django-otp-yubikey-1.0.0.post1/0000755000076600000240000000000014033357520017070 5ustar psagersstaff00000000000000django-otp-yubikey-1.0.0.post1/CHANGES.rst0000644000076600000240000000711413715340653020702 0ustar psagersstaff00000000000000v1.0.0 - August 13, 2020 - Update supported Django verisons -------------------------------------------------------------------------------- - Dropped support for Django < 2.2. - Version bumped to align with the core django-otp project. v0.6.0 - July 23, 2020 - Require TLS by default ------------------------------------------------------------------------------- - Validation services require TLS by default. Python now (for some time) verifies server certificates. - Removed vestigial Python 2 support. Updated the test matrix to match django-otp. v0.5.2 - September 12, 2019 - Preliminary Django 3.0 support ------------------------------------------------------------ Removed dependencies on Python 2 compatibility shims in Django < 3.0. v0.5.1 - August 26, 2019 - Housekeeping --------------------------------------- Build, test, and documentation cleanup. v0.5.0 - August 14, 2018 - Django 2.1 support --------------------------------------------- - Drop support for Django < 1.11. v0.4.2 - October 7, 2017 - Forward compatibility ------------------------------------------------ - Resolve deprecation warnings for forward compatibility. v0.4.1 - August 29, 2017 - Default keys --------------------------------------- - Fix `#25`_: make sure default keys are unicode values. .. _#25: https://bitbucket.org/psagers/django-otp/issues/25/attributeerror-bytes-object-has-no v0.4.0 - July 19, 2017 - Update support matrix ---------------------------------------------- - Drop support for versions of Django that are past EOL. v0.3.5 - November 27, 2016 - Forward compatbility for Django 2.0 ---------------------------------------------------------------- - Treat :attr:`~django.contrib.auth.models.User.is_authenticated` and :attr:`~django.contrib.auth.models.User.is_anonymous` as properties in Django 1.10 and later. - Add explict on_delete behavior for all foreign keys. v0.3.4 - July 23, 2016 - YubiKey fix ------------------------------------ - Fix for YubiKey token encoding on Python 3. v0.3.3 - January 10, 2016 - Python 3 cleanup -------------------------------------------- - All modules include all four Python 3 __future__ imports for consistency. - Migrations no longer have byte strings in them. v0.3.2 - October 11, 2015 - Admin --------------------------------- - Use ModelAdmin.raw_id_fields for foreign keys to users. v0.3.0 - February 7, 2015 - Support Django migrations ----------------------------------------------------- - otp_yubikey now has both Django and South migrations. Please see the `upgrade notes`_ for details on upgrading from previous versions. .. _upgrade notes: https://pythonhosted.org/django-otp/overview.html#upgrading v0.2.0 - November 10, 2013 - Django 1.6 --------------------------------------- - Now supports Django 1.4 to 1.6 on Python 2.6, 2.7, 3.2, and 3.3. This is the first release for Python 3. v0.1.3 - October 2, 2013 - Unit test fixes ------------------------------------------ - The move away from fixtures inadvertantly made the tests sensitive to the primary keys allocated by the database. v0.1.2 - May 9, 2013 - Unit test improvements --------------------------------------------- - Major unit test cleanup. Tests should pass or be skipped under all supported versions of Django, with or without custom users and timzeone support. v0.1.1 - May 8, 2013 - Packaging and test cleanup ------------------------------------------------- - Include fixtures in the installation so the tests pass. v0.1.0 - August 21, 2012 - Initial Release ------------------------------------------ Initial release. .. vim: ft=rst nospell tw=80 django-otp-yubikey-1.0.0.post1/LICENSE0000644000076600000240000000242113527557143020106 0ustar psagersstaff00000000000000Copyright (c) 2012, Peter Sagerson All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: - Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. - Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. django-otp-yubikey-1.0.0.post1/MANIFEST.in0000644000076600000240000000014413531012264020620 0ustar psagersstaff00000000000000include CHANGES.rst LICENSE README.rst recursive-include docs *.rst *.py Makefile prune docs/build django-otp-yubikey-1.0.0.post1/PKG-INFO0000644000076600000240000000353314033357520020171 0ustar psagersstaff00000000000000Metadata-Version: 1.2 Name: django-otp-yubikey Version: 1.0.0.post1 Summary: A django-otp plugin that verifies YubiKey OTP tokens. Home-page: https://github.com/django-otp/django-otp-yubikey Author: Peter Sagerson Author-email: psagers@ignorare.net License: BSD Project-URL: Documentation, https://django-otp-yubikey.readthedocs.io/ Project-URL: Source, https://github.com/django-otp/django-otp-yubikey Description: .. image:: https://img.shields.io/pypi/v/django-otp-yubikey?color=blue :target: https://pypi.org/project/django-otp-yubikey/ :alt: PyPI .. image:: https://img.shields.io/readthedocs/django-otp-yubikey :target: https://django-otp-yubikey.readthedocs.io/ :alt: Documentation .. image:: https://img.shields.io/badge/github-django--agent--trust-green :target: https://github.com/django-otp/django-otp-yubikey :alt: Source This is a django-otp plugin that handles `YubiKey `_ devices using the Yubico OTP algorithm. This includes two device definitions: one to verify YubiKey tokens locally and another to verify them against a `web service `_. See `django-otp `_ for more information on the OTP framework. .. _upgrade notes: https://django-otp-yubikey.readthedocs.io/#upgrading Platform: UNKNOWN Classifier: Development Status :: 5 - Production/Stable Classifier: Programming Language :: Python :: 3 Classifier: Programming Language :: Python :: 3 :: Only Classifier: Intended Audience :: Developers Classifier: License :: OSI Approved :: BSD License Classifier: Topic :: Security Classifier: Topic :: Software Development :: Libraries :: Python Modules Classifier: Framework :: Django django-otp-yubikey-1.0.0.post1/README.rst0000644000076600000240000000160213531040067020553 0ustar psagersstaff00000000000000.. image:: https://img.shields.io/pypi/v/django-otp-yubikey?color=blue :target: https://pypi.org/project/django-otp-yubikey/ :alt: PyPI .. image:: https://img.shields.io/readthedocs/django-otp-yubikey :target: https://django-otp-yubikey.readthedocs.io/ :alt: Documentation .. image:: https://img.shields.io/badge/github-django--agent--trust-green :target: https://github.com/django-otp/django-otp-yubikey :alt: Source This is a django-otp plugin that handles `YubiKey `_ devices using the Yubico OTP algorithm. This includes two device definitions: one to verify YubiKey tokens locally and another to verify them against a `web service `_. See `django-otp `_ for more information on the OTP framework. .. _upgrade notes: https://django-otp-yubikey.readthedocs.io/#upgrading django-otp-yubikey-1.0.0.post1/docs/0000755000076600000240000000000014033357520020020 5ustar psagersstaff00000000000000django-otp-yubikey-1.0.0.post1/docs/Makefile0000644000076600000240000001313513527557143021475 0ustar psagersstaff00000000000000# Makefile for Sphinx documentation # # You can set these variables from the command line. SPHINXOPTS = SPHINXBUILD = sphinx-build PAPER = BUILDDIR = build # Internal variables. PAPEROPT_a4 = -D latex_paper_size=a4 PAPEROPT_letter = -D