def post(self, request, *args, **kwargs): serializer = self.get_serializer(data=request.data) serializer.is_valid(raise_exception=True) mfa_method_name = serializer.validated_data.get('method') ephemeral_token = serializer.validated_data.get('ephemeral_token') user = user_token_generator.check_token(ephemeral_token) if mfa_method_name: obj = get_object_or_404( MFAMethod, user=user, name=mfa_method_name, is_active=True, ) conf = api_settings.MFA_METHODS.get(mfa_method_name) if not conf: return Response( {'error', _('Requested MFA method does not exists')}, status=status.HTTP_400_BAD_REQUEST, ) handler = conf.get('HANDLER')( user=user, obj=obj, conf=conf, ) dispatcher_resp = handler.dispatch_message() return Response(dispatcher_resp)
def test_get_ephemeral_token(active_user_with_email_otp): client = TrenchAPIClient() response = client.authenticate(user=active_user_with_email_otp) assert response.status_code == HTTP_200_OK assert (user_token_generator.check_token( user=None, token=client._extract_ephemeral_token_from_response(response=response), ) == active_user_with_email_otp)
def test_auth_token_first_step(active_user_with_email_otp): client = TrenchAPIClient() response = client.authenticate(user=active_user_with_email_otp, path=client.PATH_AUTH_TOKEN_LOGIN) assert response.status_code == HTTP_200_OK assert (user_token_generator.check_token( user=None, token=client._extract_ephemeral_token_from_response(response)) == active_user_with_email_otp)
def validate(self, attrs): token = attrs.get('token') code = attrs.get('code') self.user = user_token_generator.check_token(token) if not self.user: self.fail('invalid_token') for auth_method in self.user.mfa_methods.filter(is_active=True): if validate_code(code, auth_method): return attrs if code in auth_method.backup_codes.split(','): auth_method.remove_backup_code(code) return attrs self.fail('invalid_code')
def validate(self, attrs): ephemeral_token = attrs.get('ephemeral_token') code = attrs.get('code') self.user = user_token_generator.check_token(ephemeral_token) if not self.user: self.fail('invalid_token') for auth_method in self.user.mfa_methods.filter(is_active=True): validated_backup_code = validate_backup_code( code, auth_method.backup_codes, ) if validate_code(code, auth_method): return attrs if validated_backup_code: auth_method.remove_backup_code(validated_backup_code) return attrs self.fail('invalid_code')
def validate(self, attrs): ephemeral_token = attrs.get('ephemeral_token') self.user = user_token_generator.check_token(ephemeral_token) if not self.user: self.fail('invalid_token') return attrs
def test_get_emphemeral_token(active_user_with_email_otp): response = login(active_user_with_email_otp) assert response.status_code == 200 assert user_token_generator.check_token( response.data.get('ephemeral_token')) == active_user_with_email_otp
def execute(self, code: str, ephemeral_token: str) -> User: user = user_token_generator.check_token(user=None, token=ephemeral_token) if user is None: raise InvalidTokenError() self.is_authenticated(user_id=user.id, code=code) return user