├── src
    └── otp_yubikey
    │   ├── __init__.py
    │   ├── migrations
    │       ├── __init__.py
    │       ├── 0002_auto_20200723_1650.py
    │       └── 0001_initial.py
    │   ├── apps.py
    │   ├── admin.py
    │   ├── tests.py
    │   └── models.py
├── test
    └── test_project
    │   ├── __init__.py
    │   ├── templates
    │       └── registration
    │       │   └── logged_out.html
    │   ├── urls.py
    │   └── settings.py
├── .coveragerc
├── docs
    ├── source
    │   ├── changes.rst
    │   ├── .spell.utf-8.add
    │   ├── index.rst
    │   └── conf.py
    ├── ext
    │   └── otpdocs.py
    └── Makefile
├── .gitignore
├── .flake8
├── .readthedocs.yaml
├── .hgignore
├── .bumpversion.cfg
├── .github
    └── workflows
    │   └── test.yaml
├── LICENSE
├── README.rst
├── pyproject.toml
└── CHANGES.rst


/src/otp_yubikey/__init__.py:
--------------------------------------------------------------------------------
1 | 


--------------------------------------------------------------------------------
/test/test_project/__init__.py:
--------------------------------------------------------------------------------
1 | 


--------------------------------------------------------------------------------
/src/otp_yubikey/migrations/__init__.py:
--------------------------------------------------------------------------------
1 | 


--------------------------------------------------------------------------------
/.coveragerc:
--------------------------------------------------------------------------------
1 | [run]
2 | source = otp_yubikey


--------------------------------------------------------------------------------
/test/test_project/templates/registration/logged_out.html:
--------------------------------------------------------------------------------
1 | 


--------------------------------------------------------------------------------
/docs/source/changes.rst:
--------------------------------------------------------------------------------
1 | Change Log
2 | ==========
3 | 
4 | .. include:: ../../CHANGES.rst
5 | 


--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
 1 | # Python
 2 | __pycache__/
 3 | 
 4 | # setuptools
 5 | /MANIFEST
 6 | /build/
 7 | /dist/
 8 | /docs/build/
 9 | *.egg-info/
10 | 
11 | # Other tools
12 | /.coverage
13 | /.tox/
14 | 


--------------------------------------------------------------------------------
/src/otp_yubikey/apps.py:
--------------------------------------------------------------------------------
1 | from django.apps import AppConfig
2 | 
3 | 
4 | class DefaultConfig(AppConfig):
5 |     name = 'otp_yubikey'
6 |     default_auto_field = 'django.db.models.AutoField'
7 | 


--------------------------------------------------------------------------------
/.flake8:
--------------------------------------------------------------------------------
1 | [flake8]
2 | ignore =
3 |        # line break before binary operator
4 |        W503
5 |        # line break after binary operator
6 |        W504
7 |        # line too long
8 |        E501
9 | 


--------------------------------------------------------------------------------
/.readthedocs.yaml:
--------------------------------------------------------------------------------
 1 | version: 2
 2 | 
 3 | build:
 4 |   os: ubuntu-22.04
 5 |   tools:
 6 |     python: '3.12'
 7 | 
 8 | sphinx:
 9 |   configuration: docs/source/conf.py
10 | 
11 | python:
12 |   install:
13 |     - method: pip
14 |       path: .
15 | 


--------------------------------------------------------------------------------
/.hgignore:
--------------------------------------------------------------------------------
1 | # Don't remove this file.
2 | #
3 | # When hatch builds an sdist, it includes any .gitignore and .hgignore it can
4 | # find here or in parent directories. To avoid information leakage, this file
5 | # masks any .hgignore one might have in their home directory.
6 | 


--------------------------------------------------------------------------------
/docs/ext/otpdocs.py:
--------------------------------------------------------------------------------
 1 | """
 2 | Extra stuff for the django-otp Sphinx docs.
 3 | """
 4 | 
 5 | def setup(app):
 6 |     app.add_crossref_type(
 7 |         directivename = "setting",
 8 |         rolename      = "setting",
 9 |         indextemplate = "pair: %s; setting",
10 |     )
11 | 


--------------------------------------------------------------------------------
/test/test_project/urls.py:
--------------------------------------------------------------------------------
 1 | from django.contrib import admin
 2 | import django.contrib.auth.views
 3 | from django.urls import path
 4 | 
 5 | 
 6 | urlpatterns = [
 7 |     path('login/', django.contrib.auth.views.LoginView.as_view()),
 8 |     path('logout/', django.contrib.auth.views.LogoutView.as_view()),
 9 |     path('admin/', admin.site.urls),
10 | ]
11 | 


--------------------------------------------------------------------------------
/docs/source/.spell.utf-8.add:
--------------------------------------------------------------------------------
 1 | django
 2 | otp
 3 | yubikey
 4 | README
 5 | #emoteYubikeDevice
 6 | YubikeyDevice
 7 | RemoteYubikeyDevice
 8 | API
 9 | Yubico
10 | Yubico's
11 | APIs
12 | SL
13 | google
14 | php
15 | wiki
16 | ValidationProtocolV20
17 | p
18 | urllib2
19 | HTTPS
20 | urls
21 | #emoteYubiKeyDevice
22 | ValidationService
23 | YubiKeys
24 | admin
25 | YubikeyDeviceAdmin
26 | RemoteYubikeyDeviceAdmin
27 | ValidationServiceAdmin
28 | contrib
29 | ModelAdmin
30 | 


--------------------------------------------------------------------------------
/.bumpversion.cfg:
--------------------------------------------------------------------------------
 1 | [bumpversion]
 2 | current_version = 1.1.0
 3 | commit = true
 4 | message = Version {new_version}
 5 | tag = true
 6 | 
 7 | [bumpversion:file:CHANGES.rst]
 8 | search = Unreleased
 9 | replace = v{new_version} - {now:%B %d, %Y}
10 | 
11 | [bumpversion:file:pyproject.toml]
12 | search = version = "{current_version}"
13 | replace = version = "{new_version}"
14 | 
15 | [bumpversion:file:docs/source/conf.py]
16 | search = release = '{current_version}'
17 | replace = release = '{new_version}'
18 | 


--------------------------------------------------------------------------------
/src/otp_yubikey/migrations/0002_auto_20200723_1650.py:
--------------------------------------------------------------------------------
 1 | # Generated by Django 2.2.14 on 2020-07-23 16:50
 2 | 
 3 | from django.db import migrations, models
 4 | 
 5 | 
 6 | class Migration(migrations.Migration):
 7 | 
 8 |     dependencies = [
 9 |         ('otp_yubikey', '0001_initial'),
10 |     ]
11 | 
12 |     operations = [
13 |         migrations.AlterField(
14 |             model_name='validationservice',
15 |             name='use_ssl',
16 |             field=models.BooleanField(default=True, help_text='Use HTTPS API URLs by default?', verbose_name='Use SSL'),
17 |         ),
18 |     ]
19 | 


--------------------------------------------------------------------------------
/.github/workflows/test.yaml:
--------------------------------------------------------------------------------
 1 | name: Run tests
 2 | 
 3 | on:
 4 |   pull_request:
 5 |     branches: [ master ]
 6 | 
 7 | jobs:
 8 |   test:
 9 |     runs-on: ubuntu-latest
10 |     steps:
11 |       - uses: actions/checkout@v3
12 | 
13 |       - uses: actions/setup-python@v4
14 |         with:
15 |           python-version: |
16 |             3.9
17 |             3.11
18 |             3.13
19 | 
20 |       - name: Install hatch
21 |         run: pipx install hatch
22 | 
23 |       - name: Run tests
24 |         run: hatch run test:run
25 | 
26 |       - name: Build docs
27 |         run: hatch run docs:make
28 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 | This is free and unencumbered software released into the public domain.
 2 | 
 3 | Anyone is free to copy, modify, publish, use, compile, sell, or distribute this
 4 | software, either in source code form or as a compiled binary, for any purpose,
 5 | commercial or non-commercial, and by any means.
 6 | 
 7 | In jurisdictions that recognize copyright laws, the author or authors of this
 8 | software dedicate any and all copyright interest in the software to the public
 9 | domain. We make this dedication for the benefit of the public at large and to
10 | the detriment of our heirs and successors. We intend this dedication to be an
11 | overt act of relinquishment in perpetuity of all present and future rights to
12 | this software under copyright law.
13 | 
14 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
15 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
17 | AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
18 | ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
19 | WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
20 | 
21 | For more information, please refer to <https://unlicense.org/>
22 | 


