django-pfx 1.4.dev36__tar.gz → 1.4.dev40__tar.gz

{django-pfx-1.4.dev36 → django_pfx-1.4.dev40}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: django-pfx
-Version: 1.4.dev36
+Version: 1.4.dev40
 Summary: Django PFX is a toolkit designed to streamline the development of RESTful APIs using the Django framework.
 Author: Hervé Martinet
 Author-email: herve.martinet@gmail.com

{django-pfx-1.4.dev36 → django_pfx-1.4.dev40}/django_pfx.egg-info/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: django-pfx
-Version: 1.4.dev36
+Version: 1.4.dev40
 Summary: Django PFX is a toolkit designed to streamline the development of RESTful APIs using the Django framework.
 Author: Hervé Martinet
 Author-email: herve.martinet@gmail.com

{django-pfx-1.4.dev36 → django_pfx-1.4.dev40}/doc/source/authentication.md

@@ -210,13 +210,13 @@ except that the login service returns a temporary JWT token valid only for the o
 
 ### Enable MFA OTP
 Services to enable the MFA with OTP.
-You have to call first the `activate` service to get the URI,
+You have to call first the `setup-uri` service to get the URI,
 encode it as a QR code and present it in the UI of your software.
 Then user then scans this QR code to add the OTP secret to his OTP App.
-Finally, the `confirm` service must be called with an OTP code retrieved
+Finally, the `enable` service must be called with an OTP code retrieved
 in the OTP App to confirm the activation.
 
-**Request :** `PUT` `/auth/otp/activate`
+**Request :** `GET` `/auth/otp/setup-uri`
 
 **Responses :**
 
@@ -227,7 +227,7 @@ in the OTP App to confirm the activation.
 |-----------|---------------------------------------|
 | setup_uri | the uri to enable the OTP application |
 
-**Request :** `PUT` `/auth/otp/confirm`
+**Request :** `PUT` `/auth/otp/enable`
 
 **Request body:**
 

{django-pfx-1.4.dev36 → django_pfx-1.4.dev40}/pfx/pfxcore/locale/fr/LC_MESSAGES/django.po

@@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: \n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2024-04-11 11:40+0200\n"
+"POT-Creation-Date: 2024-04-18 14:37+0200\n"
 "PO-Revision-Date: 2021-06-22 23:31+0200\n"
 "Last-Translator: \n"
 "Language-Team: \n"
@@ -79,22 +79,26 @@ msgstr "Login banni"
 msgid "Login bans"
 msgstr "Login bannis"
 
-#: models/otp_user_mixin.py:15
+#: models/otp_user_mixin.py:16
 msgid "OTP secret token"
 msgstr "Jeton secret OTP"
 
-#: models/otp_user_mixin.py:19
+#: models/otp_user_mixin.py:20
 msgid "Temporary OTP secret token"
 msgstr "Jeton secret OTP temporaire"
 
-#: models/otp_user_mixin.py:21
+#: models/otp_user_mixin.py:22
 msgid "HOTP count"
 msgstr "Compte HOTP"
 
-#: models/otp_user_mixin.py:23
+#: models/otp_user_mixin.py:24
 msgid "HOTP expiry"
 msgstr "Expiration HOTP"
 
+#: models/otp_user_mixin.py:29 views/authentication_views.py:489
+msgid "OTP enabled"
+msgstr "OTP activé"
+
 #: models/pfx_models.py:14
 #, python-format
 msgid "%(model_name)s with this %(field_labels)s already exists."
@@ -201,7 +205,7 @@ msgstr ""
 "Votre connexion est temporairement désactivée après plusieurs tentatives "
 "infructueuses, veuillez réessayer dans {seconds} secondes."
 
-#: views/authentication_views.py:243 views/authentication_views.py:404
+#: views/authentication_views.py:243 views/authentication_views.py:408
 msgid "password updated successfully"
 msgstr "le mot de passe a été mis à jour avec succès"
 
@@ -209,35 +213,31 @@ msgstr "le mot de passe a été mis à jour avec succès"
 msgid "Incorrect password"
 msgstr "Mot de passe incorrect"
 
-#: views/authentication_views.py:251 views/authentication_views.py:413
+#: views/authentication_views.py:251 views/authentication_views.py:417
 msgid "Empty password is not allowed"
 msgstr "Un mot de passe vide n’est pas autorisé"
 
