Login: add an action indicator to know the user signed a login request.

master
Tom Hacohen 4 years ago
parent d1017aac76
commit 54268ac027

@ -416,6 +416,7 @@ class AuthenticationLoginSerializer(serializers.Serializer):
class AuthenticationLoginInnerSerializer(AuthenticationLoginChallengeSerializer): class AuthenticationLoginInnerSerializer(AuthenticationLoginChallengeSerializer):
challenge = BinaryBase64Field() challenge = BinaryBase64Field()
host = serializers.CharField() host = serializers.CharField()
action = serializers.CharField()
def create(self, validated_data): def create(self, validated_data):
raise NotImplementedError() raise NotImplementedError()

@ -607,6 +607,7 @@ class AuthenticationViewSet(viewsets.ViewSet):
user = self.get_login_user(username) user = self.get_login_user(username)
host = serializer.validated_data['host'] host = serializer.validated_data['host']
challenge = serializer.validated_data['challenge'] challenge = serializer.validated_data['challenge']
action = serializer.validated_data['action']
salt = bytes(user.userinfo.salt) salt = bytes(user.userinfo.salt)
enc_key = self.get_encryption_key(salt) enc_key = self.get_encryption_key(salt)
@ -614,7 +615,10 @@ class AuthenticationViewSet(viewsets.ViewSet):
challenge_data = json.loads(box.decrypt(challenge).decode()) challenge_data = json.loads(box.decrypt(challenge).decode())
now = int(datetime.now().timestamp()) now = int(datetime.now().timestamp())
if now - challenge_data['timestamp'] > app_settings.CHALLENGE_VALID_SECONDS: if action != "login":
content = {'code': 'wrong_action', 'detail': 'Expected "login" but got something else'}
return Response(content, status=status.HTTP_400_BAD_REQUEST)
elif now - challenge_data['timestamp'] > app_settings.CHALLENGE_VALID_SECONDS:
content = {'code': 'challenge_expired', 'detail': 'Login challange has expired'} content = {'code': 'challenge_expired', 'detail': 'Login challange has expired'}
return Response(content, status=status.HTTP_400_BAD_REQUEST) return Response(content, status=status.HTTP_400_BAD_REQUEST)
elif challenge_data['userId'] != user.id: elif challenge_data['userId'] != user.id:

Loading…
Cancel
Save