initial commit

.env.sample

@@ -0,0 +1,3 @@
+BASE_PREFIX=/uotp/
+ADMIN_REALM=ungleich-admin
+AUTH_REALM=ungleich-auth

.gitignore

@@ -0,0 +1,4 @@
+.vscode
+
+.env
+client.py

Pipfile

@@ -0,0 +1,17 @@
+[[source]]
+name = "pypi"
+url = "https://pypi.org/simple"
+verify_ssl = true
+
+[dev-packages]
+
+[packages]
+flask = "*"
+flask-restful = "*"
+etcd3-wrapper-wip = {editable = true,git = "https://code.ungleich.ch/ungleich-public/etcd3_wrapper.git",ref = "wip"}
+python-decouple = "*"
+requests = "*"
+pyotp = "*"
+
+[requires]
+python_version = "3.5"

Pipfile.lock

@@ -0,0 +1,246 @@
+{
+    "_meta": {
+        "hash": {
+            "sha256": "140985247e5362ad0317970c161febd85cdd856163f9269cc38d802fb8b7d3f6"
+        },
+        "pipfile-spec": 6,
+        "requires": {
+            "python_version": "3.5"
+        },
+        "sources": [
+            {
+                "name": "pypi",
+                "url": "https://pypi.org/simple",
+                "verify_ssl": true
+            }
+        ]
+    },
+    "default": {
+        "aniso8601": {
+            "hashes": [
+                "sha256:529dcb1f5f26ee0df6c0a1ee84b7b27197c3c50fc3a6321d66c544689237d072",
+                "sha256:c033f63d028b9a58e3ab0c2c7d0532ab4bfa7452bfc788fbfe3ddabd327b181a"
+            ],
+            "version": "==8.0.0"
+        },
+        "certifi": {
+            "hashes": [
+                "sha256:e4f3620cfea4f83eedc95b24abd9cd56f3c4b146dd0177e83a21b4eb49e21e50",
+                "sha256:fd7c7c74727ddcf00e9acd26bba8da604ffec95bf1c2144e67aff7a8b50e6cef"
+            ],
+            "version": "==2019.9.11"
+        },
+        "chardet": {
+            "hashes": [
+                "sha256:84ab92ed1c4d4f16916e05906b6b75a6c0fb5db821cc65e70cbd64a3e2a5eaae",
+                "sha256:fc323ffcaeaed0e0a02bf4d117757b98aed530d9ed4531e3e15460124c106691"
+            ],
+            "version": "==3.0.4"
+        },
+        "click": {
+            "hashes": [
+                "sha256:2335065e6395b9e67ca716de5f7526736bfa6ceead690adf616d925bdc622b13",
+                "sha256:5b94b49521f6456670fdb30cd82a4eca9412788a93fa6dd6df72c94d5a8ff2d7"
+            ],
+            "version": "==7.0"
+        },
+        "etcd3": {
+            "hashes": [
+                "sha256:25a524b9f032c6631ff0097532907dea81243eaa63c3744510fd1598cc4e0e87"
+            ],
+            "version": "==0.10.0"
+        },
+        "etcd3-wrapper-wip": {
+            "editable": true,
+            "git": "https://code.ungleich.ch/ungleich-public/etcd3_wrapper.git",
+            "ref": "76fb0bdf797199e9ea161dad1d004eea9b4520f8"
+        },
+        "flask": {
+            "hashes": [
+                "sha256:13f9f196f330c7c2c5d7a5cf91af894110ca0215ac051b5844701f2bfd934d52",