-#: views/authentication_views.py:338
+#: views/authentication_views.py:342
 msgid "User and token are valid"
 msgstr "L'utilisateur et le token sont valides"
 
-#: views/authentication_views.py:340
+#: views/authentication_views.py:344
 msgid "User or token is invalid"
 msgstr "L'utilisateur ou le token est invalide"
 
-#: views/authentication_views.py:446
-msgid "OTP is already activated"
-msgstr "L'OTP est déjà activé"
-
-#: views/authentication_views.py:484
-msgid "OTP is activated"
-msgstr "L'OTP est activé"
+#: views/authentication_views.py:451
+msgid "OTP is already enabled"
+msgstr "OTP est déjà activé"
 
-#: views/authentication_views.py:485 views/authentication_views.py:519
-msgid "Invalid OTP code"
-msgstr "Code OTP invalide"
+#: views/authentication_views.py:490 views/authentication_views.py:524
+msgid "Invalid code"
+msgstr "Code invalide"
 
-#: views/authentication_views.py:518
-msgid "OTP is disabled"
-msgstr "L'OTP est désactivé"
+#: views/authentication_views.py:523
+msgid "OTP disabled"
+msgstr "OTP désactivé"
 
-#: views/authentication_views.py:778
+#: views/authentication_views.py:783
 msgid ""
 "If the email address you entered is correct, you will receive an email from "
 "us with instructions to reset your password."
@@ -246,7 +246,7 @@ msgstr ""
 "un courrier électronique de notre part contenant des instructions pour "
 "réinitialiser votre mot de passe."
 
-#: views/authentication_views.py:852
+#: views/authentication_views.py:857
 msgid "A new authentication code has been sent by email."
 msgstr "Un nouveau code d'authentification a été envoyé par e-mail."
 

{django-pfx-1.4.dev36 → django_pfx-1.4.dev40}/pfx/pfxcore/models/otp_user_mixin.py

@@ -4,6 +4,7 @@ from django.db import models
 from django.utils import timezone
 from django.utils.translation import gettext_lazy as _
 
+from pfx.pfxcore.decorator import rest_property
 from pfx.pfxcore.settings import settings
 
 
@@ -25,6 +26,10 @@ class OtpUserMixin(models.Model):
     class Meta:
         abstract = True
 
+    @rest_property(_("OTP enabled"), "BooleanField")
+    def is_otp(self):
+        return bool(self.otp_secret_token)
+
     def enable_otp(self):
         """Activate OTP for this user.
 

{django-pfx-1.4.dev36 → django_pfx-1.4.dev40}/pfx/pfxcore/views/authentication_views.py

@@ -281,11 +281,15 @@ class AuthenticationView(
         Can be overridden to customize result.
 
         :param user: The user"""
-        return {
+        info = {
             'username': user.get_username(),
             'first_name': user.first_name,
             'last_name': user.last_name,
-            'email': user.email}
+            'email': user.email
+        }
+        if isinstance(user, OtpUserMixin):
+            info.update(is_otp=user.is_otp)
+        return info
 
     @classmethod
     def get_user_information_schema(cls):
@@ -414,21 +418,22 @@ class AuthenticationView(
         raise UnauthorizedError()
 
     @method_decorator(never_cache)
-    @rest_api("/otp/activate", public=False, method="put", priority_doc=52)
-    def otp_activate(self, *args, **kwargs):
-        """Entrypoint for :code:`PUT /otp/activate` route.
+    @rest_api("/otp/setup-uri", public=False, method="get", priority_doc=52)
+    def otp_setup_uri(self, *args, **kwargs):
+        """Entrypoint for :code:`GET /otp/secret-key` route.
 
-        Activate the OTP authentication and return the setup URI.
+        Get the setup uri for the OTP authentication.
 
