Development

README.md

@@ -7,7 +7,7 @@ NB. Alpha version. Deep refactoring will be completed soon.
 [![pypi version](https://img.shields.io/pypi/v/django-multifactorr-authentication.svg)](https://pypi.org/project/django-multifactor-authentication/)
 
 
-Flexible authentication for web, mobile, desktop and hybrid apps. It can be used for 1fa, 2fa and mfa cases. Easily configurable and extendable with new authentication methods or services. Authenticaton scenarios, called `flows`, based on the next `identifiers` and `secrets`, which can be used or not used in multiple combinations:
+Flexible authentication for web, mobile, desktop and hybrid apps. It can be used for 1fa, 2fa and mfa cases. Easily configurable and extendable with new authentication methods or services. Authenticaton scenarios, called `flows`, are based on `identifiers` and `secrets`, which can be used or not used in multiple combinations:
 - username, email, phone, ...
 - password, passcode (one-time pass or token), hardcode (device or card id), ...
 
@@ -31,18 +31,18 @@ Base settings (required):
 AUTH_USER_MODEL = 'multauth.User'
 AUTHENTICATION_BACKENDS = (
  'multauth.backends.ModelBackend',
- # ...other backends
+ # ...etc
 )
 
 MULTAUTH_DEBUG = True # False by default
 MULTAUTH_PASSCODE_LENGTH = 6 # size in digits
 MULTAUTH_PASSCODE_EXPIRY = 3600 * 24 * 3 # time in seconds
 