+                "sha256:45eb5a6fd193d6cf7e0cf5d8a5b31f83d5faae0293695626f539a823e93b13f6"
+            ],
+            "index": "pypi",
+            "version": "==1.1.1"
+        },
+        "flask-restful": {
+            "hashes": [
+                "sha256:ecd620c5cc29f663627f99e04f17d1f16d095c83dc1d618426e2ad68b03092f8",
+                "sha256:f8240ec12349afe8df1db168ea7c336c4e5b0271a36982bff7394f93275f2ca9"
+            ],
+            "index": "pypi",
+            "version": "==0.3.7"
+        },
+        "grpcio": {
+            "hashes": [
+                "sha256:0302331e014fc4bac028b6ad480b33f7abfe20b9bdcca7be417124dda8f22115",
+                "sha256:0aa0cce9c5eb1261b32173a20ed42b51308d55ce28ecc2021e868b3cb90d9503",
+                "sha256:0c83947575300499adbc308e986d754e7f629be0bdd9bea1ffdd5cf76e1f1eff",
+                "sha256:0ca26ff968d45efd4ef73447c4d4b34322ea8c7d06fbb6907ce9e5db78f1bbcb",
+                "sha256:0cf80a7955760c2498f8821880242bb657d70998065ff0d2a082de5ffce230a7",
+                "sha256:0d40706e57d9833fe0e023a08b468f33940e8909affa12547874216d36bba208",
+                "sha256:11872069156de34c6f3f9a1deb46cc88bc35dfde88262c4c73eb22b39b16fc55",
+                "sha256:16065227faae0ab0abf1789bfb92a2cd2ab5da87630663f93f8178026da40e0d",
+                "sha256:1e33778277685f6fabb22539136269c87c029e39b6321ef1a639b756a1c0a408",
+                "sha256:2b16be15b1ae656bc7a36642b8c7045be2dde2048bb4b67478003e9d9db8022a",
+                "sha256:3701dfca3ada27ceef0d17f728ce9dfef155ed20c57979c2b05083082258c6c1",
+                "sha256:41912ecaf482abf2de74c69f509878f99223f5dd6b2de1a09c955afd4de3cf9b",
+                "sha256:4332cbd20544fe7406910137590f38b5b3a1f6170258e038652cf478c639430f",
+                "sha256:44068ecbdc6467c2bff4d8198816c8a2701b6dd1ec16078fceb6adc7c1f577d6",
+                "sha256:53115960e37059420e2d16a4b04b00dd2ab3b6c3c67babd01ffbfdcd7881a69b",
+                "sha256:6e7027bcd4070414751e2a5e60706facb98a1fc636497c9bac5442fe37b8ae6b",
+                "sha256:6ff57fb2f07b7226b5bec89e8e921ea9bd220f35f11e094f2ba38f09eecd49c6",
+                "sha256:73240e244d7644654bbda1f309f4911748b6a1804b7a8897ddbe8a04c90f7407",
+                "sha256:785234bbc469bc75e26c868789a2080ffb30bd6e93930167797729889ad06b0b",
+                "sha256:82f9d3c7f91d2d1885631335c003c5d45ae1cd69cc0bc4893f21fef50b8151bc",
+                "sha256:86bdc2a965510658407a1372eb61f0c92f763fdfb2795e4d038944da4320c950",
+                "sha256:95e925b56676a55e6282b3de80a1cbad5774072159779c61eac02791dface049",
+                "sha256:96673bb4f14bd3263613526d1e7e33fdb38a9130e3ce87bf52314965706e1900",
+                "sha256:970014205e76920484679035b6fb4b16e02fc977e5aac4d22025da849c79dab9",