--------------------------------------------------------------------------------
/docs/source/index.rst:
--------------------------------------------------------------------------------
 1 | django-otp-yubikey
 2 | ==================
 3 | 
 4 | .. include:: ../../README.rst
 5 |    :end-before: .. end-of-doc-intro
 6 | 
 7 | 
 8 | Installation
 9 | ------------
10 | 
11 | Add otp_yubikey to INSTALLED_APPS after django_otp core::
12 | 
13 |     INSTALLED_APPS = [
14 |         ...
15 |         'django_otp',
16 |         'django_otp.plugins.otp_totp',
17 |         'django_otp.plugins.otp_hotp',
18 |         'django_otp.plugins.otp_static',
19 | 
20 |         'otp_yubikey',
21 |     ]
22 | 
23 | 
24 | Local Verification
25 | ------------------
26 | 
27 | .. autoclass:: otp_yubikey.models.YubikeyDevice
28 |    :members:
29 | 
30 | 
31 | Remote Verification
32 | -------------------
33 | 
34 | .. autoclass:: otp_yubikey.models.ValidationService
35 |    :members:
36 | 
37 | .. autoclass:: otp_yubikey.models.RemoteYubikeyDevice
38 |    :members:
39 | 
40 | 
41 | Admin
42 | -----
43 | 
44 | The following :class:`~django.contrib.admin.ModelAdmin` subclasses are
45 | registered with the default admin site. We recommend their use with custom admin
46 | sites as well:
47 | 
48 | .. autoclass:: otp_yubikey.admin.YubikeyDeviceAdmin
49 | 
50 | .. autoclass:: otp_yubikey.admin.ValidationServiceAdmin
51 | 
52 | .. autoclass:: otp_yubikey.admin.RemoteYubikeyDeviceAdmin
53 | 
54 | 
55 | Changes
56 | -------
57 | 
58 | :doc:`changes`
59 | 
60 | 
61 | License
62 | =======
63 | 
64 | .. include:: ../../LICENSE
65 | 


--------------------------------------------------------------------------------
/test/test_project/settings.py:
--------------------------------------------------------------------------------
 1 | # django-otp-yubikey test project
 2 | 
 3 | from os.path import abspath, dirname, join
 4 | 
 5 | 
 6 | def project_path(path):
 7 |     return abspath(join(dirname(__file__), path))
 8 | 
 9 | 
10 | DEBUG = True
11 | 
12 | DATABASES = {
13 |     'default': {
14 |         'ENGINE': 'django.db.backends.sqlite3',
15 |         'NAME': ':memory:',
16 |     }
17 | }
18 | 
19 | DEFAULT_AUTO_FIELD = 'django.db.models.AutoField'
20 | 
21 | INSTALLED_APPS = [
22 |     'django.contrib.admin',
23 |     'django.contrib.auth',
24 |     'django.contrib.contenttypes',
25 |     'django.contrib.sessions',
26 |     'django.contrib.messages',
27 | 
28 |     'django_otp',
29 |     'otp_yubikey',
30 | ]
31 | 
32 | MIDDLEWARE = [
33 |     'django.middleware.security.SecurityMiddleware',
34 |     'django.contrib.sessions.middleware.SessionMiddleware',
35 |     'django.middleware.common.CommonMiddleware',
36 |     'django.middleware.csrf.CsrfViewMiddleware',
37 |     'django.contrib.auth.middleware.AuthenticationMiddleware',
38 |     'django_agent_trust.middleware.AgentMiddleware',
39 |     'django_otp.middleware.OTPMiddleware',
40 |     'django.contrib.messages.middleware.MessageMiddleware',
41 |     'django.middleware.clickjacking.XFrameOptionsMiddleware',
42 | ]
43 | 
44 | TEMPLATES = [
45 |     {
46 |         'BACKEND': 'django.template.backends.django.DjangoTemplates',
47 |         'APP_DIRS': True,
48 |         'DIRS': [
49 |             project_path('templates'),
50 |         ],
51 |         'OPTIONS': {
52 |             'context_processors': [
53 |                 'django.template.context_processors.debug',
54 |                 'django.template.context_processors.request',
55 |                 'django.contrib.auth.context_processors.auth',
56 |                 'django.contrib.messages.context_processors.messages',
57 |             ],
58 |         },
59 |     },
60 | ]
61 | 
62 | SECRET_KEY = 'PWuluw4x48GkT7JDPzlDQsBJC8pjIIiqodW9MuMYcU315YEkGJL41i5qooJsg3Tt'
63 | 
64 | ROOT_URLCONF = 'test_project.urls'
65 | 
66 | USE_TZ = True
67 | 


--------------------------------------------------------------------------------
/README.rst:
--------------------------------------------------------------------------------
 1 | .. image:: https://img.shields.io/pypi/v/django-otp-yubikey?color=blue
 2 |    :target: https://pypi.org/project/django-otp-yubikey/
 3 |    :alt: PyPI
 4 | .. image:: https://img.shields.io/readthedocs/django-otp-yubikey
 5 |    :target: https://django-otp-yubikey.readthedocs.io/
 6 |    :alt: Documentation
 7 | .. image:: https://img.shields.io/badge/github-django--agent--trust-green
 8 |    :target: https://github.com/django-otp/django-otp-yubikey
 9 |    :alt: Source
10 | 
11 | This is a django-otp plugin that handles `YubiKey
12 | <https://www.yubico.com/yubikey>`_ devices using the Yubico OTP algorithm. This
13 | includes two device definitions: one to verify YubiKey tokens locally and
14 | another to verify them against a `web service
15 | <https://www.yubico.com/yubicloud>`_.
16 | 
17 | See `django-otp <https://pypi.org/project/django-otp>`_ for more information on
18 | the OTP framework.
19 | 
20 | .. end-of-doc-intro
21 | 
22 | 
23 | Development
24 | -----------
25 | 
26 | This project is built and managed with `hatch`_. If you don't have hatch, I
27 | recommend installing it with `pipx`_: ``pipx install hatch``.
28 | 
29 | ``pyproject.toml`` defines several useful scripts for development and testing.
30 | The default environment includes all dev and test dependencies for quickly
31 | running tests. The ``test`` environment defines the test matrix for running the
32 | full validation suite. Everything is executed in the context of the Django
33 | project in test/test\_project.
34 | 
35 | As a quick primer, hatch scripts can be run with ``hatch run [<env>:]<script>``.
36 | To run linters and tests in the default environment, just run
37 | ``hatch run check``. This should run tests with your default Python version and
38 | the latest Django. Other scripts include:
39 | 
40 | * **manage**: Run a management command via the test project. This can be used to
41 |   generate migrations.
42 | * **lint**: Run all linters.
43 | * **fix**: Run all fixers to address linting issues. This may not fix every
44 |   issue reported by lint.
45 | * **test**: Run all tests.
46 | * **check**: Run linters and tests.
47 | * **warn**: Run tests with all warnings enabled. This is especially useful for
48 |   seeing deprecation warnings in new versions of Django.
49 | * **cov**: Run tests and print a code coverage report.
50 | 
51 | To run the full test matrix, run ``hatch run test:run``. You will need multiple
52 | specific Python versions installed for this.
53 | 
54 | You can clean up the hatch environments with ``hatch env prune``, for example to
55 | force dependency updates.
56 | 
57 | 
58 | .. _hatch: https://hatch.pypa.io/
59 | .. _pipx: https://pypa.github.io/pipx/
60 | 


--------------------------------------------------------------------------------
/src/otp_yubikey/admin.py:
--------------------------------------------------------------------------------
 1 | from django.contrib import admin
 2 | from django.contrib.admin.sites import AlreadyRegistered
 3 | 
 4 | from .models import RemoteYubikeyDevice, ValidationService, YubikeyDevice
 5 | 
 6 | 
 7 | class YubikeyDeviceAdmin(admin.ModelAdmin):
 8 |     """
 9 |     :class:`~django.contrib.admin.ModelAdmin` for
10 |     :class:`~otp_yubikey.models.YubikeyDevice`.
11 |     """
12 | 
13 |     list_display = ['user', 'name', 'public_id']
14 | 
15 |     fieldsets = [
16 |         (
17 |             'Identity',
18 |             {
19 |                 'fields': ['user', 'name', 'confirmed'],
20 |             },
21 |         ),
22 |         (
23 |             'Configuration',
24 |             {
25 |                 'fields': ['private_id', 'key'],
26 |             },
27 |         ),
28 |         (
29 |             'State',
30 |             {
31 |                 'fields': ['session', 'counter'],
32 |             },
33 |         ),
34 |     ]
35 |     raw_id_fields = ['user']
36 | 
37 | 
38 | class ValidationServiceAdmin(admin.ModelAdmin):
39 |     """
40 |     :class:`~django.contrib.admin.ModelAdmin` for
41 |     :class:`~otp_yubikey.models.ValidationService`.
42 |     """
43 | 
44 |     fieldsets = [
45 |         (
46 |             'Common Options',
47 |             {
48 |                 'fields': ['name', 'api_id', 'api_key'],
49 |             },
50 |         ),
51 |         (
52 |             'Other Options',
53 |             {
54 |                 'fields': [
55 |                     'base_url',
56 |                     'api_version',
57 |                     'use_ssl',
58 |                     'param_sl',
59 |                     'param_timeout',
60 |                 ],
61 |             },
62 |         ),
63 |     ]
64 |     radio_fields = {'api_version': admin.HORIZONTAL}
65 | 
66 | 
67 | class RemoteYubikeyDeviceAdmin(admin.ModelAdmin):
68 |     """
69 |     :class:`~django.contrib.admin.ModelAdmin` for
70 |     :class:`~otp_yubikey.models.RemoteYubikeyDevice`.
71 |     """
72 | 
73 |     fieldsets = [
74 |         (
75 |             'Identity',
76 |             {
77 |                 'fields': ['user', 'name', 'confirmed'],
78 |             },
79 |         ),
80 |         (
81 |             'Configuration',
82 |             {
83 |                 'fields': ['service', 'public_id'],
84 |             },
85 |         ),
86 |     ]
87 |     raw_id_fields = ['user']
88 | 
89 | 
90 | try:
91 |     admin.site.register(YubikeyDevice, YubikeyDeviceAdmin)
92 |     admin.site.register(ValidationService, ValidationServiceAdmin)
93 |     admin.site.register(RemoteYubikeyDevice, RemoteYubikeyDeviceAdmin)
94 | except AlreadyRegistered:
95 |     # Useless exception triggered by multiple imports.
96 |     pass
97 | 