-
 MULTAUTH_FLOWS = (
- ('phone', 'hardcode', 'passcode',),
- ('email', 'password', 'passcode',),
- ('username', 'password',),
+ ('phone', 'hardcode', 'passcode',),
+ ('email', 'password', 'passcode',),
+ ('username', 'password',),
+ # ...etc
 )
 
 ```

multauth/api/auth/serializers.py

@@ -1,9 +1,11 @@
 from django.contrib.auth import authenticate
-from django.utils.translation import ugettext_lazy as _
+from django.utils.translation import gettext_lazy as _
 from django.contrib.auth import get_user_model
 
 from rest_framework import exceptions, serializers
 
+UserModel = get_user_model()
+
 
 __all__ = (
  'SigninSerializer',
@@ -15,117 +17,104 @@
  'TokenSerializer',
 )
 
+IDENTIFIERS = list(UserModel.IDENTIFIERS)
+SECRETS = list(UserModel.SECRETS)
 
 class TokenSerializer(serializers.Serializer):
  token = serializers.CharField(read_only=True)
  # RESERVED # expired_datetime = serializers.DateTimeField(read_only=True) # could be timestamp
 
 
-class SigninSerializer(serializers.ModelSerializer):
- token = serializers.CharField(required=False) # aka one-time-passcode
+class SignupSerializer(serializers.ModelSerializer):
+ """
+ For write (POST...) requests only
+ """
+ hardcode = serializers.CharField(required=False)
+ passcode = serializers.CharField(required=False) # useless?
 
  class Meta:
- model = get_user_model()
- identifiers_fields = [x for x in model.IDENTIFIERS]
- secrets_fields = [x for x in model.SECRETS]
-
- fields = tuple(identifiers_fields + secrets_fields + [
- 'token'
- ])
+ model = UserModel
+ fields = tuple([]
+ + ['first_name', 'last_name']
+ + IDENTIFIERS
+ + SECRETS
+ )
 
+ # experimental
  extra_kwargs = dict([]
- + [(x, {'required': False, 'validators': None}) for x in identifiers_fields]
- + [(x, {'required': False}) for x in secrets_fields]
+ + [(x, {'required': False}) for x in IDENTIFIERS] # 'validators': None
+ + [(x, {'required': False}) for x in SECRETS]
  )
 
- # # TODO refactor and add to validate()
- # # the requirements would be: indentifier and at "first" secret are required
- # @classmethod
- # def validate(cls, required_only=True, **fields):
- # # TEMP
- # return
-
- # # TODO: move it to ModelBackend !
- # # TODO: temp
- # required_credentials = list(cls.IDENTIFIERS) + list(cls.SECRETS)
- # # RESERVED
- # # required_credentials = \
- # # cls.get_required_credentials() if required_only else cls._credentials
-
- # # at least one "pair" of credentials should be present
- # if not [
- # credentials for credentials in required_credentials
- # if reduce(lambda b, x: fields.get(x) and b, credentials, True)
- # ]:
- # msg = _('Invalid user credentials. Must include ' + ' or '.join('"' + '/'.join(x) + '"' for x in required_credentials))
- # raise ValueError(msg)
  def validate(self, data):
  model = self.Meta.model
 
- try:
- model.validate(required_only=False, **data) # experimental
- except ValueError as e:
- raise exceptions.ValidationError(str(e))
-
- user = authenticate(**data)
-
- if user:
- if not user.is_active:
- msg = _('User account is disabled.')
- raise exceptions.ValidationError(msg)
- else:
- msg = _('Unable to log in with provided credentials.')
+ # check identifiers
+ data_identifiers = [x for x in data if x in IDENTIFIERS and data.get(x, None)]
+ if not data_identifiers:
+ msg = _('Invalid user credentials. No valid identifier found')
  raise exceptions.ValidationError(msg)
 
- data['user'] = user
  return super().validate(data)
 
 
-class SignupSerializer(serializers.ModelSerializer):
- """
- For write (POST...) requests only
- """
+class SignupVerificationSerializer(serializers.ModelSerializer):
+
  class Meta:
- model = get_user_model()
- credentials_fields = list(model.IDENTIFIERS) + list(model.SECRETS)
+ model = UserModel
+ fields = model.IDENTIFIERS
 
- fields = tuple(credentials_fields + [
- 'first_name', 'last_name',
- ])
 
- extra_kwargs = dict(
- (x, {'required': False}) for x in credentials_fields
- )
+class SignupVerificationUserSerializer(serializers.ModelSerializer):
 
- def validate(self, data):
- model = self.Meta.model
+ class Meta:
+ model = UserModel
 
- try:
- model.validate(**data) # experimental
- except ValueError as e:
- raise exceptions.ValidationError(str(e))
+ confirmation_fields = ['is_' + x + '_confirmed' for x in model.IDENTIFIERS] # why not
+ fields = tuple([]
+ + list(model.IDENTIFIERS)
+ + [x for x in confirmation_fields if hasattr(UserModel, x)] # only that way :/
+ + ['is_active']
+ )
 
- return super().validate(data)
 
+signin_serializer_fields = dict([
+ [x, serializers.ModelField(model_field=UserModel()._meta.get_field(x), required=False)]
+ for x in (IDENTIFIERS + SECRETS) if hasattr(UserModel, x)
+])
 
-class SignupVerificationSerializer(serializers.ModelSerializer):
 
- class Meta:
- model = get_user_model()
- identifiers_fields = [x for x in model.IDENTIFIERS]
+def signin_serializer_validate(self, data):
+ # model = self.Meta.model
 
- fields = tuple(identifiers_fields + [
- # pass
- ])
+ # check identifiers
+ data_identifiers = [x for x in data if x in IDENTIFIERS and data.get(x, None)]
+ if not data_identifiers:
+ msg = _('Invalid user credentials. No valid identifier found')
+ raise exceptions.ValidationError(msg)
 
+ user = authenticate(**data)
 
-class SignupVerificationUserSerializer(serializers.ModelSerializer):
+ if user:
+ if not user.is_active:
+ msg = _('User account is disabled.')
+ raise exceptions.ValidationError(msg)
+ else:
+ msg = _('Unable to log in with provided credentials.')
+ raise exceptions.ValidationError(msg)
 
- class Meta:
- model = get_user_model()
- identifiers_fields = [x for x in model.IDENTIFIERS]
- extra_fields = [f.name for f in model._meta.get_fields() if f.name.endswith('verified')] # tricky
+ data['user'] = user
+ return super(SigninSerializer, self).validate(data)
 
- fields = tuple(identifiers_fields + extra_fields + [
- 'is_active',
- ])
+
+SigninSerializer = type(
+ 'SigninSerializer',
+ (serializers.Serializer,),
+ {
+ # reserved # '__module__': 'multauth.api.auth',
+ 'validate': signin_serializer_validate,
+ 'hardcode': serializers.CharField(required=False),
+ 'passcode': serializers.CharField(required=False),
+ **signin_serializer_fields,
+ }
+)

multauth/api/auth/views.py

@@ -1,6 +1,6 @@
 from django.db import transaction