+                "sha256:ace5e8bf11a1571f855f5dab38a9bd34109b6c9bc2864abf24a597598c7e3695",
+                "sha256:ad375f03eb3b9cb75a24d91eab8609e134d34605f199efc41e20dd642bdac855",
+                "sha256:b819c4c7dcf0de76788ce5f95daad6d4e753d6da2b6a5f84e5bb5b5ce95fddc4",
+                "sha256:c17943fd340cbd906db49f3f03c7545e5a66b617e8348b2c7a0d2c759d216af1",
+                "sha256:d21247150dea86dabd3b628d8bc4b563036db3d332b3f4db3c5b1b0b122cb4f6",
+                "sha256:d4d500a7221116de9767229ff5dd10db91f789448d85befb0adf5a37b0cd83b5",
+                "sha256:e2a942a3cfccbbca21a90c144867112698ef36486345c285da9e98c466f22b22",
+                "sha256:e983273dca91cb8a5043bc88322eb48e2b8d4e4998ff441a1ee79ced89db3909"
+            ],
+            "version": "==1.24.1"
+        },
+        "idna": {
+            "hashes": [
+                "sha256:c357b3f628cf53ae2c4c05627ecc484553142ca23264e593d327bcde5e9c3407",
+                "sha256:ea8b7f6188e6fa117537c3df7da9fc686d485087abf6ac197f9c46432f7e4a3c"
+            ],
+            "version": "==2.8"
+        },
+        "itsdangerous": {
+            "hashes": [
+                "sha256:321b033d07f2a4136d3ec762eac9f16a10ccd60f53c0c91af90217ace7ba1f19",
+                "sha256:b12271b2047cb23eeb98c8b5622e2e5c5e9abd9784a153e9d8ef9cb4dd09d749"
+            ],
+            "version": "==1.1.0"
+        },
+        "jinja2": {
+            "hashes": [
+                "sha256:74320bb91f31270f9551d46522e33af46a80c3d619f4a4bf42b3164d30b5911f",
+                "sha256:9fe95f19286cfefaa917656583d020be14e7859c6b0252588391e47db34527de"
+            ],
+            "version": "==2.10.3"
+        },
+        "markupsafe": {
+            "hashes": [
+                "sha256:00bc623926325b26bb9605ae9eae8a215691f33cae5df11ca5424f06f2d1f473",
+                "sha256:09027a7803a62ca78792ad89403b1b7a73a01c8cb65909cd876f7fcebd79b161",
+                "sha256:09c4b7f37d6c648cb13f9230d847adf22f8171b1ccc4d5682398e77f40309235",
+                "sha256:1027c282dad077d0bae18be6794e6b6b8c91d58ed8a8d89a89d59693b9131db5",
+                "sha256:24982cc2533820871eba85ba648cd53d8623687ff11cbb805be4ff7b4c971aff",
+                "sha256:29872e92839765e546828bb7754a68c418d927cd064fd4708fab9fe9c8bb116b",
+                "sha256:43a55c2930bbc139570ac2452adf3d70cdbb3cfe5912c71cdce1c2c6bbd9c5d1",
+                "sha256:46c99d2de99945ec5cb54f23c8cd5689f6d7177305ebff350a58ce5f8de1669e",
+                "sha256:500d4957e52ddc3351cabf489e79c91c17f6e0899158447047588650b5e69183",
+                "sha256:535f6fc4d397c1563d08b88e485c3496cf5784e927af890fb3c3aac7f933ec66",
+                "sha256:62fe6c95e3ec8a7fad637b7f3d372c15ec1caa01ab47926cfdf7a75b40e0eac1",