--------------------------------------------------------------------------------
/pyproject.toml:
--------------------------------------------------------------------------------
  1 | [project]
  2 | name = "django-otp-yubikey"
  3 | version = "1.1.0"
  4 | description = "A django-otp plugin that verifies YubiKey OTP tokens."
  5 | readme = "README.rst"
  6 | requires-python = ">=3.7"
  7 | license = "Unlicense"
  8 | authors = [
  9 |     { name = "Peter Sagerson", email = "psagers@ignorare.net" },
 10 | ]
 11 | classifiers = [
 12 |     "Development Status :: 5 - Production/Stable",
 13 |     "Framework :: Django",
 14 |     "Framework :: Django :: 4.2",
 15 |     "Framework :: Django :: 5.1",
 16 |     "Framework :: Django :: 5.2",
 17 |     "Intended Audience :: Developers",
 18 |     "License :: OSI Approved :: The Unlicense (Unlicense)",
 19 |     "Programming Language :: Python :: 3",
 20 |     "Programming Language :: Python :: 3 :: Only",
 21 |     "Topic :: Security",
 22 |     "Topic :: Software Development :: Libraries :: Python Modules",
 23 | ]
 24 | dependencies = [
 25 |     "django-otp~=1.0",
 26 |     "YubiOTP~=1.0",
 27 | ]
 28 | 
 29 | [project.urls]
 30 | Homepage = "https://github.com/django-otp/django-otp-yubikey"
 31 | Documentation = "https://django-otp-yubikey.readthedocs.io/"
 32 | 
 33 | 
 34 | #
 35 | # Development
 36 | #
 37 | 
 38 | [tool.hatch.envs.default]
 39 | dependencies = [
 40 |     "black ~= 25.1",
 41 |     "bumpversion ~= 0.6.0",
 42 |     "coverage ~= 7.8.0",
 43 |     "flake8 ~= 7.2.0",
 44 |     "freezegun ~= 1.5.1",
 45 |     "isort ~= 6.0.1",
 46 | ]
 47 | 
 48 | [tool.hatch.envs.default.env-vars]
 49 | PYTHONPATH = "test"
 50 | DJANGO_SETTINGS_MODULE = "test_project.settings"
 51 | 
 52 | [tool.hatch.envs.default.scripts]
 53 | manage = "python -m django {args}"
 54 | 
 55 | lint = [
 56 |     "flake8 src",
 57 |     "isort --check src",
 58 |     "black --check src",
 59 | ]
 60 | fix = [
 61 |     "isort src",
 62 |     "black src",
 63 | ]
 64 | 
 65 | test = "python -s -m django test {args:otp_yubikey}"
 66 | check = ["lint", "test"]
 67 | 
 68 | warn = "python -Wd -s -m django test {args:otp_yubikey}"
 69 | cov = [
 70 |     "coverage run -m django test {args:otp_yubikey}",
 71 |     "coverage report",
 72 | ]
 73 | 
 74 | 
 75 | [tool.hatch.envs.test.scripts]
 76 | run = "test"
 77 | 
 78 | [tool.hatch.envs.test.overrides]
 79 | matrix.django.dependencies = [
 80 |     { value = "django ~= 4.2.0", if = ["4.2"] },
 81 |     { value = "django ~= 5.1.0", if = ["5.1"] },
 82 |     { value = "django ~= 5.2.0", if = ["5.2"] },
 83 | ]
 84 | matrix.mode.scripts = [
 85 |     { key = "run", value = "lint", if = ["lint"] },
 86 |     { key = "run", value = "cov", if = ["coverage"] },
 87 | ]
 88 | 
 89 | [[tool.hatch.envs.test.matrix]]
 90 | mode = ["lint"]
 91 | 
 92 | # WARNING: When you update the Python versions, make sure to update
 93 | # .github/workflows/* as well.
 94 | [[tool.hatch.envs.test.matrix]]
 95 | python = ["3.9"]
 96 | django = ["4.2"]
 97 | 
 98 | [[tool.hatch.envs.test.matrix]]
 99 | python = ["3.11"]
100 | django = ["5.1"]
101 | 
102 | [[tool.hatch.envs.test.matrix]]
103 | python = ["3.13"]
104 | django = ["5.2"]
105 | 
106 | [[tool.hatch.envs.test.matrix]]
107 | mode = ["coverage"]
108 | 
109 | 
110 | [tool.hatch.envs.docs]
111 | template = "docs"
112 | dependencies = [
113 |     "sphinx"
114 | ]
115 | 
116 | [tool.hatch.envs.docs.scripts]
117 | make = "command make -C docs {args:html}"
118 | open = "command xdg-open docs/build/html/index.html"
119 | 
120 | 
121 | #
122 | # Build
123 | #
124 | 
125 | [build-system]
126 | requires = ["hatchling"]
127 | build-backend = "hatchling.build"
128 | 
129 | [tool.hatch.build.targets.wheel]
130 | packages = ["src/otp_yubikey"]
131 | 
132 | [tool.hatch.build.targets.sdist]
133 | include = [
134 |     "/src",
135 |     "/docs",
136 |     "/test",
137 |     "/CHANGES.rst",
138 | ]
139 | 
140 | 
141 | #
142 | # Other tools
143 | #
144 | 
145 | [tool.isort]
146 | profile = "black"
147 | force_sort_within_sections = true
148 | 
149 | sections = ["FUTURE", "STDLIB", "THIRDPARTY", "DJANGO", "FIRSTPARTY", "LOCALFOLDER"]
150 | known_django = ["django"]
151 | skip_glob = ["**/migrations/*.py"]
152 | 
153 | [tool.black]
154 | skip-string-normalization = true
155 | exclude = 'migrations/.*\.py'
156 | 


