bf1c2144e67aff7a8b50e6cef"
],
"version": "==2019.9.11"
},
"chardet": {
"hashes": [
"sha256:84ab92ed1c4d4f16916e05906b6b75a6c0fb5db821cc65e70cbd64a3e2a5eaae",
"sha256:fc323ffcaeaed0e0a02bf4d117757b98aed530d9ed4531e3e15460124c106691"
],
"version": "==3.0.4"
},
"click": {
"hashes": [
"sha256:2335065e6395b9e67ca716de5f7526736bfa6ceead690adf616d925bdc622b13",
"sha256:5b94b49521f6456670fdb30cd82a4eca9412788a93fa6dd6df72c94d5a8ff2d7"
],
"version": "==7.0"
},
"etcd3": {
"hashes": [
"sha256:25a524b9f032c6631ff0097532907dea81243eaa63c3744510fd1598cc4e0e87"
],
"version": "==0.10.0"
},
"etcd3-wrapper-wip": {
"editable": true,
"git": "https://code.ungleich.ch/ungleich-public/etcd3_wrapper.git",
"ref": "76fb0bdf797199e9ea161dad1d004eea9b4520f8"
},
"flask": {
"hashes": [
"sha256:13f9f196f330c7c2c5d7a5cf91af894110ca0215ac051b5844701f2bfd934d52",
"sha256:45eb5a6fd193d6cf7e0cf5d8a5b31f83d5faae0293695626f539a823e93b13f6"
],
"index": "pypi",
"version": "==1.1.1"
},
"flask-restful": {
"hashes": [
"sha256:ecd620c5cc29f663627f99e04f17d1f16d095c83dc1d618426e2ad68b03092f8",
"sha256:f8240ec12349afe8df1db168ea7c336c4e5b0271a36982bff7394f93275f2ca9"
],
"index": "pypi",
"version": "==0.3.7"
},
"grpcio": {
"hashes": [
"sha256:0302331e014fc4bac028b6ad480b33f7abfe20b9bdcca7be417124dda8f22115",
"sha256:0aa0cce9c5eb1261b32173a20ed42b51308d55ce28ecc2021e868b3cb90d9503",
"sha256:0c83947575300499adbc308e986d754e7f629be0bdd9bea1ffdd5cf76e1f1eff",
"sha256:0ca26ff968d45efd4ef73447c4d4b34322ea8c7d06fbb6907ce9e5db78f1bbcb",
"sha256:0cf80a7955760c2498f8821880242bb657d70998065ff0d2a082de5ffce230a7",
"sha256:0d40706e57d9833fe0e023a08b468f33940e8909affa12547874216d36bba208",
"sha256:11872069156de34c6f3f9a1deb46cc88bc35dfde88262c4c73eb22b39b16fc55",
"sha256:16065227faae0ab0abf1789bfb92a2cd2ab5da87630663f93f8178026da40e0d",
"sha256:1e33778277685f6fabb22539136269c87c029e39b6321ef1a639b756a1c0a408",
"sha256:2b16be15b1ae656bc7a36642b8c7045be2dde2048bb4b67478003e9d9db8022a",
"sha256:3701dfca3ada27ceef0d17f728ce9dfef155ed20c57979c2b05083082258c6c1",
"sha256:41912ecaf482abf2de74c69f509878f99223f5dd6b2de1a09c955afd4de3cf9b",
"sha256:4332cbd20544fe7406910137590f38b5b3a1f6170258e038652cf478c639430f",
"sha256:44068ecbdc6467c2bff4d8198816c8a2701b6dd1ec16078fceb6adc7c1f577d6",
"sha256:53115960e37059420e2d16a4b04b00dd2ab3b6c3c67babd01ffbfdcd7881a69b",
"sha256:6e7027bcd4070414751e2a5e60706facb98a1fc636497c9bac5442fe37b8ae6b",
"sha256:6ff57fb2f07b7226b5bec89e8e921ea9bd220f35f11e094f2ba38f09eecd49c6",
"sha256:73240e244d7644654bbda1f309f4911748b6a1804b7a8897ddbe8a04c90f7407",