+                "sha256:6dd73240d2af64df90aa7c4e7481e23825ea70af4b4922f8ede5b9e35f78a3b1",
+                "sha256:717ba8fe3ae9cc0006d7c451f0bb265ee07739daf76355d06366154ee68d221e",
+                "sha256:79855e1c5b8da654cf486b830bd42c06e8780cea587384cf6545b7d9ac013a0b",
+                "sha256:7c1699dfe0cf8ff607dbdcc1e9b9af1755371f92a68f706051cc8c37d447c905",
+                "sha256:88e5fcfb52ee7b911e8bb6d6aa2fd21fbecc674eadd44118a9cc3863f938e735",
+                "sha256:8defac2f2ccd6805ebf65f5eeb132adcf2ab57aa11fdf4c0dd5169a004710e7d",
+                "sha256:98c7086708b163d425c67c7a91bad6e466bb99d797aa64f965e9d25c12111a5e",
+                "sha256:9add70b36c5666a2ed02b43b335fe19002ee5235efd4b8a89bfcf9005bebac0d",
+                "sha256:9bf40443012702a1d2070043cb6291650a0841ece432556f784f004937f0f32c",
+                "sha256:ade5e387d2ad0d7ebf59146cc00c8044acbd863725f887353a10df825fc8ae21",
+                "sha256:b00c1de48212e4cc9603895652c5c410df699856a2853135b3967591e4beebc2",
+                "sha256:b1282f8c00509d99fef04d8ba936b156d419be841854fe901d8ae224c59f0be5",
+                "sha256:b2051432115498d3562c084a49bba65d97cf251f5a331c64a12ee7e04dacc51b",
+                "sha256:ba59edeaa2fc6114428f1637ffff42da1e311e29382d81b339c1817d37ec93c6",
+                "sha256:c8716a48d94b06bb3b2524c2b77e055fb313aeb4ea620c8dd03a105574ba704f",
+                "sha256:cd5df75523866410809ca100dc9681e301e3c27567cf498077e8551b6d20e42f",
+                "sha256:e249096428b3ae81b08327a63a485ad0878de3fb939049038579ac0ef61e17e7"
+            ],
+            "version": "==1.1.1"
+        },
+        "protobuf": {
+            "hashes": [
+                "sha256:125713564d8cfed7610e52444c9769b8dcb0b55e25cc7841f2290ee7bc86636f",
+                "sha256:1accdb7a47e51503be64d9a57543964ba674edac103215576399d2d0e34eac77",
+                "sha256:27003d12d4f68e3cbea9eb67427cab3bfddd47ff90670cb367fcd7a3a89b9657",
+                "sha256:3264f3c431a631b0b31e9db2ae8c927b79fc1a7b1b06b31e8e5bcf2af91fe896",
+                "sha256:3c5ab0f5c71ca5af27143e60613729e3488bb45f6d3f143dc918a20af8bab0bf",
+                "sha256:45dcf8758873e3f69feab075e5f3177270739f146255225474ee0b90429adef6",
+                "sha256:56a77d61a91186cc5676d8e11b36a5feb513873e4ae88d2ee5cf530d52bbcd3b",
+                "sha256:5984e4947bbcef5bd849d6244aec507d31786f2dd3344139adc1489fb403b300",
+                "sha256:6b0441da73796dd00821763bb4119674eaf252776beb50ae3883bed179a60b2a",
+                "sha256:6f6677c5ade94d4fe75a912926d6796d5c71a2a90c2aeefe0d6f211d75c74789",
+                "sha256:84a825a9418d7196e2acc48f8746cf1ee75877ed2f30433ab92a133f3eaf8fbe",
+                "sha256:b842c34fe043ccf78b4a6cf1019d7b80113707d68c88842d061fa2b8fb6ddedc",