latex_paper_size=letter ALLSPHINXOPTS = -d $(BUILDDIR)/doctrees $(PAPEROPT_$(PAPER)) $(SPHINXOPTS) source # the i18n builder cannot share the environment and doctrees with the others I18NSPHINXOPTS = $(PAPEROPT_$(PAPER)) $(SPHINXOPTS) source .PHONY: help clean html dirhtml singlehtml pickle json htmlhelp qthelp devhelp epub latex latexpdf text man changes linkcheck doctest gettext help: @echo "Please use \`make ' where is one of" @echo " html to make standalone HTML files" @echo " dirhtml to make HTML files named index.html in directories" @echo " singlehtml to make a single large HTML file" @echo " pickle to make pickle files" @echo " json to make JSON files" @echo " htmlhelp to make HTML files and a HTML help project" @echo " qthelp to make HTML files and a qthelp project" @echo " devhelp to make HTML files and a Devhelp project" @echo " epub to make an epub" @echo " latex to make LaTeX files, you can set PAPER=a4 or PAPER=letter" @echo " latexpdf to make LaTeX files and run them through pdflatex" @echo " text to make text files" @echo " man to make manual pages" @echo " texinfo to make Texinfo files" @echo " info to make Texinfo files and run them through makeinfo" @echo " gettext to make PO message catalogs" @echo " changes to make an overview of all changed/added/deprecated items" @echo " linkcheck to check all external links for integrity" @echo " doctest to run all doctests embedded in the documentation (if enabled)" clean: -rm -rf $(BUILDDIR)/* html: $(SPHINXBUILD) -b html $(ALLSPHINXOPTS) $(BUILDDIR)/html @echo @echo "Build finished. The HTML pages are in $(BUILDDIR)/html." dirhtml: $(SPHINXBUILD) -b dirhtml $(ALLSPHINXOPTS) $(BUILDDIR)/dirhtml @echo @echo "Build finished. The HTML pages are in $(BUILDDIR)/dirhtml." singlehtml: $(SPHINXBUILD) -b singlehtml $(ALLSPHINXOPTS) $(BUILDDIR)/singlehtml @echo @echo "Build finished. The HTML page is in $(BUILDDIR)/singlehtml." pickle: $(SPHINXBUILD) -b pickle $(ALLSPHINXOPTS) $(BUILDDIR)/pickle @echo @echo "Build finished; now you can process the pickle files." json: $(SPHINXBUILD) -b json $(ALLSPHINXOPTS) $(BUILDDIR)/json @echo @echo "Build finished; now you can process the JSON files." htmlhelp: $(SPHINXBUILD) -b htmlhelp $(ALLSPHINXOPTS) $(BUILDDIR)/htmlhelp @echo @echo "Build finished; now you can run HTML Help Workshop with the" \ ".hhp project file in $(BUILDDIR)/htmlhelp." qthelp: $(SPHINXBUILD) -b qthelp $(ALLSPHINXOPTS) $(BUILDDIR)/qthelp @echo @echo "Build finished; now you can run "qcollectiongenerator" with the" \ ".qhcp project file in $(BUILDDIR)/qthelp, like this:" @echo "# qcollectiongenerator $(BUILDDIR)/qthelp/django-otp-yubikey.qhcp" @echo "To view the help file:" @echo "# assistant -collectionFile $(BUILDDIR)/qthelp/django-otp-yubikey.qhc" devhelp: $(SPHINXBUILD) -b devhelp $(ALLSPHINXOPTS) $(BUILDDIR)/devhelp @echo @echo "Build finished." @echo "To view the help file:" @echo "# mkdir -p $$HOME/.local/share/devhelp/django-otp-yubikey" @echo "# ln -s $(BUILDDIR)/devhelp $$HOME/.local/share/devhelp/django-otp-yubikey" @echo "# devhelp" epub: $(SPHINXBUILD) -b epub $(ALLSPHINXOPTS) $(BUILDDIR)/epub @echo @echo "Build finished. The epub file is in $(BUILDDIR)/epub." latex: $(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex @echo @echo "Build finished; the LaTeX files are in $(BUILDDIR)/latex." @echo "Run \`make' in that directory to run these through (pdf)latex" \ "(use \`make latexpdf' here to do that automatically)." latexpdf: $(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex @echo "Running LaTeX files through pdflatex..." $(MAKE) -C $(BUILDDIR)/latex all-pdf @echo "pdflatex finished; the PDF files are in $(BUILDDIR)/latex." text: $(SPHINXBUILD) -b text $(ALLSPHINXOPTS) $(BUILDDIR)/text @echo @echo "Build finished. The text files are in $(BUILDDIR)/text." man: $(SPHINXBUILD) -b man $(ALLSPHINXOPTS) $(BUILDDIR)/man @echo @echo "Build finished. The manual pages are in $(BUILDDIR)/man." texinfo: $(SPHINXBUILD) -b texinfo $(ALLSPHINXOPTS) $(BUILDDIR)/texinfo @echo @echo "Build finished. The Texinfo files are in $(BUILDDIR)/texinfo." @echo "Run \`make' in that directory to run these through makeinfo" \ "(use \`make info' here to do that automatically)." info: $(SPHINXBUILD) -b texinfo $(ALLSPHINXOPTS) $(BUILDDIR)/texinfo @echo "Running Texinfo files through makeinfo..." make -C $(BUILDDIR)/texinfo info @echo "makeinfo finished; the Info files are in $(BUILDDIR)/texinfo." gettext: $(SPHINXBUILD) -b gettext $(I18NSPHINXOPTS) $(BUILDDIR)/locale @echo @echo "Build finished. The message catalogs are in $(BUILDDIR)/locale." changes: $(SPHINXBUILD) -b changes $(ALLSPHINXOPTS) $(BUILDDIR)/changes @echo @echo "The overview file is in $(BUILDDIR)/changes." linkcheck: $(SPHINXBUILD) -b linkcheck $(ALLSPHINXOPTS) $(BUILDDIR)/linkcheck @echo @echo "Link check complete; look for any errors in the above output " \ "or in $(BUILDDIR)/linkcheck/output.txt." doctest: $(SPHINXBUILD) -b doctest $(ALLSPHINXOPTS) $(BUILDDIR)/doctest @echo "Testing of doctests in the sources finished, look at the " \ "results in $(BUILDDIR)/doctest/output.txt." zip: rm build/html.zip || true cd build/html && zip -R ../html.zip '*' -x .buildinfo -x '_sources/*' django-otp-yubikey-1.0.0.post1/docs/ext/0000755000076600000240000000000014033357520020620 5ustar psagersstaff00000000000000django-otp-yubikey-1.0.0.post1/docs/ext/otpdocs.py0000644000076600000240000000033113531036771022646 0ustar psagersstaff00000000000000""" Extra stuff for the django-otp Sphinx docs. """ def setup(app): app.add_crossref_type( directivename = "setting", rolename = "setting", indextemplate = "pair: %s; setting", ) django-otp-yubikey-1.0.0.post1/docs/source/0000755000076600000240000000000014033357520021320 5ustar psagersstaff00000000000000django-otp-yubikey-1.0.0.post1/docs/source/changes.rst0000644000076600000240000000006213527557143023472 0ustar psagersstaff00000000000000Change Log ========== .. include:: ../../CHANGES django-otp-yubikey-1.0.0.post1/docs/source/conf.py0000644000076600000240000002131613715340653022627 0ustar psagersstaff00000000000000# -*- coding: utf-8 -*- # # django-otp-yubikey documentation build configuration file, created by # sphinx-quickstart on Sun Jul 22 16:13:25 2012. # # This file is execfile()d with the current directory set to its containing dir. # # Note that not all possible configuration values are present in this # autogenerated file. # # All configuration values have a default; values that are commented out # serve to show the default. import os import sys # autodoc and viewcode need valid settings in order to process Django modules. import django import django.conf # If extensions (or modules to document with autodoc) are in another directory, # add these directories to sys.path here. If the directory is relative to the # documentation root, use os.path.abspath to make it absolute, like shown here. sys.path.insert(0, os.path.abspath('../ext')) # -- General configuration ----------------------------------------------------- # If your documentation needs a minimal Sphinx version, state it here. # needs_sphinx = '1.0' # Add any Sphinx extension module names here, as strings. They can be extensions # coming with Sphinx (named 'sphinx.ext.