Esempio n. 1
0
    def post(self, request, *args, **kwargs):
        serializer = self.get_serializer(data=request.data)
        serializer.is_valid(raise_exception=True)

        mfa_method_name = serializer.validated_data.get('method')
        ephemeral_token = serializer.validated_data.get('ephemeral_token')
        user = user_token_generator.check_token(ephemeral_token)
        if mfa_method_name:
            obj = get_object_or_404(
                MFAMethod,
                user=user,
                name=mfa_method_name,
                is_active=True,
            )

        conf = api_settings.MFA_METHODS.get(mfa_method_name)

        if not conf:
            return Response(
                {'error', _('Requested MFA method does not exists')},
                status=status.HTTP_400_BAD_REQUEST,
            )

        handler = conf.get('HANDLER')(
            user=user,
            obj=obj,
            conf=conf,
        )
        dispatcher_resp = handler.dispatch_message()
        return Response(dispatcher_resp)
Esempio n. 2
0
def test_get_ephemeral_token(active_user_with_email_otp):
    client = TrenchAPIClient()
    response = client.authenticate(user=active_user_with_email_otp)
    assert response.status_code == HTTP_200_OK
    assert (user_token_generator.check_token(
        user=None,
        token=client._extract_ephemeral_token_from_response(response=response),
    ) == active_user_with_email_otp)
Esempio n. 3
0
def test_auth_token_first_step(active_user_with_email_otp):
    client = TrenchAPIClient()
    response = client.authenticate(user=active_user_with_email_otp,
                                   path=client.PATH_AUTH_TOKEN_LOGIN)

    assert response.status_code == HTTP_200_OK
    assert (user_token_generator.check_token(
        user=None,
        token=client._extract_ephemeral_token_from_response(response)) ==
            active_user_with_email_otp)
Esempio n. 4
0
    def validate(self, attrs):
        token = attrs.get('token')
        code = attrs.get('code')

        self.user = user_token_generator.check_token(token)
        if not self.user:
            self.fail('invalid_token')

        for auth_method in self.user.mfa_methods.filter(is_active=True):
            if validate_code(code, auth_method):
                return attrs
            if code in auth_method.backup_codes.split(','):
                auth_method.remove_backup_code(code)
                return attrs

        self.fail('invalid_code')
Esempio n. 5
0
    def validate(self, attrs):
        ephemeral_token = attrs.get('ephemeral_token')
        code = attrs.get('code')

        self.user = user_token_generator.check_token(ephemeral_token)
        if not self.user:
            self.fail('invalid_token')

        for auth_method in self.user.mfa_methods.filter(is_active=True):
            validated_backup_code = validate_backup_code(
                code,
                auth_method.backup_codes,
            )
            if validate_code(code, auth_method):
                return attrs
            if validated_backup_code:
                auth_method.remove_backup_code(validated_backup_code)
                return attrs

        self.fail('invalid_code')
Esempio n. 6
0
 def validate(self, attrs):
     ephemeral_token = attrs.get('ephemeral_token')
     self.user = user_token_generator.check_token(ephemeral_token)
     if not self.user:
         self.fail('invalid_token')
     return attrs
def test_get_emphemeral_token(active_user_with_email_otp):
    response = login(active_user_with_email_otp)
    assert response.status_code == 200
    assert user_token_generator.check_token(
        response.data.get('ephemeral_token')) == active_user_with_email_otp
Esempio n. 8
0
 def execute(self, code: str, ephemeral_token: str) -> User:
     user = user_token_generator.check_token(user=None, token=ephemeral_token)
     if user is None:
         raise InvalidTokenError()
     self.is_authenticated(user_id=user.id, code=code)
     return user