--------------------------------------------------------------------------------
/src/otp_yubikey/tests.py:
--------------------------------------------------------------------------------
  1 | from binascii import unhexlify
  2 | 
  3 | from django_otp.tests import TestCase
  4 | from yubiotp.otp import YubiKey, encode_otp
  5 | 
  6 | from django.db import IntegrityError
  7 | 
  8 | 
  9 | class YubikeyTest(TestCase):
 10 |     # YubiKey device simulators.
 11 |     alice_key = YubiKey(unhexlify(b'5dc30490956b'), 6, 0)
 12 |     bob_key = YubiKey(unhexlify(b'326f70826d31'), 11, 0)
 13 | 
 14 |     def setUp(self):
 15 |         try:
 16 |             alice = self.create_user('alice', 'password')
 17 |             bob = self.create_user('bob', 'password')
 18 |         except IntegrityError:
 19 |             self.skipTest("Unable to create the test user")
 20 |         else:
 21 |             self.alice_device = alice.yubikeydevice_set.create(
 22 |                 private_id='5dc30490956b',
 23 |                 key='fb362a0853be5e5306d5cc2483f279cb',
 24 |                 session=5,
 25 |                 counter=0,
 26 |             )
 27 |             self.alice_public = self.alice_device.public_id()
 28 | 
 29 |             self.bob_device = bob.yubikeydevice_set.create(
 30 |                 private_id='326f70826d31',
 31 |                 key='11080a0e7a56d0a1546f327f20626308',
 32 |                 session=10,
 33 |                 counter=3,
 34 |             )
 35 |             self.bob_public = self.bob_device.public_id()
 36 | 
 37 |     def test_verify_alice(self):
 38 |         _, token = self.alice_token()
 39 |         ok = self.alice_device.verify_token(token)
 40 | 
 41 |         self.assertTrue(ok)
 42 | 
 43 |     def test_verify_unicode(self):
 44 |         _, token = self.alice_token()
 45 |         ok = self.alice_device.verify_token(token.decode('ascii'))
 46 | 
 47 |         self.assertTrue(ok)
 48 | 
 49 |     def test_counter_increment(self):
 50 |         otp, token = self.alice_token(5, 7)
 51 |         ok = self.alice_device.verify_token(token)
 52 | 
 53 |         self.assertTrue(ok)
 54 |         self.assertEqual(self.alice_device.session, 5)
 55 |         self.assertEqual(self.alice_device.counter, 7)
 56 | 
 57 |     def test_no_verify_mismatch(self):
 58 |         _, token = self.alice_token()
 59 |         ok = self.bob_device.verify_token(token)
 60 | 
 61 |         self.assertFalse(ok)
 62 | 
 63 |     def test_replay(self):
 64 |         otp, token = self.alice_token()
 65 |         ok1 = self.alice_device.verify_token(token)
 66 |         ok2 = self.alice_device.verify_token(token)
 67 | 
 68 |         self.assertTrue(ok1)
 69 |         self.assertFalse(ok2)
 70 |         self.assertEqual(self.alice_device.session, otp.session)
 71 |         self.assertEqual(self.alice_device.counter, otp.counter)
 72 | 
 73 |     def test_bad_public_id(self):
 74 |         self.alice_public = self.bob_public
 75 |         otp, token = self.alice_token()
 76 |         ok = self.alice_device.verify_token(token)
 77 | 
 78 |         self.assertFalse(ok)
 79 | 
 80 |     def test_bad_private_id(self):
 81 |         alice_key = YubiKey(unhexlify(b'2627dc624cbd'), 6, 0)
 82 |         otp = alice_key.generate()
 83 |         token = encode_otp(otp, self.alice_aes, self.alice_public)
 84 |         ok = self.alice_device.verify_token(token)
 85 | 
 86 |         self.assertFalse(ok)
 87 | 
 88 |     def test_session_replay(self):
 89 |         otp, token = self.alice_token(4, 0)
 90 |         ok = self.alice_device.verify_token(token)
 91 | 
 92 |         self.assertFalse(ok)
 93 | 
 94 |     def test_counter_replay(self):
 95 |         otp, token = self.alice_token(5, 0)
 96 |         ok = self.alice_device.verify_token(token)
 97 | 
 98 |         self.assertFalse(ok)
 99 | 
100 |     def test_bad_decrypt(self):
101 |         otp = self.alice_key.generate()
102 |         token = encode_otp(otp, self.bob_aes, self.alice_public)
103 |         ok = self.alice_device.verify_token(token)
104 | 
105 |         self.assertFalse(ok)
106 | 
107 |     def test_bogus_token(self):
108 |         ok = self.alice_device.verify_token('completelybogus')
109 | 
110 |         self.assertFalse(ok)
111 | 
112 |     def alice_token(self, session=None, counter=None):
113 |         otp = self.alice_key.generate()
114 | 
115 |         if session is not None:
116 |             otp.session = session
117 | 
118 |         if counter is not None:
119 |             otp.counter = counter
120 | 
121 |         return otp, encode_otp(otp, self.alice_aes, self.alice_public)
122 | 
123 |     @property
124 |     def alice_aes(self):
125 |         return self.alice_device.bin_key
126 | 
127 |     @property
128 |     def bob_aes(self):
129 |         return self.bob_device.bin_key
130 | 


--------------------------------------------------------------------------------
/src/otp_yubikey/migrations/0001_initial.py:
--------------------------------------------------------------------------------
 1 | # -*- coding: utf-8 -*-
 2 | from __future__ import unicode_literals
 3 | 
 4 | from django.db import models, migrations
 5 | import otp_yubikey.models
 6 | from django.conf import settings
 7 | 
 8 | 
 9 | class Migration(migrations.Migration):
10 | 
11 |     dependencies = [
12 |         migrations.swappable_dependency(settings.AUTH_USER_MODEL),
13 |     ]
14 | 
15 |     operations = [
16 |         migrations.CreateModel(
17 |             name='RemoteYubikeyDevice',
18 |             fields=[
19 |                 ('id', models.AutoField(verbose_name='ID', serialize=False, auto_created=True, primary_key=True)),
20 |                 ('name', models.CharField(help_text='The human-readable name of this device.', max_length=64)),
21 |                 ('confirmed', models.BooleanField(default=True, help_text='Is this device ready for use?')),
22 |                 ('public_id', models.CharField(help_text='The public identity of the YubiKey (modhex-encoded).', max_length=32, verbose_name='Public ID')),
23 |             ],
24 |             options={
25 |                 'abstract': False,
26 |                 'verbose_name': 'Remote YubiKey device',
27 |             },
28 |             bases=(models.Model,),
29 |         ),
30 |         migrations.CreateModel(
31 |             name='ValidationService',
32 |             fields=[
33 |                 ('id', models.AutoField(verbose_name='ID', serialize=False, auto_created=True, primary_key=True)),
34 |                 ('name', models.CharField(help_text='The name of this validation service.', max_length=32)),
35 |                 ('api_id', models.IntegerField(default=1, help_text='Your API ID.', verbose_name='API ID')),
36 |                 ('api_key', models.CharField(default='', help_text='Your base64-encoded API key.', max_length=64, verbose_name='API key', blank=True)),
37 |                 ('base_url', models.URLField(default='', help_text="The base URL of the verification service. Defaults to Yubico's hosted API.", verbose_name='Base URL', blank=True)),
38 |                 ('api_version', models.CharField(default='2.0', help_text='The version of the validation api to use.', max_length=8, choices=[('1.0', '1.0'), ('1.1', '1.1'), ('2.0', '2.0')])),
39 |                 ('use_ssl', models.BooleanField(default=False, help_text='Use HTTPS API URLs by default?', verbose_name='Use SSL')),
40 |                 ('param_sl', models.CharField(default=None, help_text='The level of syncing required.', max_length=16, verbose_name='SL', blank=True)),
41 |                 ('param_timeout', models.CharField(default=None, help_text='The time to allow for syncing.', max_length=16, verbose_name='Timeout', blank=True)),
42 |             ],
43 |             options={
44 |                 'verbose_name': 'YubiKey validation service',
45 |             },
46 |             bases=(models.Model,),
47 |         ),
48 |         migrations.CreateModel(
49 |             name='YubikeyDevice',
50 |             fields=[
51 |                 ('id', models.AutoField(verbose_name='ID', serialize=False, auto_created=True, primary_key=True)),
52 |                 ('name', models.CharField(help_text='The human-readable name of this device.', max_length=64)),
53 |                 ('confirmed', models.BooleanField(default=True, help_text='Is this device ready for use?')),
54 |                 ('private_id', models.CharField(default=otp_yubikey.models.default_id, help_text='The 6-byte private ID (hex-encoded).', max_length=12, verbose_name='Private ID', validators=[otp_yubikey.models.id_validator])),
55 |                 ('key', models.CharField(default=otp_yubikey.models.default_key, help_text='The 16-byte AES key shared with this YubiKey (hex-encoded).', max_length=32, validators=[otp_yubikey.models.key_validator])),
56 |                 ('session', models.PositiveIntegerField(default=0, help_text='The non-volatile session counter most recently used by this device.')),
57 |                 ('counter', models.PositiveIntegerField(default=0, help_text='The volatile session usage counter most recently used by this device.')),
58 |                 ('user', models.ForeignKey(help_text='The user that this device belongs to.', to=settings.AUTH_USER_MODEL, on_delete=models.CASCADE)),
59 |             ],
60 |             options={
61 |                 'abstract': False,
62 |                 'verbose_name': 'Local YubiKey device',
63 |             },
64 |             bases=(models.Model,),
65 |         ),
66 |         migrations.AddField(
67 |             model_name='remoteyubikeydevice',
68 |             name='service',
69 |             field=models.ForeignKey(to='otp_yubikey.ValidationService', on_delete=models.CASCADE),
70 |             preserve_default=True,
71 |         ),
72 |         migrations.AddField(
73 |             model_name='remoteyubikeydevice',
74 |             name='user',
75 |             field=models.ForeignKey(help_text='The user that this device belongs to.', to=settings.AUTH_USER_MODEL, on_delete=models.CASCADE),
76 |             preserve_default=True,
77 |         ),
78 |     ]
79 | 