*') or your custom ones. extensions = [ 'sphinx.ext.autodoc', 'sphinx.ext.intersphinx', 'sphinx.ext.viewcode', 'otpdocs', ] django.conf.settings.configure( DATABASES={ 'default': { 'ENGINE': 'django.db.backends.sqlite3', } }, INSTALLED_APPS=[ 'django.contrib.admin', 'django.contrib.auth', 'django.contrib.contenttypes', 'django.contrib.sessions', 'django.contrib.messages', 'django_otp', 'otp_yubikey', ] ) django.setup() intersphinx_mapping = { 'python': ('http://docs.python.org/3/', None), 'django': ('https://docs.djangoproject.com/en/1.11/', 'https://docs.djangoproject.com/en/1.11/_objects/'), 'django-otp': ('http://django-otp-official.readthedocs.io/en/latest/', None), 'yubiotp': ('http://yubiotp.readthedocs.io/en/latest/', None), } # Add any paths that contain templates here, relative to this directory. templates_path = ['_templates'] # The suffix of source filenames. source_suffix = '.rst' # The encoding of source files. # source_encoding = 'utf-8-sig' # The master toctree document. master_doc = 'index' # General information about the project. project = 'django-otp-yubikey' copyright = '2012, Peter Sagerson' # The version info for the project you're documenting, acts as replacement for # |version| and |release|, also used in various other places throughout the # built documents. # # The full version, including alpha/beta/rc tags. release = '1.0.0' # The short X.Y version. version = '.'.join(release.split('.')[:2]) # The language for content autogenerated by Sphinx. Refer to documentation # for a list of supported languages. # language = None # There are two options for replacing |today|: either, you set today to some # non-false value, then it is used: # today = '' # Else, today_fmt is used as the format for a strftime call. # today_fmt = '%B %d, %Y' # List of patterns, relative to source directory, that match files and # directories to ignore when looking for source files. exclude_patterns = [] # The reST default role (used for this markup: `text`) to use for all documents. # default_role = None # If true, '()' will be appended to :func: etc. cross-reference text. # add_function_parentheses = True # If true, the current module name will be prepended to all description # unit titles (such as .. function::). # add_module_names = True # If true, sectionauthor and moduleauthor directives will be shown in the # output. They are ignored by default. # show_authors = False # The name of the Pygments (syntax highlighting) style to use. pygments_style = 'sphinx' # A list of ignored prefixes for module index sorting. # modindex_common_prefix = [] # -- Options for HTML output --------------------------------------------------- # The theme to use for HTML and HTML Help pages. See the documentation for # a list of builtin themes. html_theme = 'default' # Theme options are theme-specific and customize the look and feel of a theme # further. For a list of options available for each theme, see the # documentation. # html_theme_options = {} # Add any paths that contain custom themes here, relative to this directory. # html_theme_path = [] # The name for this set of Sphinx documents. If None, it defaults to # " v documentation". # html_title = None # A shorter title for the navigation bar. Default is the same as html_title. # html_short_title = None # The name of an image file (relative to this directory) to place at the top # of the sidebar. # html_logo = None # The name of an image file (within the static path) to use as favicon of the # docs. This file should be a Windows icon file (.ico) being 16x16 or 32x32 # pixels large. # html_favicon = None # Add any paths that contain custom static files (such as style sheets) here, # relative to this directory. They are copied after the builtin static files, # so a file named "default.css" will overwrite the builtin "default.css". # html_static_path = ['_static'] # If not '', a 'Last updated on:' timestamp is inserted at every page bottom, # using the given strftime format. # html_last_updated_fmt = '%b %d, %Y' # If