"sha256:785234bbc469bc75e26c868789a2080ffb30bd6e93930167797729889ad06b0b",
"sha256:82f9d3c7f91d2d1885631335c003c5d45ae1cd69cc0bc4893f21fef50b8151bc",
"sha256:86bdc2a965510658407a1372eb61f0c92f763fdfb2795e4d038944da4320c950",
"sha256:95e925b56676a55e6282b3de80a1cbad5774072159779c61eac02791dface049",
"sha256:96673bb4f14bd3263613526d1e7e33fdb38a9130e3ce87bf52314965706e1900",
"sha256:970014205e76920484679035b6fb4b16e02fc977e5aac4d22025da849c79dab9",
"sha256:ace5e8bf11a1571f855f5dab38a9bd34109b6c9bc2864abf24a597598c7e3695",
"sha256:ad375f03eb3b9cb75a24d91eab8609e134d34605f199efc41e20dd642bdac855",
"sha256:b819c4c7dcf0de76788ce5f95daad6d4e753d6da2b6a5f84e5bb5b5ce95fddc4",
"sha256:c17943fd340cbd906db49f3f03c7545e5a66b617e8348b2c7a0d2c759d216af1",
"sha256:d21247150dea86dabd3b628d8bc4b563036db3d332b3f4db3c5b1b0b122cb4f6",
"sha256:d4d500a7221116de9767229ff5dd10db91f789448d85befb0adf5a37b0cd83b5",
"sha256:e2a942a3cfccbbca21a90c144867112698ef36486345c285da9e98c466f22b22",
"sha256:e983273dca91cb8a5043bc88322eb48e2b8d4e4998ff441a1ee79ced89db3909"
],
"version": "==1.24.1"
},
"idna": {
"hashes": [
"sha256:c357b3f628cf53ae2c4c05627ecc484553142ca23264e593d327bcde5e9c3407",
"sha256:ea8b7f6188e6fa117537c3df7da9fc686d485087abf6ac197f9c46432f7e4a3c"
],
"version": "==2.8"
},
"itsdangerous": {
"hashes": [
"sha256:321b033d07f2a4136d3ec762eac9f16a10ccd60f53c0c91af90217ace7ba1f19",
"sha256:b12271b2047cb23eeb98c8b5622e2e5c5e9abd9784a153e9d8ef9cb4dd09d749"
],
"version": "==1.1.0"
},
"jinja2": {
"hashes": [
"sha256:74320bb91f31270f9551d46522e33af46a80c3d619f4a4bf42b3164d30b5911f",
"sha256:9fe95f19286cfefaa917656583d020be14e7859c6b0252588391e47db34527de"
],
"version": "==2.10.3"
},
"markupsafe": {
"hashes": [
"sha256:00bc623926325b26bb9605ae9eae8a215691f33cae5df11ca5424f06f2d1f473",
"sha256:09027a7803a62ca78792ad89403b1b7a73a01c8cb65909cd876f7fcebd79b161",
"sha256:09c4b7f37d6c648cb13f9230d847adf22f8171b1ccc4d5682398e77f40309235",
"sha256:1027c282dad077d0bae18be6794e6b6b8c91d58ed8a8d89a89d59693b9131db5",
"sha256:24982cc2533820871eba85ba648cd53d8623687ff11cbb805be4ff7b4c971aff",
"sha256:29872e92839765e546828bb7754a68c418d927cd064fd4708fab9fe9c8bb116b",
"sha256:43a55c2930bbc139570ac2452adf3d70cdbb3cfe5912c71cdce1c2c6bbd9c5d1",
"sha256:46c99d2de99945ec5cb54f23c8cd5689f6d7177305ebff350a58ce5f8de1669e",
"sha256:500d4957e52ddc3351cabf489e79c91c17f6e0899158447047588650b5e69183",
"sha256:535f6fc4d397c1563d08b88e485c3496cf5784e927af890fb3c3aac7f933ec66",