+                "sha256:ca33d2f09dae149a1dcf942d2d825ebb06343b77b437198c9e2ef115cf5d5bc1",
+                "sha256:db83b5c12c0cd30150bb568e6feb2435c49ce4e68fe2d7b903113f0e221e58fe",
+                "sha256:f50f3b1c5c1c1334ca7ce9cad5992f098f460ffd6388a3cabad10b66c2006b09",
+                "sha256:f99f127909731cafb841c52f9216e447d3e4afb99b17bebfad327a75aee206de"
+            ],
+            "version": "==3.10.0"
+        },
+        "pyotp": {
+            "hashes": [
+                "sha256:c88f37fd47541a580b744b42136f387cdad481b560ef410c0d85c957eb2a2bc0",
+                "sha256:fc537e8acd985c5cbf51e11b7d53c42276fee017a73aec7c07380695671ca1a1"
+            ],
+            "index": "pypi",
+            "version": "==2.3.0"
+        },
+        "python-decouple": {
+            "hashes": [
+                "sha256:1317df14b43efee4337a4aa02914bf004f010cd56d6c4bd894e6474ec8c4fe2d"
+            ],
+            "index": "pypi",
+            "version": "==3.1"
+        },
+        "pytz": {
+            "hashes": [
+                "sha256:1c557d7d0e871de1f5ccd5833f60fb2550652da6be2693c1e02300743d21500d",
+                "sha256:b02c06db6cf09c12dd25137e563b31700d3b80fcc4ad23abb7a315f2789819be"
+            ],
+            "version": "==2019.3"
+        },
+        "requests": {
+            "hashes": [
+                "sha256:11e007a8a2aa0323f5a921e9e6a2d7e4e67d9877e85773fba9ba6419025cbeb4",
+                "sha256:9cf5292fcd0f598c671cfc1e0d7d1a7f13bb8085e9a590f48c010551dc6c4b31"
+            ],
+            "index": "pypi",
+            "version": "==2.22.0"
+        },
+        "six": {
+            "hashes": [
+                "sha256:3350809f0555b11f552448330d0b52d5f24c91a322ea4a15ef22629740f3761c",
+                "sha256:d16a0141ec1a18405cd4ce8b4613101da75da0e9a7aec5bdd4fa804d0e0eba73"
+            ],
+            "version": "==1.12.0"
+        },
+        "tenacity": {
+            "hashes": [
+                "sha256:6a7511a59145c2e319b7d04ddd93c12d48cc3d3c8fa42c2846d33a620ee91f57",
+                "sha256:a4eb168dbf55ed2cae27e7c6b2bd48ab54dabaf294177d998330cf59f294c112"
+            ],
+            "version": "==5.1.1"
+        },
+        "urllib3": {
+            "hashes": [
+                "sha256:3de946ffbed6e6746608990594d08faac602528ac7015ac28d33cee6a45b7398",
+                "sha256:9a107b99a5393caf59c7aa3c1249c16e6879447533d0887f4336dde834c7be86"
+            ],
+            "version": "==1.25.6"
+        },
+        "werkzeug": {
+            "hashes": [
+                "sha256:7280924747b5733b246fe23972186c6b348f9ae29724135a6dfc1e53cea433e7",
+                "sha256:e5f4a1f98b52b18a93da705a7458e55afb26f32bff83ff5d19189f92462d65c4"
+            ],
+            "version": "==0.16.0"
+        }
+    },
+    "develop": {}
+}