--------------------------------------------------------------------------------
/CHANGES.rst:
--------------------------------------------------------------------------------
  1 | v1.1.0 - March 25, 2024 - Tooling
  2 | --------------------------------------------------------------------------------
  3 | 
  4 | This project is now managed with `hatch`_, which replaces setuptools, pipenv,
  5 | and tox. Users of the package should not be impacted. Developers can refer to
  6 | the readme for details. If you're packaging this project from source, I suggest
  7 | relying on pip's isolated builds rather than using hatch directly.
  8 | 
  9 | .. _hatch: https://hatch.pypa.io/
 10 | 
 11 | 
 12 | v1.0.1 - November 29, 2021 - Forward compatibility
 13 | --------------------------------------------------------------------------------
 14 | 
 15 | Default to AutoField to avoid spurious migrations.
 16 | 
 17 | 
 18 | 
 19 | v1.0.0 - August 13, 2020 - Update supported Django verisons
 20 | --------------------------------------------------------------------------------
 21 | 
 22 | - Dropped support for Django < 2.2.
 23 | 
 24 | - Version bumped to align with the core django-otp project.
 25 | 
 26 | 
 27 | v0.6.0 - July 23, 2020 - Require TLS by default
 28 | -------------------------------------------------------------------------------
 29 | 
 30 | - Validation services require TLS by default. Python now (for some time)
 31 |   verifies server certificates.
 32 | 
 33 | - Removed vestigial Python 2 support. Updated the test matrix to match
 34 |   django-otp.
 35 | 
 36 | 
 37 | v0.5.2 - September 12, 2019 - Preliminary Django 3.0 support
 38 | ------------------------------------------------------------
 39 | 
 40 | Removed dependencies on Python 2 compatibility shims in Django < 3.0.
 41 | 
 42 | 
 43 | v0.5.1 - August 26, 2019 - Housekeeping
 44 | ---------------------------------------
 45 | 
 46 | Build, test, and documentation cleanup.
 47 | 
 48 | 
 49 | v0.5.0 - August 14, 2018 - Django 2.1 support
 50 | ---------------------------------------------
 51 | 
 52 | - Drop support for Django < 1.11.
 53 | 
 54 | 
 55 | v0.4.2 - October 7, 2017 - Forward compatibility
 56 | ------------------------------------------------
 57 | 
 58 | - Resolve deprecation warnings for forward compatibility.
 59 | 
 60 | 
 61 | v0.4.1 - August 29, 2017 - Default keys
 62 | ---------------------------------------
 63 | 
 64 | - Fix `#25`_: make sure default keys are unicode values.
 65 | 
 66 | .. _#25: https://bitbucket.org/psagers/django-otp/issues/25/attributeerror-bytes-object-has-no
 67 | 
 68 | 
 69 | v0.4.0 - July 19, 2017 - Update support matrix
 70 | ----------------------------------------------
 71 | 
 72 | - Drop support for versions of Django that are past EOL.
 73 | 
 74 | 
 75 | v0.3.5 - November 27, 2016 - Forward compatbility for Django 2.0
 76 | ----------------------------------------------------------------
 77 | 
 78 | - Treat :attr:`~django.contrib.auth.models.User.is_authenticated` and
 79 |   :attr:`~django.contrib.auth.models.User.is_anonymous` as properties in Django
 80 |   1.10 and later.
 81 | 
 82 | - Add explict on_delete behavior for all foreign keys.
 83 | 
 84 | 
 85 | v0.3.4 - July 23, 2016 - YubiKey fix
 86 | ------------------------------------
 87 | 
 88 | - Fix for YubiKey token encoding on Python 3.
 89 | 
 90 | 
 91 | v0.3.3 - January 10, 2016 - Python 3 cleanup
 92 | --------------------------------------------
 93 | 
 94 | - All modules include all four Python 3 __future__ imports for consistency.
 95 | 
 96 | - Migrations no longer have byte strings in them.
 97 | 
 98 | 
 99 | v0.3.2 - October 11, 2015 - Admin
100 | ---------------------------------
101 | 
102 | - Use ModelAdmin.raw_id_fields for foreign keys to users.
103 | 
104 | 
105 | v0.3.0 - February 7, 2015 - Support Django migrations
106 | -----------------------------------------------------
107 | 
108 | - otp_yubikey now has both Django and South migrations. Please see the `upgrade
109 |   notes`_ for details on upgrading from previous versions.
110 | 
111 | .. _upgrade notes: https://pythonhosted.org/django-otp/overview.html#upgrading
112 | 
113 | 
114 | v0.2.0 - November 10, 2013 - Django 1.6
115 | ---------------------------------------
116 | 
117 | - Now supports Django 1.4 to 1.6 on Python 2.6, 2.7, 3.2, and 3.3. This is the
118 |   first release for Python 3.
119 | 
120 | 
121 | v0.1.3 - October 2, 2013 - Unit test fixes
122 | ------------------------------------------
123 | 
124 | - The move away from fixtures inadvertantly made the tests sensitive to the
125 |   primary keys allocated by the database.
126 | 
127 | 
128 | v0.1.2 - May 9, 2013 - Unit test improvements
129 | ---------------------------------------------
130 | 
131 | - Major unit test cleanup. Tests should pass or be skipped under all supported
132 |   versions of Django, with or without custom users and timzeone support.
133 | 
134 | 
135 | v0.1.1 - May 8, 2013 - Packaging and test cleanup
136 | -------------------------------------------------
137 | 
138 | - Include fixtures in the installation so the tests pass.
139 | 
140 | 
141 | v0.1.0 - August 21, 2012 - Initial Release
142 | ------------------------------------------
143 | 
144 | Initial release.
145 | 
146 | 
147 | .. vim: ft=rst nospell tw=80
148 | 