true, SmartyPants will be used to convert quotes and dashes to # typographically correct entities. # html_use_smartypants = True # Custom sidebar templates, maps document names to template names. # html_sidebars = {} # Additional templates that should be rendered to pages, maps page names to # template names. # html_additional_pages = {} # If false, no module index is generated. # html_domain_indices = True # If false, no index is generated. # html_use_index = True # If true, the index is split into individual pages for each letter. # html_split_index = False # If true, links to the reST sources are added to the pages. # html_show_sourcelink = True # If true, "Created using Sphinx" is shown in the HTML footer. Default is True. # html_show_sphinx = True # If true, "(C) Copyright ..." is shown in the HTML footer. Default is True. # html_show_copyright = True # If true, an OpenSearch description file will be output, and all pages will # contain a tag referring to it. The value of this option must be the # base URL from which the finished HTML is served. # html_use_opensearch = '' # This is the file name suffix for HTML files (e.g. ".xhtml"). # html_file_suffix = None # Output file base name for HTML help builder. htmlhelp_basename = 'django-otp-yubikeydoc' # -- Options for LaTeX output -------------------------------------------------- latex_elements = { # The paper size ('letterpaper' or 'a4paper'). # 'papersize': 'letterpaper', # The font size ('10pt', '11pt' or '12pt'). # 'pointsize': '10pt', # Additional stuff for the LaTeX preamble. # 'preamble': '', } # Grouping the document tree into LaTeX files. List of tuples # (source start file, target name, title, author, documentclass [howto/manual]). latex_documents = [ ('index', 'django-otp-yubikey.tex', 'django-otp-yubikey Documentation', 'Peter Sagerson', 'manual'), ] # The name of an image file (relative to this directory) to place at the top of # the title page. # latex_logo = None # For "manual" documents, if this is true, then toplevel headings are parts, # not chapters. # latex_use_parts = False # If true, show page references after internal links. # latex_show_pagerefs = False # If true, show URL addresses after external links. # latex_show_urls = False # Documents to append as an appendix to all manuals. # latex_appendices = [] # If false, no module index is generated. # latex_domain_indices = True # -- Options for manual page output -------------------------------------------- # One entry per manual page. List of tuples # (source start file, name, description, authors, manual section). man_pages = [ ('index', 'django-otp-yubikey', 'django-otp-yubikey Documentation', ['Peter Sagerson'], 1) ] # If true, show URL addresses after external links. # man_show_urls = False # -- Options for Texinfo output ------------------------------------------------ # Grouping the document tree into Texinfo files. List of tuples # (source start file, target name, title, author, # dir menu entry, description, category) texinfo_documents = [ ('index', 'django-otp-yubikey', 'django-otp-yubikey Documentation', 'Peter Sagerson', 'django-otp-yubikey', 'One line description of project.', 'Miscellaneous'), ] # Documents to append as an appendix to all manuals. # texinfo_appendices = [] # If false, no module index is generated. # texinfo_domain_indices = True # How to display URL addresses: 'footnote', 'no', or 'inline'. # texinfo_show_urls = 'footnote' django-otp-yubikey-1.0.0.post1/docs/source/index.rst0000644000076600000240000000223113531025757023165 0ustar psagersstaff00000000000000django-otp-yubikey ================== .. include:: ../../README.rst Installation ------------ django-otp-yubikey can be installed via pip:: pip install django-otp-yubikey Once installed it should be added to INSTALLED_APPS after django_otp core:: INSTALLED_APPS = [ ... 