 from django.contrib.auth import get_user_model
-from django.utils.translation import ugettext_lazy as _
+from django.utils.translation import gettext_lazy as _
 
 from rest_framework import exceptions, parsers, views, status
 from rest_framework.permissions import AllowAny, IsAuthenticated
@@ -70,26 +70,8 @@ def post(self, request):
  data = request.data
  serializer = self.serializer_class(data=data)
 
- try:
- serializer.is_valid(raise_exception=True)
- validated_data = serializer.validated_data
-
- # TODO: refactor
- # send confirmation code if user exists
- except Exception as e:
- if hasattr(e, 'get_full_details'):
- errors = e.get_full_details().get('phone')
-
- if errors:
- code = errors.pop()['code']
-
- if code == 'unique':
- user = get_user_model().objects.get(phone=data.get('phone'))
-
- if user.check_passcode(data.get('passcode')):
- user.verify_phone(request)
-
- raise e
+ serializer.is_valid(raise_exception=True)
+ validated_data = serializer.validated_data
 
  # create user
  user = get_user_model().objects.create_user(**validated_data)
@@ -103,6 +85,8 @@ def post(self, request):
  #
  # user.groups_add(user.GROUP_CUSTOM_USER)
 
+ # send verification request
+ # to all the unverified devices
  user.verify(request)
 
  # let's (re)create token
@@ -132,6 +116,7 @@ class SignupVerificationView(views.APIView):
  def post(self, request):
  user = request.user
 
+ # TODO: should it be called for specific devices?
  user.verify(request)
 
  serializer = serializers.SignupVerificationUserSerializer(user)

multauth/api/authentication.py

@@ -1,4 +1,4 @@
-from django.utils.translation import ugettext_lazy as _
+from django.utils.translation import gettext_lazy as _
 
 from rest_framework import authentication
 from rest_framework import exceptions

multauth/api/devices/email/auth/serializers.py

@@ -1,5 +1,5 @@
 from django.contrib.auth import authenticate
-from django.utils.translation import ugettext_lazy as _
+from django.utils.translation import gettext_lazy as _
 from django.contrib.auth import get_user_model
 
 from rest_framework import exceptions, serializers

multauth/api/devices/email/auth/views.py

@@ -1,5 +1,5 @@
 from django.db import transaction
-from django.utils.translation import ugettext_lazy as _
+from django.utils.translation import gettext_lazy as _
 
 from rest_framework import exceptions, parsers, views, status
 from rest_framework.permissions import AllowAny, IsAuthenticated

multauth/api/devices/email/me/serializers.py

@@ -1,4 +1,4 @@
-from django.utils.translation import ugettext_lazy as _
+from django.utils.translation import gettext_lazy as _
 
 from rest_framework import exceptions, serializers
 

multauth/api/devices/email/me/views.py

@@ -1,5 +1,5 @@
 from django.db import transaction
-from django.utils.translation import ugettext_lazy as _
+from django.utils.translation import gettext_lazy as _
 
 from rest_framework import exceptions, parsers, views, status
 from rest_framework.permissions import IsAuthenticated

multauth/api/devices/phone/auth/serializers.py

@@ -1,5 +1,5 @@
 from django.contrib.auth import authenticate
-from django.utils.translation import ugettext_lazy as _
+from django.utils.translation import gettext_lazy as _
 
 from rest_framework import exceptions, serializers
 

multauth/api/devices/phone/auth/views.py

@@ -1,5 +1,5 @@
 from django.db import transaction
-from django.utils.translation import ugettext_lazy as _
+from django.utils.translation import gettext_lazy as _
 
 from rest_framework import exceptions, parsers, views, status
 from rest_framework.permissions import AllowAny, IsAuthenticated

multauth/api/devices/phone/me/serializers.py

@@ -1,4 +1,4 @@
-from django.utils.translation import ugettext_lazy as _
+from django.utils.translation import gettext_lazy as _
 
 from rest_framework import exceptions, serializers
 

multauth/api/devices/phone/me/views.py

@@ -1,5 +1,5 @@
 from django.db import transaction
-from django.utils.translation import ugettext_lazy as _
+from django.utils.translation import gettext_lazy as _
 
 from rest_framework import exceptions, parsers, views, status
 from rest_framework.permissions import IsAuthenticated

multauth/api/me/serializers.py

@@ -1,8 +1,10 @@
-from django.utils.translation import ugettext_lazy as _
+from django.utils.translation import gettext_lazy as _
 from django.contrib.auth import get_user_model
 
 from rest_framework import exceptions, serializers
 
+UserModel = get_user_model()
+
 
 __all__ = (
  'UserSerializer',
@@ -20,7 +22,7 @@ class UserSerializer(serializers.ModelSerializer):
  # RESERVED # is_phone_pushcoded = serializers.SerializerMethodField()
 
  class Meta:
- model = get_user_model()
+ model = UserModel
  fields = (
  'id',
  'first_name', 'last_name',

multauth/api/me/views.py

@@ -1,5 +1,5 @@
 from django.db import transaction
-from django.utils.translation import ugettext_lazy as _
+from django.utils.translation import gettext_lazy as _
 
 from rest_framework import exceptions, parsers, views, status
 from rest_framework.permissions import IsAuthenticated

multauth/backends.py

@@ -73,7 +73,7 @@ def authenticate(self, request, **kwargs):
  except UserModel.DoesNotExist:
  # Run the default password hasher once to reduce the timing
  # difference between an existing and a nonexistent user (#20760).
- UserModel().set_password(password)
+ UserModel().set_password(None)
  else:
  if self.user_can_authenticate(user):
  flow_secrets = [x for x in flow if x in UserModel.SECRETS]

multauth/devices/_chip.py

@@ -1,7 +1,7 @@
 from django.db import models
 from django.template.loader import get_template
 from django.template import TemplateDoesNotExist, TemplateSyntaxError
-from django.utils.translation import ugettext_lazy as _
+from django.utils.translation import gettext_lazy as _
 from django.conf import settings
 
 from .abstract import AbstractDevice, AbstractUserMixin

multauth/devices/email.py

@@ -6,7 +6,7 @@
 from django.contrib.sites.shortcuts import get_current_site
 from django.template.loader import get_template
 from django.template import TemplateDoesNotExist, TemplateSyntaxError
-from django.utils.translation import ugettext_lazy as _
+from django.utils.translation import gettext_lazy as _
 from django.conf import settings
 
 from django_otp.util import random_hex