--------------------------------------------------------------------------------
/docs/Makefile:
--------------------------------------------------------------------------------
  1 | # Makefile for Sphinx documentation
  2 | #
  3 | 
  4 | # You can set these variables from the command line.
  5 | SPHINXOPTS    =
  6 | SPHINXBUILD   = sphinx-build
  7 | PAPER         =
  8 | BUILDDIR      = build
  9 | 
 10 | # Internal variables.
 11 | PAPEROPT_a4     = -D latex_paper_size=a4
 12 | PAPEROPT_letter = -D latex_paper_size=letter
 13 | ALLSPHINXOPTS   = -d $(BUILDDIR)/doctrees $(PAPEROPT_$(PAPER)) $(SPHINXOPTS) source
 14 | # the i18n builder cannot share the environment and doctrees with the others
 15 | I18NSPHINXOPTS  = $(PAPEROPT_$(PAPER)) $(SPHINXOPTS) source
 16 | 
 17 | .PHONY: help clean html dirhtml singlehtml pickle json htmlhelp qthelp devhelp epub latex latexpdf text man changes linkcheck doctest gettext
 18 | 
 19 | help:
 20 | 	@echo "Please use \`make <target>' where <target> is one of"
 21 | 	@echo "  html       to make standalone HTML files"
 22 | 	@echo "  dirhtml    to make HTML files named index.html in directories"
 23 | 	@echo "  singlehtml to make a single large HTML file"
 24 | 	@echo "  pickle     to make pickle files"
 25 | 	@echo "  json       to make JSON files"
 26 | 	@echo "  htmlhelp   to make HTML files and a HTML help project"
 27 | 	@echo "  qthelp     to make HTML files and a qthelp project"
 28 | 	@echo "  devhelp    to make HTML files and a Devhelp project"
 29 | 	@echo "  epub       to make an epub"
 30 | 	@echo "  latex      to make LaTeX files, you can set PAPER=a4 or PAPER=letter"
 31 | 	@echo "  latexpdf   to make LaTeX files and run them through pdflatex"
 32 | 	@echo "  text       to make text files"
 33 | 	@echo "  man        to make manual pages"
 34 | 	@echo "  texinfo    to make Texinfo files"
 35 | 	@echo "  info       to make Texinfo files and run them through makeinfo"
 36 | 	@echo "  gettext    to make PO message catalogs"
 37 | 	@echo "  changes    to make an overview of all changed/added/deprecated items"
 38 | 	@echo "  linkcheck  to check all external links for integrity"
 39 | 	@echo "  doctest    to run all doctests embedded in the documentation (if enabled)"
 40 | 
 41 | clean:
 42 | 	-rm -rf $(BUILDDIR)/*
 43 | 
 44 | html:
 45 | 	$(SPHINXBUILD) -b html $(ALLSPHINXOPTS) $(BUILDDIR)/html
 46 | 	@echo
 47 | 	@echo "Build finished. The HTML pages are in $(BUILDDIR)/html."
 48 | 
 49 | dirhtml:
 50 | 	$(SPHINXBUILD) -b dirhtml $(ALLSPHINXOPTS) $(BUILDDIR)/dirhtml
 51 | 	@echo
 52 | 	@echo "Build finished. The HTML pages are in $(BUILDDIR)/dirhtml."
 53 | 
 54 | singlehtml:
 55 | 	$(SPHINXBUILD) -b singlehtml $(ALLSPHINXOPTS) $(BUILDDIR)/singlehtml
 56 | 	@echo
 57 | 	@echo "Build finished. The HTML page is in $(BUILDDIR)/singlehtml."
 58 | 
 59 | pickle:
 60 | 	$(SPHINXBUILD) -b pickle $(ALLSPHINXOPTS) $(BUILDDIR)/pickle
 61 | 	@echo
 62 | 	@echo "Build finished; now you can process the pickle files."
 63 | 
 64 | json:
 65 | 	$(SPHINXBUILD) -b json $(ALLSPHINXOPTS) $(BUILDDIR)/json
 66 | 	@echo
 67 | 	@echo "Build finished; now you can process the JSON files."
 68 | 
 69 | htmlhelp:
 70 | 	$(SPHINXBUILD) -b htmlhelp $(ALLSPHINXOPTS) $(BUILDDIR)/htmlhelp
 71 | 	@echo
 72 | 	@echo "Build finished; now you can run HTML Help Workshop with the" \
 73 | 	      ".hhp project file in $(BUILDDIR)/htmlhelp."
 74 | 
 75 | qthelp:
 76 | 	$(SPHINXBUILD) -b qthelp $(ALLSPHINXOPTS) $(BUILDDIR)/qthelp
 77 | 	@echo
 78 | 	@echo "Build finished; now you can run "qcollectiongenerator" with the" \
 79 | 	      ".qhcp project file in $(BUILDDIR)/qthelp, like this:"
 80 | 	@echo "# qcollectiongenerator $(BUILDDIR)/qthelp/django-otp-yubikey.qhcp"
 81 | 	@echo "To view the help file:"
 82 | 	@echo "# assistant -collectionFile $(BUILDDIR)/qthelp/django-otp-yubikey.qhc"
 83 | 
 84 | devhelp:
 85 | 	$(SPHINXBUILD) -b devhelp $(ALLSPHINXOPTS) $(BUILDDIR)/devhelp
 86 | 	@echo
 87 | 	@echo "Build finished."
 88 | 	@echo "To view the help file:"
 89 | 	@echo "# mkdir -p $$HOME/.local/share/devhelp/django-otp-yubikey"
 90 | 	@echo "# ln -s $(BUILDDIR)/devhelp $$HOME/.local/share/devhelp/django-otp-yubikey"
 91 | 	@echo "# devhelp"
 92 | 
 93 | epub:
 94 | 	$(SPHINXBUILD) -b epub $(ALLSPHINXOPTS) $(BUILDDIR)/epub
 95 | 	@echo
 96 | 	@echo "Build finished. The epub file is in $(BUILDDIR)/epub."
 97 | 
 98 | latex:
 99 | 	$(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex
100 | 	@echo
101 | 	@echo "Build finished; the LaTeX files are in $(BUILDDIR)/latex."
102 | 	@echo "Run \`make' in that directory to run these through (pdf)latex" \
103 | 	      "(use \`make latexpdf' here to do that automatically)."
104 | 
105 | latexpdf:
106 | 	$(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex
107 | 	@echo "Running LaTeX files through pdflatex..."
108 | 	$(MAKE) -C $(BUILDDIR)/latex all-pdf
109 | 	@echo "pdflatex finished; the PDF files are in $(BUILDDIR)/latex."
110 | 
111 | text:
112 | 	$(SPHINXBUILD) -b text $(ALLSPHINXOPTS) $(BUILDDIR)/text
113 | 	@echo
114 | 	@echo "Build finished. The text files are in $(BUILDDIR)/text."
115 | 
116 | man:
117 | 	$(SPHINXBUILD) -b man $(ALLSPHINXOPTS) $(BUILDDIR)/man
118 | 	@echo
119 | 	@echo "Build finished. The manual pages are in $(BUILDDIR)/man."
120 | 
121 | texinfo:
122 | 	$(SPHINXBUILD) -b texinfo $(ALLSPHINXOPTS) $(BUILDDIR)/texinfo
123 | 	@echo
124 | 	@echo "Build finished. The Texinfo files are in $(BUILDDIR)/texinfo."
125 | 	@echo "Run \`make' in that directory to run these through makeinfo" \
126 | 	      "(use \`make info' here to do that automatically)."
127 | 
128 | info:
129 | 	$(SPHINXBUILD) -b texinfo $(ALLSPHINXOPTS) $(BUILDDIR)/texinfo
130 | 	@echo "Running Texinfo files through makeinfo..."
131 | 	make -C $(BUILDDIR)/texinfo info
132 | 	@echo "makeinfo finished; the Info files are in $(BUILDDIR)/texinfo."
133 | 
134 | gettext:
135 | 	$(SPHINXBUILD) -b gettext $(I18NSPHINXOPTS) $(BUILDDIR)/locale
136 | 	@echo
137 | 	@echo "Build finished. The message catalogs are in $(BUILDDIR)/locale."
138 | 
139 | changes:
140 | 	$(SPHINXBUILD) -b changes $(ALLSPHINXOPTS) $(BUILDDIR)/changes
141 | 	@echo
142 | 	@echo "The overview file is in $(BUILDDIR)/changes."
143 | 
144 | linkcheck:
145 | 	$(SPHINXBUILD) -b linkcheck $(ALLSPHINXOPTS) $(BUILDDIR)/linkcheck
146 | 	@echo
147 | 	@echo "Link check complete; look for any errors in the above output " \
148 | 	      "or in $(BUILDDIR)/linkcheck/output.txt."
149 | 
150 | doctest:
151 | 	$(SPHINXBUILD) -b doctest $(ALLSPHINXOPTS) $(BUILDDIR)/doctest
152 | 	@echo "Testing of doctests in the sources finished, look at the " \
153 | 	      "results in $(BUILDDIR)/doctest/output.txt."
154 | 
155 | zip:
156 | 	rm build/html.zip || true
157 | 	cd build/html && zip -R ../html.zip '*' -x .buildinfo -x '_sources/*'
158 | 