"sha256:62fe6c95e3ec8a7fad637b7f3d372c15ec1caa01ab47926cfdf7a75b40e0eac1",
"sha256:6dd73240d2af64df90aa7c4e7481e23825ea70af4b4922f8ede5b9e35f78a3b1",
"sha256:717ba8fe3ae9cc0006d7c451f0bb265ee07739daf76355d06366154ee68d221e",
"sha256:79855e1c5b8da654cf486b830bd42c06e8780cea587384cf6545b7d9ac013a0b",
"sha256:7c1699dfe0cf8ff607dbdcc1e9b9af1755371f92a68f706051cc8c37d447c905",
"sha256:88e5fcfb52ee7b911e8bb6d6aa2fd21fbecc674eadd44118a9cc3863f938e735",
"sha256:8defac2f2ccd6805ebf65f5eeb132adcf2ab57aa11fdf4c0dd5169a004710e7d",
"sha256:98c7086708b163d425c67c7a91bad6e466bb99d797aa64f965e9d25c12111a5e",
"sha256:9add70b36c5666a2ed02b43b335fe19002ee5235efd4b8a89bfcf9005bebac0d",
"sha256:9bf40443012702a1d2070043cb6291650a0841ece432556f784f004937f0f32c",
"sha256:ade5e387d2ad0d7ebf59146cc00c8044acbd863725f887353a10df825fc8ae21",
"sha256:b00c1de48212e4cc9603895652c5c410df699856a2853135b3967591e4beebc2",
"sha256:b1282f8c00509d99fef04d8ba936b156d419be841854fe901d8ae224c59f0be5",
"sha256:b2051432115498d3562c084a49bba65d97cf251f5a331c64a12ee7e04dacc51b",
"sha256:ba59edeaa2fc6114428f1637ffff42da1e311e29382d81b339c1817d37ec93c6",
"sha256:c8716a48d94b06bb3b2524c2b77e055fb313aeb4ea620c8dd03a105574ba704f",
"sha256:cd5df75523866410809ca100dc9681e301e3c27567cf498077e8551b6d20e42f",
"sha256:e249096428b3ae81b08327a63a485ad0878de3fb939049038579ac0ef61e17e7"
],
"version": "==1.1.1"
},
"protobuf": {
"hashes": [
"sha256:125713564d8cfed7610e52444c9769b8dcb0b55e25cc7841f2290ee7bc86636f",
"sha256:1accdb7a47e51503be64d9a57543964ba674edac103215576399d2d0e34eac77",
"sha256:27003d12d4f68e3cbea9eb67427cab3bfddd47ff90670cb367fcd7a3a89b9657",
"sha256:3264f3c431a631b0b31e9db2ae8c927b79fc1a7b1b06b31e8e5bcf2af91fe896",
"sha256:3c5ab0f5c71ca5af27143e60613729e3488bb45f6d3f143dc918a20af8bab0bf",
"sha256:45dcf8758873e3f69feab075e5f3177270739f146255225474ee0b90429adef6",
"sha256:56a77d61a91186cc5676d8e11b36a5feb513873e4ae88d2ee5cf530d52bbcd3b",
"sha256:5984e4947bbcef5bd849d6244aec507d31786f2dd3344139adc1489fb403b300",
"sha256:6b0441da73796dd00821763bb4119674eaf252776beb50ae3883bed179a60b2a",
"sha256:6f6677c5ade94d4fe75a912926d6796d5c71a2a90c2aeefe0d6f211d75c74789",
"sha256:84a825a9418d7196e2acc48f8746cf1ee75877ed2f30433ab92a133f3eaf8fbe",
"sha256:b842c34fe043ccf78b4a6cf1019d7b80113707d68c88842d061fa2b8fb6ddedc",
"sha256:ca33d2f09dae149a1dcf942d2d825ebb06343b77b437198c9e2ef115cf5d5bc1",
"sha256:db83b5c12c0cd30150bb568e6feb2435c49ce4e68fe2d7b903113f0e221e58fe",
"sha256:f50f3b1c5c1c1334ca7ce9cad5992f098f460ffd6388a3cabad10b66c2006b09",