'django_otp', 'django_otp.plugins.otp_totp', 'django_otp.plugins.otp_hotp', 'django_otp.plugins.otp_static', 'otp_yubikey', ] Local Verification ------------------ .. autoclass:: otp_yubikey.models.YubikeyDevice :members: Remote Verification ------------------- .. autoclass:: otp_yubikey.models.ValidationService :members: .. autoclass:: otp_yubikey.models.RemoteYubikeyDevice :members: Admin ----- The following :class:`~django.contrib.admin.ModelAdmin` subclasses are registered with the default admin site. We recommend their use with custom admin sites as well: .. autoclass:: otp_yubikey.admin.YubikeyDeviceAdmin .. autoclass:: otp_yubikey.admin.ValidationServiceAdmin .. autoclass:: otp_yubikey.admin.RemoteYubikeyDeviceAdmin Changes ------- :doc:`changes` License ======= .. include:: ../../LICENSE django-otp-yubikey-1.0.0.post1/setup.cfg0000644000076600000240000000022314033357520020706 0ustar psagersstaff00000000000000[metadata] long_description = file: README.rst [flake8] ignore = W504 E501 [bdist_wheel] universal = 1 [egg_info] tag_build = tag_date = 0 django-otp-yubikey-1.0.0.post1/setup.py0000755000076600000240000000210414033357452020606 0ustar psagersstaff00000000000000#!/usr/bin/env python from setuptools import find_packages, setup setup( name='django-otp-yubikey', version='1.0.0.post1', description='A django-otp plugin that verifies YubiKey OTP tokens.', author='Peter Sagerson', author_email='psagers@ignorare.net', url='https://github.com/django-otp/django-otp-yubikey', project_urls={ "Documentation": 'https://django-otp-yubikey.readthedocs.io/', "Source": 'https://github.com/django-otp/django-otp-yubikey', }, license='BSD', classifiers=[ "Development Status :: 5 - Production/Stable", "Programming Language :: Python :: 3", "Programming Language :: Python :: 3 :: Only", "Intended Audience :: Developers", "License :: OSI Approved :: BSD License", "Topic :: Security", "Topic :: Software Development :: Libraries :: Python Modules", "Framework :: Django", ], package_dir={'': 'src'}, packages=find_packages(where='src'), install_requires=[ 'django-otp >= 1.0.0', 'YubiOTP >= 0.2.2', ], ) django-otp-yubikey-1.0.0.post1/src/0000755000076600000240000000000014033357520017657 5ustar psagersstaff00000000000000django-otp-yubikey-1.0.0.post1/src/django_otp_yubikey.egg-info/0000755000076600000240000000000014033357520025236 5ustar psagersstaff00000000000000django-otp-yubikey-1.0.0.post1/src/django_otp_yubikey.egg-info/PKG-INFO0000644000076600000240000000353314033357520026337 0ustar psagersstaff00000000000000Metadata-Version: 1.2 Name: django-otp-yubikey Version: 1.0.0.post1 Summary: A django-otp plugin that verifies YubiKey OTP tokens. Home-page: https://github.com/django-otp/django-otp-yubikey Author: Peter Sagerson Author-email: psagers@ignorare.net License: BSD Project-URL: Documentation, https://django-otp-yubikey.readthedocs.io/ Project-URL: Source, https://github.com/django-otp/django-otp-yubikey Description: .. image:: https://img.shields.io/pypi/v/django-otp-yubikey?color=blue :target: https://pypi.org/project/django-otp-yubikey/ :alt: PyPI .. image:: https://img.shields.io/readthedocs/django-otp-yubikey :target: https://django-otp-yubikey.readthedocs.io/ :alt: Documentation .. image:: https://img.shields.io/badge/github-django--agent--trust-green :target: https://github.com/django-otp/django-otp-yubikey :alt: Source This is a django-otp plugin that handles `YubiKey `_ devices using the Yubico OTP algorithm. This includes two device definitions: one to verify YubiKey tokens locally and another to verify them against a `web service `_. See `django-otp `_ for more information