--------------------------------------------------------------------------------
/src/otp_yubikey/models.py:
--------------------------------------------------------------------------------
  1 | from base64 import b64decode
  2 | from binascii import hexlify, unhexlify
  3 | from struct import pack
  4 | 
  5 | from django_otp.models import Device
  6 | from django_otp.util import hex_validator, random_hex
  7 | from yubiotp.client import YubiClient10, YubiClient11, YubiClient20
  8 | from yubiotp.modhex import modhex
  9 | from yubiotp.otp import decode_otp
 10 | 
 11 | from django.db import models
 12 | from django.utils.encoding import force_str
 13 | 
 14 | 
 15 | def default_id():
 16 |     return force_str(random_hex(6))
 17 | 
 18 | 
 19 | def id_validator(value):
 20 |     return hex_validator(6)(value)
 21 | 
 22 | 
 23 | def default_key():
 24 |     return force_str(random_hex(16))
 25 | 
 26 | 
 27 | def key_validator(value):
 28 |     return hex_validator(16)(value)
 29 | 
 30 | 
 31 | class YubikeyDevice(Device):
 32 |     """
 33 |     Represents a locally-verified YubiKey OTP
 34 |     :class:`~django_otp.models.Device`.
 35 | 
 36 |     .. attribute:: private_id
 37 | 
 38 |         *CharField*: The 6-byte private ID (hex-encoded).
 39 | 
 40 |     .. attribute:: key
 41 | 
 42 |         *CharField*: The 16-byte AES key shared with this YubiKey
 43 |         (hex-encoded).
 44 | 
 45 |     .. attribute:: session
 46 | 
 47 |         *PositiveIntegerField*: The non-volatile session counter most recently
 48 |         used by this device.
 49 | 
 50 |     .. attribute:: counter
 51 | 
 52 |         *PositiveIntegerField*: The volatile session usage counter most
 53 |         recently used by this device.
 54 |     """
 55 | 
 56 |     private_id = models.CharField(
 57 |         max_length=12,
 58 |         validators=[id_validator],
 59 |         default=default_id,
 60 |         verbose_name="Private ID",
 61 |         help_text="The 6-byte private ID (hex-encoded).",
 62 |     )
 63 | 
 64 |     key = models.CharField(
 65 |         max_length=32,
 66 |         validators=[key_validator],
 67 |         default=default_key,
 68 |         help_text="The 16-byte AES key shared with this YubiKey (hex-encoded).",
 69 |     )
 70 | 
 71 |     session = models.PositiveIntegerField(
 72 |         default=0,
 73 |         help_text="The non-volatile session counter most recently used by this device.",
 74 |     )
 75 | 
 76 |     counter = models.PositiveIntegerField(
 77 |         default=0,
 78 |         help_text="The volatile session usage counter most recently used by this device.",
 79 |     )
 80 | 
 81 |     class Meta(Device.Meta):
 82 |         verbose_name = "Local YubiKey device"
 83 | 
 84 |     def public_id(self):
 85 |         """
 86 |         The public ID of this device is the four-byte, big-endian,
 87 |         modhex-encoded primary key.
 88 |         """
 89 |         return modhex(pack('>I', self.id))
 90 | 
 91 |     public_id.short_description = 'Public Identity'
 92 |     public_id.admin_order_field = 'id'
 93 | 
 94 |     @property
 95 |     def bin_key(self):
 96 |         return unhexlify(self.key.encode())
 97 | 
 98 |     def verify_token(self, token):
 99 |         if isinstance(token, str):
100 |             token = token.encode('utf-8')
101 | 
102 |         try:
103 |             public_id, otp = decode_otp(token, self.bin_key)
104 |         except Exception:
105 |             return False
106 | 
107 |         if public_id != self.public_id():
108 |             return False
109 | 
110 |         if hexlify(otp.uid) != self.private_id.encode():
111 |             return False
112 | 
113 |         if otp.session < self.session:
114 |             return False
115 | 
116 |         if (otp.session == self.session) and (otp.counter <= self.counter):
117 |             return False
118 | 
119 |         # All tests pass. Update the counters and return the good news.
120 |         self.session = otp.session
121 |         self.counter = otp.counter
122 |         self.save()
123 | 
124 |         return True
125 | 
126 | 
127 | class ValidationService(models.Model):
128 |     """
129 |     Represents a YubiKey validation web service. By default, this will point to
130 |     Yubico's official hosted service, which you can customize. You can also
131 |     create instances to point at any other service implementing the same
132 |     protocol.
133 | 
134 |     .. attribute:: name
135 | 
136 |         *CharField*: The name of this validation service.
137 | 
138 |     .. attribute:: api_id
139 | 
140 |         *IntegerField*: Your API ID. The server needs this to sign responsees.
141 |         (Default: 1)
142 | 
143 |     .. attribute:: api_key
144 | 
145 |         *CharField*: Your base64-encoded API key, used to sign requests. This
146 |         is optional but strongly recommended. (Default: ``''``)
147 | 
148 |     .. attribute:: base_url
149 | 
150 |         *URLField*: The base URL of the verification service. Defaults to
151 |         Yubico's hosted API.
152 | 
153 |     .. attribute:: api_version
154 | 
155 |         *CharField*: The version of the validation API to use: '1.0', '1.1', or
156 |         '2.0'. (Default: '2.0')
157 | 
158 |     .. attribute:: use_ssl
159 | 
160 |         *BooleanField*: If ``True``, we'll use the HTTPS versions of the
161 |         default URLs. (Default: ``True``).
162 | 
163 |     .. attribute:: param_sl
164 | 
165 |         *CharField*: The level of syncing required. See
166 |         :class:`~yubiotp.client.YubiClient20`.
167 | 
168 |     .. attribute:: param_timeout
169 | 
170 |         *CharField*: The time to allow for syncing. See
171 |         :class:`~yubiotp.client.YubiClient20`.
172 |     """
173 | 
174 |     API_VERSIONS = ['1.0', '1.1', '2.0']
175 | 
176 |     name = models.CharField(
177 |         max_length=32, help_text="The name of this validation service."
178 |     )
179 | 
180 |     api_id = models.IntegerField(
181 |         default=1, verbose_name="API ID", help_text="Your API ID."
182 |     )
183 | 
184 |     api_key = models.CharField(
185 |         max_length=64,
186 |         blank=True,
187 |         default='',
188 |         verbose_name="API key",
189 |         help_text="Your base64-encoded API key.",
190 |     )
191 | 
192 |     base_url = models.URLField(
193 |         blank=True,
194 |         default='',
195 |         verbose_name="Base URL",
196 |         help_text="The base URL of the verification service. Defaults to Yubico's hosted API.",
197 |     )
198 | 
199 |     api_version = models.CharField(
200 |         max_length=8,
201 |         choices=list(zip(API_VERSIONS, API_VERSIONS)),
202 |         default='2.0',
203 |         help_text="The version of the validation api to use.",
204 |     )
205 | 
206 |     use_ssl = models.BooleanField(
207 |         default=True, verbose_name="Use SSL", help_text="Use HTTPS API URLs by default?"
208 |     )
209 | 
210 |     param_sl = models.CharField(
211 |         max_length=16,
212 |         blank=True,
213 |         default=None,
214 |         verbose_name="SL",
215 |         help_text="The level of syncing required.",
216 |     )
217 | 
218 |     param_timeout = models.CharField(
219 |         max_length=16,
220 |         blank=True,
221 |         default=None,
222 |         verbose_name="Timeout",
223 |         help_text="The time to allow for syncing.",
224 |     )
225 | 
226 |     class Meta(object):
227 |         verbose_name = "YubiKey validation service"
228 | 
229 |     def __unicode__(self):
230 |         return self.name
231 | 
232 |     def get_client(self):
233 |         api_key = b64decode(self.api_key.encode()) or None
234 | 
235 |         if self.api_version == '2.0':
236 |             client = YubiClient20(
237 |                 self.api_id,
238 |                 api_key,
239 |                 self.use_ssl,
240 |                 False,
241 |                 self.param_sl or None,
242 |                 self.param_timeout or None,
243 |             )
244 |         elif self.api_version == '1.1':
245 |             client = YubiClient11(self.api_id, api_key, self.use_ssl)
246 |         else:
247 |             client = YubiClient10(self.api_id, api_key, self.use_ssl)
248 | 
249 |         if self.base_url:
250 |             client.base_url = self.base_url
251 | 
252 |         return client
253 | 
254 | 
255 | class RemoteYubikeyDevice(Device):
256 |     """
257 |     Represents a YubiKey device that is to be verified with a remote validation
258 |     service. In order create these devices, you must have at least one
259 |     :class:`~otp_yubikey.models.ValidationService` in the database.
260 | 
261 |     .. attribute:: service
262 | 
263 |         *ForeignKey*: The validation service to use for this device.
264 | 
265 |     .. attribute:: public_id
266 | 
267 |         *CharField*: The public identity of the YubiKey (modhex-encoded).
268 |     """
269 | 
270 |     service = models.ForeignKey(ValidationService, on_delete=models.CASCADE)
271 |     public_id = models.CharField(
272 |         max_length=32,
273 |         verbose_name="Public ID",
274 |         help_text="The public identity of the YubiKey (modhex-encoded).",
275 |     )
276 | 
277 |     class Meta(Device.Meta):
278 |         verbose_name = "Remote YubiKey device"
279 | 
280 |     def verify_token(self, token):
281 |         verified = False
282 | 
283 |         if token[:-32] == self.public_id:
284 |             client = self.service.get_client()
285 |             response = client.verify(token)
286 |             verified = response.is_ok()
287 | 
288 |         return verified
289 | 