"sha256:f99f127909731cafb841c52f9216e447d3e4afb99b17bebfad327a75aee206de"
],
"version": "==3.10.0"
},
"pyotp": {
"hashes": [
"sha256:c88f37fd47541a580b744b42136f387cdad481b560ef410c0d85c957eb2a2bc0",
"sha256:fc537e8acd985c5cbf51e11b7d53c42276fee017a73aec7c07380695671ca1a1"
],
"index": "pypi",
"version": "==2.3.0"
},
"python-decouple": {
"hashes": [
"sha256:1317df14b43efee4337a4aa02914bf004f010cd56d6c4bd894e6474ec8c4fe2d"
],
"index": "pypi",
"version": "==3.1"
},
"pytz": {
"hashes": [
"sha256:1c557d7d0e871de1f5ccd5833f60fb2550652da6be2693c1e02300743d21500d",
"sha256:b02c06db6cf09c12dd25137e563b31700d3b80fcc4ad23abb7a315f2789819be"
],
"version": "==2019.3"
},
"requests": {
"hashes": [
"sha256:11e007a8a2aa0323f5a921e9e6a2d7e4e67d9877e85773fba9ba6419025cbeb4",
"sha256:9cf5292fcd0f598c671cfc1e0d7d1a7f13bb8085e9a590f48c010551dc6c4b31"
],
"index": "pypi",
"version": "==2.22.0"
},
"six": {
"hashes": [
"sha256:3350809f0555b11f552448330d0b52d5f24c91a322ea4a15ef22629740f3761c",
"sha256:d16a0141ec1a18405cd4ce8b4613101da75da0e9a7aec5bdd4fa804d0e0eba73"
],
"version": "==1.12.0"
},
"tenacity": {
"hashes": [
"sha256:6a7511a59145c2e319b7d04ddd93c12d48cc3d3c8fa42c2846d33a620ee91f57",
"sha256:a4eb168dbf55ed2cae27e7c6b2bd48ab54dabaf294177d998330cf59f294c112"
],
"version": "==5.1.1"
},
"urllib3": {
"hashes": [
"sha256:3de946ffbed6e6746608990594d08faac602528ac7015ac28d33cee6a45b7398",
"sha256:9a107b99a5393caf59c7aa3c1249c16e6879447533d0887f4336dde834c7be86"
],
"version": "==1.25.6"
},
"werkzeug": {
"hashes": [
"sha256:7280924747b5733b246fe23972186c6b348f9ae29724135a6dfc1e53cea433e7",
"sha256:e5f4a1f98b52b18a93da705a7458e55afb26f32bff83ff5d19189f92462d65c4"
],
"version": "==0.16.0"
}
},
"develop": {}
}

125
app.py Normal file
View file

@ -0,0 +1,125 @@
import pyotp
import decouple
from os.path import join
from flask import Flask, request
from flask_restful import Resource, Api
from schemas import OTPSchema, CreateOTPSchema
from config import etcd_client
from helper import is_valid_otp
app = Flask(__name__)
api = Api(app)
def create_admin_if_dont_exists(etcd_client):
_key = join(
decouple.config('BASE_PREFIX'),
decouple.config('ADMIN_REALM'),
'admin',
)
if etcd_client.get(_key) is None:
print('admin does not exists!. So, creating one')
_value = {
'seed': pyotp.random_base32(),
}
etcd_client.put(_key, _value, value_in_json=True)
create_admin_if_dont_exists(etcd_client)
class Verify(Resource):
@staticmethod
def get():
data = request.json
schema = OTPSchema(data)
if schema.is_valid():
return {'message': 'Verified'}, 200
else:
return schema.get_errors(), 400
# try:
# name = data['name']
# realm = data['realm']
# token = data['token']
# auth_name = data['auth-name']
# auth_realm = data['auth-realm']
# auth_token = data['auth-token']
# except Exception:
# return {
# "message": "Your provided data is not correct."
# }
# else:
# if is_valid_otp(auth_name, auth_realm, auth_token):
# _key = join(decouple.config("BASE_PREFIX"), realm, name)
# entry = etcd_client.get(_key, value_in_json=True)
# if entry:
# totp = pyotp.TOTP(entry.value['seed'])
# try:
# is_token_valid = totp.verify(token)
# except:
# return {'message': 'Invalid Data'}, 400
# else:
# if is_token_valid:
# return {'message': 'Verified'}, 200
# else:
# return {'message': 'Invalid token'}, 400
# else:
# return {"message": "No such Account Found"}, 400
# else:
# return {'message': 'Invalid Auth Credentials'}, 400
class Create(Resource):
@staticmethod
def post():
data = request.json
schema = CreateOTPSchema(data)
if schema.is_valid():
_key = join(decouple.config('BASE_PREFIX'), data['realm'], data['name'])
if etcd_client.get(_key) is None:
_value = {
'seed': pyotp.random_base32(),
}
etcd_client.put(_key, _value, value_in_json=True)
return {'message': 'Account Created\n'
'name: {}, realm: {}, seed: {}'.format(data['name'],data['realm'], _value['seed'])}
else:
return schema.get_errors()
# try:
# name = data['name']
# realm = data['realm']
# admin_name = data['admin-name']
# admin_realm = data['admin-realm']
# admin_token = data['admin-token']
# except Exception:
# return {'message': 'Invalid Data'}, 400
# else:
# if admin_realm == decouple.config('ADMIN_REALM'):
# if is_valid_otp(admin_name, admin_realm, admin_token):
# _key = join(decouple.config('BASE_PREFIX'), realm, name)
# if etcd_client.get(_key) is None:
# _value = {
# 'seed': pyotp.random_base32(),
# }
# etcd_client.put(_key, _value, value_in_json=True)
# return {'message': 'Account Created\n'
# 'name: {}, realm: {}, seed: {}'.format(name, realm, _value['seed'])}
# else:
# return {'message': 'Account already exists'}, 400
# else:
# return {'message': 'Invalid Admin OTP Credentials'}
# else:
# return {'message': 'Admin must be from {} realm'.format(decouple.config('ADMIN_REALM'))}
api.add_resource(Verify, "/verify")
api.add_resource(Create, "/create")
if __name__ == "__main__":
app.run(debug=True)

4
config.py Normal file
View file

@ -0,0 +1,4 @@
from etcd3_wrapper import Etcd3Wrapper
from decouple import config
etcd_client = Etcd3Wrapper()

19
helper.py Normal file
View file

@ -0,0 +1,19 @@
import pyotp
from decouple import config
from os.path import join
def is_valid_otp(etcd_client, name, realm, token):
_key = join(config("BASE_PREFIX"), realm, name)
entry = etcd_client.get(_key, value_in_json=True)
if entry:
totp = pyotp.TOTP(entry.value['seed'])
try:
is_token_valid = totp.verify(token)
except:
return False
else:
return is_token_valid
return False

154
schemas.py Normal file
View file

@ -0,0 +1,154 @@
import json
import decouple
import pyotp
from os.path import join
from helper import is_valid_otp
from config import etcd_client
class Field:
def __init__(self, _name, _type, _value=None):
self.name = _name
self.value = _value
self.type = _type
self.__errors = []
def validation(self):
return True
def is_valid(self):
if self.value == KeyError:
self.add_error("'{}' field is a required field".format(self.name))
else:
if not isinstance(self.value, self.type):
self.add_error("Incorrect Type for '{}' field".format(self.name))
