def post(self, request, *args, **kwargs):
serializer = self.get_serializer(data=request.data)
serializer.is_valid(raise_exception=True)
mfa_method_name = serializer.validated_data.get('method')
ephemeral_token = serializer.validated_data.get('ephemeral_token')
user = user_token_generator.check_token(ephemeral_token)
if mfa_method_name:
obj = get_object_or_404(
MFAMethod,
user=user,
name=mfa_method_name,
is_active=True,
)
conf = api_settings.MFA_METHODS.get(mfa_method_name)
if not conf:
return Response(
{'error', _('Requested MFA method does not exists')},
status=status.HTTP_400_BAD_REQUEST,
)
handler = conf.get('HANDLER')(
user=user,
obj=obj,
conf=conf,
)
dispatcher_resp = handler.dispatch_message()
return Response(dispatcher_resp)
def test_get_ephemeral_token(active_user_with_email_otp):
client = TrenchAPIClient()
response = client.authenticate(user=active_user_with_email_otp)
assert response.status_code == HTTP_200_OK
assert (user_token_generator.check_token(
user=None,
token=client._extract_ephemeral_token_from_response(response=response),
) == active_user_with_email_otp)
def test_auth_token_first_step(active_user_with_email_otp):
client = TrenchAPIClient()
response = client.authenticate(user=active_user_with_email_otp,
path=client.PATH_AUTH_TOKEN_LOGIN)
assert response.status_code == HTTP_200_OK
assert (user_token_generator.check_token(
user=None,
token=client._extract_ephemeral_token_from_response(response)) ==
active_user_with_email_otp)
def validate(self, attrs):
token = attrs.get('token')
code = attrs.get('code')
self.user = user_token_generator.check_token(token)
if not self.user:
self.fail('invalid_token')
for auth_method in self.user.mfa_methods.filter(is_active=True):
if validate_code(code, auth_method):
return attrs
if code in auth_method.backup_codes.split(','):
auth_method.remove_backup_code(code)
return attrs
self.fail('invalid_code')
def validate(self, attrs):
ephemeral_token = attrs.get('ephemeral_token')
code = attrs.get('code')
self.user = user_token_generator.check_token(ephemeral_token)
if not self.user:
self.fail('invalid_token')
for auth_method in self.user.mfa_methods.filter(is_active=True):
validated_backup_code = validate_backup_code(
code,
auth_method.backup_codes,
)
if validate_code(code, auth_method):
return attrs
if validated_backup_code:
auth_method.remove_backup_code(validated_backup_code)
return attrs
self.fail('invalid_code')
def validate(self, attrs):
ephemeral_token = attrs.get('ephemeral_token')
self.user = user_token_generator.check_token(ephemeral_token)
if not self.user:
self.fail('invalid_token')
return attrs
def test_get_emphemeral_token(active_user_with_email_otp):
response = login(active_user_with_email_otp)
assert response.status_code == 200
assert user_token_generator.check_token(
response.data.get('ephemeral_token')) == active_user_with_email_otp
def execute(self, code: str, ephemeral_token: str) -> User:
user = user_token_generator.check_token(user=None, token=ephemeral_token)
if user is None:
raise InvalidTokenError()
self.is_authenticated(user_id=user.id, code=code)
return user