app.py

@@ -0,0 +1,125 @@
+import pyotp
+import decouple
+from os.path import join
+
+from flask import Flask, request
+from flask_restful import Resource, Api
+from schemas import OTPSchema, CreateOTPSchema
+
+from config import etcd_client
+from helper import is_valid_otp
+
+app = Flask(__name__)
+api = Api(app)
+
+def create_admin_if_dont_exists(etcd_client):
+    _key = join(
+        decouple.config('BASE_PREFIX'),
+        decouple.config('ADMIN_REALM'),
+        'admin',
+    )
+    if etcd_client.get(_key) is None:
+        print('admin does not exists!. So, creating one')
+        _value = {
+            'seed': pyotp.random_base32(),
+        }
+        etcd_client.put(_key, _value, value_in_json=True)
+
+
+
+create_admin_if_dont_exists(etcd_client)
+
+
+class Verify(Resource):
+    @staticmethod
+    def get():
+        data = request.json
+        schema = OTPSchema(data)
+        if schema.is_valid():
+            return {'message': 'Verified'}, 200
+        else:
+            return schema.get_errors(), 400
+
+        # try:
+        #     name = data['name']
+        #     realm = data['realm']
+        #     token = data['token']
+            
+        #     auth_name = data['auth-name']
+        #     auth_realm = data['auth-realm']
+        #     auth_token = data['auth-token']
+        # except Exception:
+        #     return {
+        #         "message": "Your provided data is not correct."
+        #     }
+        # else:
+        #     if is_valid_otp(auth_name, auth_realm, auth_token):
+        #         _key = join(decouple.config("BASE_PREFIX"), realm, name)
+        #         entry = etcd_client.get(_key, value_in_json=True)
+        #         if entry:
+        #             totp = pyotp.TOTP(entry.value['seed'])
+        #             try:
+        #                 is_token_valid = totp.verify(token)
+        #             except:
+        #                 return {'message': 'Invalid Data'}, 400
+        #             else:
+        #                 if is_token_valid:
+        #                     return {'message': 'Verified'}, 200
+        #                 else:
+        #                     return {'message': 'Invalid token'}, 400
+        #         else:
+        #             return {"message": "No such Account Found"}, 400
+        #     else:
+        #         return {'message': 'Invalid Auth Credentials'}, 400
+            
+
+class Create(Resource):
+    @staticmethod
+    def post():
+        data = request.json
+        
+        schema = CreateOTPSchema(data)
+        if schema.is_valid():
+            _key = join(decouple.config('BASE_PREFIX'), data['realm'], data['name'])
+
+            if etcd_client.get(_key) is None:
+                _value = {
+                    'seed': pyotp.random_base32(),
+                }
+                etcd_client.put(_key, _value, value_in_json=True)
+                return {'message': 'Account Created\n'
+                'name: {}, realm: {}, seed: {}'.format(data['name'],data['realm'], _value['seed'])}
+        else:
+            return schema.get_errors()
+        # try:
+        #     name = data['name']
+        #     realm = data['realm']
+        #     admin_name = data['admin-name']
+        #     admin_realm = data['admin-realm']
+        #     admin_token = data['admin-token']
+        # except Exception:
+        #     return {'message': 'Invalid Data'}, 400
+        # else:
+        #     if admin_realm == decouple.config('ADMIN_REALM'):
+        #         if is_valid_otp(admin_name, admin_realm, admin_token):
+        #             _key = join(decouple.config('BASE_PREFIX'), realm, name)
+
+        #             if etcd_client.get(_key) is None:
+        #                 _value = {
+        #                     'seed': pyotp.random_base32(),
+        #                 }
+        #                 etcd_client.put(_key, _value, value_in_json=True)
+        #                 return {'message': 'Account Created\n'
+        #                 'name: {}, realm: {}, seed: {}'.format(name, realm, _value['seed'])}
+        #             else:
+        #                 return {'message': 'Account already exists'}, 400
+        #         else:
+        #             return {'message': 'Invalid Admin OTP Credentials'}
+        #     else:
+        #         return {'message': 'Admin must be from {} realm'.format(decouple.config('ADMIN_REALM'))}
+
+api.add_resource(Verify, "/verify")
+api.add_resource(Create, "/create")
+
+if __name__ == "__main__":
+    app.run(debug=True)

config.py

@@ -0,0 +1,4 @@
+from etcd3_wrapper import Etcd3Wrapper
+from decouple import config
+
+etcd_client = Etcd3Wrapper()

helper.py

@@ -0,0 +1,19 @@
+import pyotp
+
+from decouple import config
+from os.path import join
+
+
+def is_valid_otp(etcd_client, name, realm, token):
+    _key = join(config("BASE_PREFIX"), realm, name)
+    entry = etcd_client.get(_key, value_in_json=True)
+    if entry:
+        totp = pyotp.TOTP(entry.value['seed'])
+        try:
+            is_token_valid = totp.verify(token)
+        except:
+            return False
+        else:
+            return is_token_valid
+    
+    return False