--------------------------------------------------------------------------------
/docs/source/conf.py:
--------------------------------------------------------------------------------
  1 | # -*- coding: utf-8 -*-
  2 | #
  3 | # django-otp-yubikey documentation build configuration file, created by
  4 | # sphinx-quickstart on Sun Jul 22 16:13:25 2012.
  5 | #
  6 | # This file is execfile()d with the current directory set to its containing dir.
  7 | #
  8 | # Note that not all possible configuration values are present in this
  9 | # autogenerated file.
 10 | #
 11 | # All configuration values have a default; values that are commented out
 12 | # serve to show the default.
 13 | 
 14 | import os
 15 | import sys
 16 | 
 17 | # autodoc and viewcode need valid settings in order to process Django modules.
 18 | import django
 19 | import django.conf
 20 | 
 21 | 
 22 | # If extensions (or modules to document with autodoc) are in another directory,
 23 | # add these directories to sys.path here. If the directory is relative to the
 24 | # documentation root, use os.path.abspath to make it absolute, like shown here.
 25 | sys.path.insert(0, os.path.abspath('../ext'))
 26 | 
 27 | # -- General configuration -----------------------------------------------------
 28 | 
 29 | # If your documentation needs a minimal Sphinx version, state it here.
 30 | # needs_sphinx = '1.0'
 31 | 
 32 | # Add any Sphinx extension module names here, as strings. They can be extensions
 33 | # coming with Sphinx (named 'sphinx.ext.*') or your custom ones.
 34 | extensions = [
 35 |     'sphinx.ext.autodoc',
 36 |     'sphinx.ext.intersphinx',
 37 |     'sphinx.ext.viewcode',
 38 | 
 39 |     'otpdocs',
 40 | ]
 41 | 
 42 | 
 43 | django.conf.settings.configure(
 44 |     DATABASES={
 45 |         'default': {
 46 |             'ENGINE': 'django.db.backends.sqlite3',
 47 |         }
 48 |     },
 49 |     INSTALLED_APPS=[
 50 |         'django.contrib.admin',
 51 |         'django.contrib.auth',
 52 |         'django.contrib.contenttypes',
 53 |         'django.contrib.sessions',
 54 |         'django.contrib.messages',
 55 | 
 56 |         'django_otp',
 57 |         'otp_yubikey',
 58 |     ],
 59 |     SECRET_KEY='properly-configured',
 60 | )
 61 | django.setup()
 62 | 
 63 | intersphinx_mapping = {
 64 |     'python': ('http://docs.python.org/3/', None),
 65 |     'django': ('https://docs.djangoproject.com/en/4.2/',
 66 |                'https://docs.djangoproject.com/en/4.2/_objects/'),
 67 |     'django-otp': ('http://django-otp-official.readthedocs.io/en/latest/', None),
 68 |     'yubiotp': ('http://yubiotp.readthedocs.io/en/latest/', None),
 69 | }
 70 | 
 71 | # Add any paths that contain templates here, relative to this directory.
 72 | templates_path = ['_templates']
 73 | 
 74 | # The suffix of source filenames.
 75 | source_suffix = '.rst'
 76 | 
 77 | # The encoding of source files.
 78 | # source_encoding = 'utf-8-sig'
 79 | 
 80 | # The master toctree document.
 81 | master_doc = 'index'
 82 | 
 83 | # General information about the project.
 84 | project = 'django-otp-yubikey'
 85 | copyright = '2012, Peter Sagerson'
 86 | 
 87 | # The version info for the project you're documenting, acts as replacement for
 88 | # |version| and |release|, also used in various other places throughout the
 89 | # built documents.
 90 | #
 91 | # The full version, including alpha/beta/rc tags.
 92 | release = '1.1.0'
 93 | 
 94 | # The short X.Y version.
 95 | version = '.'.join(release.split('.')[:2])
 96 | 
 97 | # The language for content autogenerated by Sphinx. Refer to documentation
 98 | # for a list of supported languages.
 99 | # language = None
100 | 
101 | # There are two options for replacing |today|: either, you set today to some
102 | # non-false value, then it is used:
103 | # today = ''
104 | # Else, today_fmt is used as the format for a strftime call.
105 | # today_fmt = '%B %d, %Y'
106 | 
107 | # List of patterns, relative to source directory, that match files and
108 | # directories to ignore when looking for source files.
109 | exclude_patterns = []
110 | 
111 | # The reST default role (used for this markup: `text`) to use for all documents.
112 | # default_role = None
113 | 
114 | # If true, '()' will be appended to :func: etc. cross-reference text.
115 | # add_function_parentheses = True
116 | 
117 | # If true, the current module name will be prepended to all description
118 | # unit titles (such as .. function::).
119 | # add_module_names = True
120 | 
121 | # If true, sectionauthor and moduleauthor directives will be shown in the
122 | # output. They are ignored by default.
123 | # show_authors = False
124 | 
125 | # The name of the Pygments (syntax highlighting) style to use.
126 | pygments_style = 'sphinx'
127 | 
128 | # A list of ignored prefixes for module index sorting.
129 | # modindex_common_prefix = []
130 | 
131 | 
132 | # -- Options for HTML output ---------------------------------------------------
133 | 
134 | # The theme to use for HTML and HTML Help pages.  See the documentation for
135 | # a list of builtin themes.
136 | html_theme = 'default'
137 | 
138 | # Theme options are theme-specific and customize the look and feel of a theme
139 | # further.  For a list of options available for each theme, see the
140 | # documentation.
141 | # html_theme_options = {}
142 | 
143 | # Add any paths that contain custom themes here, relative to this directory.
144 | # html_theme_path = []
145 | 
146 | # The name for this set of Sphinx documents.  If None, it defaults to
147 | # "<project> v<release> documentation".
148 | # html_title = None
149 | 
150 | # A shorter title for the navigation bar.  Default is the same as html_title.
151 | # html_short_title = None
152 | 
153 | # The name of an image file (relative to this directory) to place at the top
154 | # of the sidebar.
155 | # html_logo = None
156 | 
157 | # The name of an image file (within the static path) to use as favicon of the
158 | # docs.  This file should be a Windows icon file (.ico) being 16x16 or 32x32
159 | # pixels large.
160 | # html_favicon = None
161 | 
162 | # Add any paths that contain custom static files (such as style sheets) here,
163 | # relative to this directory. They are copied after the builtin static files,
164 | # so a file named "default.css" will overwrite the builtin "default.css".
165 | # html_static_path = ['_static']
166 | 
167 | # If not '', a 'Last updated on:' timestamp is inserted at every page bottom,
168 | # using the given strftime format.
169 | # html_last_updated_fmt = '%b %d, %Y'
170 | 
171 | # If true, SmartyPants will be used to convert quotes and dashes to
172 | # typographically correct entities.
173 | # html_use_smartypants = True
174 | 
175 | # Custom sidebar templates, maps document names to template names.
176 | # html_sidebars = {}
177 | 
178 | # Additional templates that should be rendered to pages, maps page names to
179 | # template names.
180 | # html_additional_pages = {}
181 | 
182 | # If false, no module index is generated.
183 | # html_domain_indices = True
184 | 
185 | # If false, no index is generated.
186 | # html_use_index = True
187 | 
188 | # If true, the index is split into individual pages for each letter.
189 | # html_split_index = False
190 | 
191 | # If true, links to the reST sources are added to the pages.
192 | # html_show_sourcelink = True
193 | 
194 | # If true, "Created using Sphinx" is shown in the HTML footer. Default is True.
195 | # html_show_sphinx = True
196 | 
197 | # If true, "(C) Copyright ..." is shown in the HTML footer. Default is True.
198 | # html_show_copyright = True
199 | 
200 | # If true, an OpenSearch description file will be output, and all pages will
201 | # contain a <link> tag referring to it.  The value of this option must be the
202 | # base URL from which the finished HTML is served.
203 | # html_use_opensearch = ''
204 | 
205 | # This is the file name suffix for HTML files (e.g. ".xhtml").
206 | # html_file_suffix = None
207 | 
208 | # Output file base name for HTML help builder.
209 | htmlhelp_basename = 'django-otp-yubikeydoc'
210 | 
211 | 
212 | # -- Options for LaTeX output --------------------------------------------------
213 | 
214 | latex_elements = {
215 |     # The paper size ('letterpaper' or 'a4paper').
216 |     # 'papersize': 'letterpaper',
217 | 
218 |     # The font size ('10pt', '11pt' or '12pt').
219 |     # 'pointsize': '10pt',
220 | 
221 |     # Additional stuff for the LaTeX preamble.
222 |     # 'preamble': '',
223 | }
224 | 
225 | # Grouping the document tree into LaTeX files. List of tuples
226 | # (source start file, target name, title, author, documentclass [howto/manual]).
227 | latex_documents = [
228 |     ('index', 'django-otp-yubikey.tex', 'django-otp-yubikey Documentation',
229 |      'Peter Sagerson', 'manual'),
230 | ]
231 | 
232 | # The name of an image file (relative to this directory) to place at the top of
233 | # the title page.
234 | # latex_logo = None
235 | 
236 | # For "manual" documents, if this is true, then toplevel headings are parts,
237 | # not chapters.
238 | # latex_use_parts = False
239 | 
240 | # If true, show page references after internal links.
241 | # latex_show_pagerefs = False
242 | 
243 | # If true, show URL addresses after external links.
244 | # latex_show_urls = False
245 | 
246 | # Documents to append as an appendix to all manuals.
247 | # latex_appendices = []
248 | 
249 | # If false, no module index is generated.
250 | # latex_domain_indices = True
251 | 
252 | 
253 | # -- Options for manual page output --------------------------------------------
254 | 
255 | # One entry per manual page. List of tuples
256 | # (source start file, name, description, authors, manual section).
257 | man_pages = [
258 |     ('index', 'django-otp-yubikey', 'django-otp-yubikey Documentation',
259 |      ['Peter Sagerson'], 1)
260 | ]
261 | 
262 | # If true, show URL addresses after external links.
263 | # man_show_urls = False
264 | 
265 | 
266 | # -- Options for Texinfo output ------------------------------------------------
267 | 
268 | # Grouping the document tree into Texinfo files. List of tuples
269 | # (source start file, target name, title, author,
270 | #  dir menu entry, description, category)
271 | texinfo_documents = [
272 |     ('index', 'django-otp-yubikey', 'django-otp-yubikey Documentation',
273 |      'Peter Sagerson', 'django-otp-yubikey', 'One line description of project.',
274 |      'Miscellaneous'),
275 | ]
276 | 
277 | # Documents to append as an appendix to all manuals.
278 | # texinfo_appendices = []
279 | 
280 | # If false, no module index is generated.
281 | # texinfo_domain_indices = True
282 | 
283 | # How to display URL addresses: 'footnote', 'no', or 'inline'.
284 | # texinfo_show_urls = 'footnote'
285 | 


--------------------------------------------------------------------------------