         :returns: The JSON response
         :rtype: :class:`JsonResponse`
         ---
         put:
-            summary: Activate OTP
-            description: A service to activate OTP authentication for
-                the user. Returns a setup URI to build a QR code. You
-                have to call the confirm service with a valid code to
-                fully activate OTP authentication.
+            summary: Get the activation url for the OTP authentication.
+            description: This service returns a setup URI to enable the OTP.
+                Your front-end application should provide this URI in the form
+                of a QR code so that the user can scan it with
+                an OTP application. You must then call the /confirm service
+                with a valid OTP code to activate OTP authentication.
             responses:
                 200:
                     content:
@@ -443,26 +448,26 @@ class AuthenticationView(
             raise NotFoundError()
         if self.request.user.otp_secret_token:
             return JsonResponse(
-                dict(message=_("OTP is already activated")), status=400)
+                dict(message=_("OTP is already enabled")), status=400)
         self.request.user.enable_otp()
         return JsonResponse(dict(
             setup_uri=self.request.user.get_otp_setup_uri(tmp=True)))
 
     @method_decorator(never_cache)
     @rest_api(
-        "/otp/confirm", public=False, method="put", priority_doc=53,
+        "/otp/enable", public=False, method="put", priority_doc=53,
         response_schema='message_schema')
-    def otp_confirm(self, *args, **kwargs):
-        """Entrypoint for :code:`PUT /otp/confirm` route.
+    def otp_enable(self, *args, **kwargs):
+        """Entrypoint for :code:`PUT /otp/enable` route.
 
-        Confirm the OTP authentification activation.
+        Enable the OTP authentication.
 
         :returns: The JSON response
         :rtype: :class:`JsonResponse`
         ---
         put:
-            summary: Confirm OTP
-            description: A service to confirm the OTP activation with a
+            summary: Enable OTP authentication
+            description: A service to enable the OTP authentication with a
                 valid OTP code.
             requestBody:
                 content:
@@ -481,15 +486,15 @@ class AuthenticationView(
             raise NotFoundError()
         data = self.deserialize_body()
         if self.request.user.confirm_otp(data.get('otp_code')):
-            return JsonResponse(dict(message=_("OTP is activated")))
-        return JsonResponse(dict(message=_("Invalid OTP code")), status=422)
+            return JsonResponse(dict(message=_("OTP enabled")))
+        return JsonResponse(dict(otp_code=[_("Invalid code")]), status=422)
 
     @method_decorator(never_cache)
     @rest_api("/otp/disable", public=False, method="put", priority_doc=54)
     def otp_disable(self, *args, **kwargs):
         """Entrypoint for :code:`PUT /otp/disable` route.
 
-        Disable the OTP authentification.
+        Disable the OTP authentication.
 
         :returns: The JSON response
         :rtype: :class:`JsonResponse`
@@ -515,8 +520,8 @@ class AuthenticationView(
         data = self.deserialize_body()
         if self.request.user.is_otp_valid(data.get('otp_code')):
             self.request.user.disable_otp()
-            return JsonResponse(dict(message=_("OTP is disabled")))
-        return JsonResponse(dict(message=_("Invalid OTP code")), status=422)
+            return JsonResponse(dict(message=_("OTP disabled")))
+        return JsonResponse(dict(otp_code=[_("Invalid code")]), status=422)
 
     @method_decorator(never_cache)
     @rest_api(

{django-pfx-1.4.dev36 → django_pfx-1.4.dev40}/tests/tests/test_auth_api.py

@@ -884,10 +884,11 @@ class AuthAPITest(TestAssertMixin, TransactionTestCase):
         self.assertRC(response, 200)
         self.client.token = self.get_val(response, 'token')
 
-    def test_otp_activate(self):
+    def test_otp_enable(self):
         self.client.login(username='jrr.tolkien', password='RIGHT PASSWORD')
 
-        response = self.client.put('/api/auth/otp/activate')
+        self.assertEqual(self.user1.is_otp, False)
+        response = self.client.get('/api/auth/otp/setup-uri')
         self.assertRC(response, 200)
         self.assertJIn(response, 'setup_uri', "otpauth://totp/")
         self.user1.refresh_from_db()
@@ -898,51 +899,54 @@ class AuthAPITest(TestAssertMixin, TransactionTestCase):
         secret_key = parse_qs(url.query)['secret'][0]
         totp = pyotp.totp.TOTP(secret_key)
 
-        response = self.client.put('/api/auth/otp/confirm', dict(
+        response = self.client.put('/api/auth/otp/enable', dict(
             otp_code=totp.now()))
         self.assertRC(response, 200)
-        self.assertJE(response, 'message', "OTP is activated")
+        self.assertJE(response, 'message', "OTP enabled")
         self.user1.refresh_from_db()
         self.assertEqual(len(self.user1.otp_secret_token), 32)
         self.assertIsNone(self.user1.otp_secret_token_tmp)
+        self.assertEqual(self.user1.is_otp, True)
 