schemas.py

@@ -0,0 +1,154 @@
+import json
+import decouple
+import pyotp
+
+from os.path import join
+
+from helper import is_valid_otp
+from config import etcd_client
+class Field:
+    def __init__(self, _name, _type, _value=None):
+        self.name = _name
+        self.value = _value
+        self.type = _type
+        self.__errors = []
+
+    def validation(self):
+        return True
+
+    def is_valid(self):
+        if self.value == KeyError:
+            self.add_error("'{}' field is a required field".format(self.name))
+        else:
+            if not isinstance(self.value, self.type):
+                self.add_error("Incorrect Type for '{}' field".format(self.name))
+            else:
+                self.validation()
+
+        if self.__errors:
+            return False
+        return True
+
+    def get_errors(self):
+        return self.__errors
+
+    def add_error(self, error):
+        self.__errors.append(error)
+
+class BaseSchema:
+    def __init__(self, data, fields=None):
+        _ = data  # suppress linter warning
+        self.__errors = []
+        if fields is None:
+            self.fields = []
+        else:
+            self.fields = fields
+
+    def validation(self):
+        # custom validation is optional
+        return True
+
+    def is_valid(self):
+        for field in self.fields:
+            field.is_valid()
+            self.add_field_errors(field)
+
+        for parent in self.__class__.__bases__:
+            try:
+                parent.validation(self)
+            except AttributeError:
+                pass
+        if not self.__errors:
+            self.validation()
+
+        if self.__errors:
+            return False
+        return True
+
+    def get_errors(self):
+        return {"message": self.__errors}
+
+    def add_field_errors(self, field: Field):
+        self.__errors += field.get_errors()
+
+    def add_error(self, error):
+        self.__errors.append(error)
+
+class OTPSchema(BaseSchema):
+    def __init__(self, data: dict, fields=None):
+        self.name = Field("name", str, data.get("name", KeyError))
+        self.realm = Field("realm", str, data.get("realm", KeyError))
+        self.token = Field("token", str, data.get("token", KeyError))
+
+        self.auth_name = Field("auth-name", str,
+                               data.get("auth-name", KeyError))
+        self.auth_realm = Field("auth-realm", str,
+                               data.get("auth-realm", KeyError))
+        self.auth_token = Field("auth-token", str,
+                               data.get("auth-token", KeyError))
+        self.auth_realm.validation = self.auth_realm_validation
+        _fields = [self.name, self.realm, self.token,
+                   self.auth_name, self.auth_realm,
+                   self.auth_token]
+        if fields:
+            _fields += fields
+        super().__init__(data=data, fields=_fields)
+
+
+    def auth_realm_validation(self):
+        if self.auth_realm.value != decouple.config("AUTH_REALM"):
+            self.add_error(
+                "Authentication realm must be {}".format(decouple.config("AUTH_REALM"))
+            )
+    def validation(self):
+        if is_valid_otp(etcd_client, self.auth_name.value,
+                        self.auth_realm.value, self.auth_token.value): 
+            
+            if is_valid_otp(etcd_client, self.name.value, 
+                            self.realm.value, self.token.value):
+                _key = join(decouple.config("BASE_PREFIX"),
+                            self.realm.value, self.name.value)
+                entry = etcd_client.get(_key, value_in_json=True)
+                if not entry:
+                    self.add_error("No such Account Found")
+            else:
+                self.add_error("Invalid OTP Credentials")
+        else:
+            self.add_error("Invalid Auth Credentials")
+
+
+class CreateOTPSchema(BaseSchema):
+    def __init__(self, data: dict, fields=None):
+        self.name = Field("name", str, data.get("name", KeyError))
+        self.realm = Field("realm", str, data.get("realm", KeyError))
+
+        self.admin_name = Field("admin-name", str,
+                               data.get("admin-name", KeyError))
+        self.admin_realm = Field("admin-realm", str,
+                               data.get("admin-realm", KeyError))
+        self.admin_token = Field("admin-token", str,
+                               data.get("admin-token", KeyError))
+        
+        self.admin_realm.validation = self.admin_realm_validation
+        _fields = [self.name, self.realm,
+                   self.admin_name, self.admin_realm,
+                   self.admin_token]
+        if fields:
+            _fields += fields
+        super().__init__(data=data, fields=_fields)
+
+    def admin_realm_validation(self):
+        if self.admin_realm.value != decouple.config("ADMIN_REALM"):
+            self.add_field_errors(
+                'Admin must be from {} realm'.format(decouple.config('ADMIN_REALM'))
+            )
+    def validation(self):
+        if is_valid_otp(etcd_client, self.admin_name.value,
+                        self.admin_realm.value, self.admin_token.value): 
+
+            _key = join(decouple.config("BASE_PREFIX"),
+                        self.realm.value, self.name.value)
+            if etcd_client.get(_key):
+                self.add_error("Account already exists")
+        else:
+            self.add_error("Invalid Admin OTP Credentials")