else:
self.validation()
if self.__errors:
return False
return True
def get_errors(self):
return self.__errors
def add_error(self, error):
self.__errors.append(error)
class BaseSchema:
def __init__(self, data, fields=None):
_ = data # suppress linter warning
self.__errors = []
if fields is None:
self.fields = []
else:
self.fields = fields
def validation(self):
# custom validation is optional
return True
def is_valid(self):
for field in self.fields:
field.is_valid()
self.add_field_errors(field)
for parent in self.__class__.__bases__:
try:
parent.validation(self)
except AttributeError:
pass
if not self.__errors:
self.validation()
if self.__errors:
return False
return True
def get_errors(self):
return {"message": self.__errors}
def add_field_errors(self, field: Field):
self.__errors += field.get_errors()
def add_error(self, error):
self.__errors.append(error)
class OTPSchema(BaseSchema):
def __init__(self, data: dict, fields=None):
self.name = Field("name", str, data.get("name", KeyError))
self.realm = Field("realm", str, data.get("realm", KeyError))
self.token = Field("token", str, data.get("token", KeyError))
self.auth_name = Field("auth-name", str,
data.get("auth-name", KeyError))
self.auth_realm = Field("auth-realm", str,
data.get("auth-realm", KeyError))
self.auth_token = Field("auth-token", str,
data.get("auth-token", KeyError))
self.auth_realm.validation = self.auth_realm_validation
_fields = [self.name, self.realm, self.token,
self.auth_name, self.auth_realm,
self.auth_token]
if fields:
_fields += fields
super().__init__(data=data, fields=_fields)
def auth_realm_validation(self):
if self.auth_realm.value != decouple.config("AUTH_REALM"):
self.add_error(
"Authentication realm must be {}".format(decouple.config("AUTH_REALM"))
)
def validation(self):
if is_valid_otp(etcd_client, self.auth_name.value,
self.auth_realm.value, self.auth_token.value):
if is_valid_otp(etcd_client, self.name.value,
self.realm.value, self.token.value):
_key = join(decouple.config("BASE_PREFIX"),
self.realm.value, self.name.value)
entry = etcd_client.get(_key, value_in_json=True)
if not entry:
self.add_error("No such Account Found")
else:
self.add_error("Invalid OTP Credentials")
else:
self.add_error("Invalid Auth Credentials")
class CreateOTPSchema(BaseSchema):
def __init__(self, data: dict, fields=None):
self.name = Field("name", str, data.get("name", KeyError))
self.realm = Field("realm", str, data.get("realm", KeyError))
self.admin_name = Field("admin-name", str,
data.get("admin-name", KeyError))
self.admin_realm = Field("admin-realm", str,
data.get("admin-realm", KeyError))
self.admin_token = Field("admin-token", str,
data.get("admin-token", KeyError))
self.admin_realm.validation = self.admin_realm_validation
_fields = [self.name, self.realm,
self.admin_name, self.admin_realm,
self.admin_token]
if fields:
_fields += fields
super().__init__(data=data, fields=_fields)
def admin_realm_validation(self):
if self.admin_realm.value != decouple.config("ADMIN_REALM"):
self.add_field_errors(
'Admin must be from {} realm'.format(decouple.config('ADMIN_REALM'))
)
def validation(self):
if is_valid_otp(etcd_client, self.admin_name.value,
self.admin_realm.value, self.admin_token.value):
_key = join(decouple.config("BASE_PREFIX"),
self.realm.value, self.name.value)
if etcd_client.get(_key):
self.add_error("Account already exists")
else:
self.add_error("Invalid Admin OTP Credentials")