-    def test_otp_activate_bad_code(self):
+    def test_otp_enable_bad_code(self):
         self.client.login(username='jrr.tolkien', password='RIGHT PASSWORD')
 
-        response = self.client.put('/api/auth/otp/activate')
+        response = self.client.get('/api/auth/otp/setup-uri')
         self.assertRC(response, 200)
         self.assertJIn(response, 'setup_uri', "otpauth://totp/")
         self.user1.refresh_from_db()
         self.assertIsNone(self.user1.otp_secret_token)
         self.assertEqual(len(self.user1.otp_secret_token_tmp), 32)
 
-        response = self.client.put('/api/auth/otp/confirm', dict(
+        response = self.client.put('/api/auth/otp/enable', dict(
             otp_code='-'))
         self.assertRC(response, 422)
-        self.assertJE(response, 'message', "Invalid OTP code")
+        self.assertJE(response, 'otp_code.@0', "Invalid code")
         self.user1.refresh_from_db()
         self.assertIsNone(self.user1.otp_secret_token)
         self.assertEqual(len(self.user1.otp_secret_token_tmp), 32)
 
-    def test_otp_activate_already_activated(self):
+    def test_otp_setup_uri_already_activated(self):
         self.enable_otp(self.user1)
 
         self.otp_login(self.user1, 'RIGHT PASSWORD')
-        response = self.client.put('/api/auth/otp/activate')
+        response = self.client.get('/api/auth/otp/setup-uri')
         self.assertRC(response, 400)
-        self.assertJE(response, 'message', "OTP is already activated")
+        self.assertJE(response, 'message', "OTP is already enabled")
 
     def test_otp_disable(self):
         totp = self.enable_otp(self.user1)
 
+        self.assertEqual(self.user1.is_otp, True)
         self.otp_login(self.user1, 'RIGHT PASSWORD')
         response = self.client.put('/api/auth/otp/disable', dict(
             otp_code=totp.now()))
         self.assertRC(response, 200)
-        self.assertJE(response, 'message', "OTP is disabled")
+        self.assertJE(response, 'message', "OTP disabled")
         self.user1.refresh_from_db()
         self.assertIsNone(self.user1.otp_secret_token)
         self.assertIsNone(self.user1.otp_secret_token_tmp)
+        self.assertEqual(self.user1.is_otp, False)
 
     @override_settings(
         PFX_HOTP_CODE_VALIDITY=15,
@@ -967,7 +971,7 @@ class AuthAPITest(TestAssertMixin, TransactionTestCase):
             response = self.client.put('/api/auth/otp/disable', dict(
                 otp_code=otp_code))
             self.assertRC(response, 200)
-            self.assertJE(response, 'message', "OTP is disabled")
+            self.assertJE(response, 'message', "OTP disabled")
             self.user1.refresh_from_db()
             self.assertIsNone(self.user1.otp_secret_token)
             self.assertIsNone(self.user1.otp_secret_token_tmp)
@@ -979,7 +983,7 @@ class AuthAPITest(TestAssertMixin, TransactionTestCase):
         response = self.client.put('/api/auth/otp/disable', dict(
             otp_code='-'))
         self.assertRC(response, 422)
-        self.assertJE(response, 'message', "Invalid OTP code")
+        self.assertJE(response, 'otp_code.@0', "Invalid code")
         self.user1.refresh_from_db()
         self.assertEqual(len(self.user1.otp_secret_token), 32)
         self.assertIsNone(self.user1.otp_secret_token_tmp)
@@ -1012,6 +1016,7 @@ class AuthAPITest(TestAssertMixin, TransactionTestCase):
                 token=token,
                 otp_code=totp.now()))
             self.assertRC(response, 200)
+            self.assertJE(response, 'user.is_otp', True)
             headers = jwt.get_unverified_header(token)
             self.assertEqual(headers['pfx_user_pk'], self.user1.pk)
             decoded = jwt.decode(

{django-pfx-1.4.dev36 → django_pfx-1.4.dev40}/tests/tests/test_shortcuts.py

@@ -39,7 +39,7 @@ class ShortcutTest(TestAssertMixin, TestCase):
     def test_get_pk(self):
         author = dict(
             pk=122,
-            ressource_name='John Ronald Reuel Tolkien')
+            resource_name='John Ronald Reuel Tolkien')
         pk = get_pk(122)
         self.assertEqual(pk, 122)
         pk = get_pk(author)