on the OTP framework. .. _upgrade notes: https://django-otp-yubikey.readthedocs.io/#upgrading Platform: UNKNOWN Classifier: Development Status :: 5 - Production/Stable Classifier: Programming Language :: Python :: 3 Classifier: Programming Language :: Python :: 3 :: Only Classifier: Intended Audience :: Developers Classifier: License :: OSI Approved :: BSD License Classifier: Topic :: Security Classifier: Topic :: Software Development :: Libraries :: Python Modules Classifier: Framework :: Django django-otp-yubikey-1.0.0.post1/src/django_otp_yubikey.egg-info/SOURCES.txt0000644000076600000240000000116614033357520027126 0ustar psagersstaff00000000000000CHANGES.rst LICENSE MANIFEST.in README.rst setup.cfg setup.py docs/Makefile docs/ext/otpdocs.py docs/source/changes.rst docs/source/conf.py docs/source/index.rst src/django_otp_yubikey.egg-info/PKG-INFO src/django_otp_yubikey.egg-info/SOURCES.txt src/django_otp_yubikey.egg-info/dependency_links.txt src/django_otp_yubikey.egg-info/requires.txt src/django_otp_yubikey.egg-info/top_level.txt src/otp_yubikey/__init__.py src/otp_yubikey/admin.py src/otp_yubikey/models.py src/otp_yubikey/tests.py src/otp_yubikey/migrations/0001_initial.py src/otp_yubikey/migrations/0002_auto_20200723_1650.py src/otp_yubikey/migrations/__init__.pydjango-otp-yubikey-1.0.0.post1/src/django_otp_yubikey.egg-info/dependency_links.txt0000644000076600000240000000000114033357520031304 0ustar psagersstaff00000000000000 django-otp-yubikey-1.0.0.post1/src/django_otp_yubikey.egg-info/requires.txt0000644000076600000240000000004114033357520027631 0ustar psagersstaff00000000000000django-otp>=1.0.0 YubiOTP>=0.2.2 django-otp-yubikey-1.0.0.post1/src/django_otp_yubikey.egg-info/top_level.txt0000644000076600000240000000001414033357520027763 0ustar psagersstaff00000000000000otp_yubikey django-otp-yubikey-1.0.0.post1/src/otp_yubikey/0000755000076600000240000000000014033357520022222 5ustar psagersstaff00000000000000django-otp-yubikey-1.0.0.post1/src/otp_yubikey/__init__.py0000644000076600000240000000000013527557143024333 0ustar psagersstaff00000000000000django-otp-yubikey-1.0.0.post1/src/otp_yubikey/admin.py0000644000076600000240000000351313706353555023700 0ustar psagersstaff00000000000000from django.contrib import admin from django.contrib.admin.sites import AlreadyRegistered from .models import RemoteYubikeyDevice, ValidationService, YubikeyDevice class YubikeyDeviceAdmin(admin.ModelAdmin): """ :class:`~django.contrib.admin.ModelAdmin` for :class:`~otp_yubikey.models.YubikeyDevice`. """ list_display = ['user', 'name', 'public_id'] fieldsets = [ ('Identity', { 'fields': ['user', 'name', 'confirmed'], }), ('Configuration', { 'fields': ['private_id', 'key'], }), ('State', { 'fields': ['session', 'counter'], }), ] raw_id_fields = ['user'] class ValidationServiceAdmin(admin.ModelAdmin): """ :class:`~django.contrib.admin.ModelAdmin` for :class:`~otp_yubikey.models.ValidationService`. """ fieldsets = [ ('Common Options', { 'fields': ['name', 'api_id', 'api_key'], }), ('Other Options', { 'fields': ['base_url', 'api_version', 'use_ssl', 'param_sl', 'param_timeout'], }), ] radio_fields = {'api_version': admin.HORIZONTAL} class RemoteYubikeyDeviceAdmin(admin.ModelAdmin): """ :class:`~django.contrib.admin.ModelAdmin` for :class:`~otp_yubikey.models.RemoteYubikeyDevice`. """ fieldsets = [ ('Identity', { 'fields': ['user', 'name', 'confirmed'], }), ('Configuration', { 'fields': ['service', 'public_id'], }), ] raw_id_fields = ['user'] try: admin.site.register(YubikeyDevice, YubikeyDeviceAdmin) admin.site.register(ValidationService, ValidationServiceAdmin) admin.site.register(RemoteYubikeyDevice, RemoteYubikeyDeviceAdmin) except AlreadyRegistered: # Useless exception triggered by multiple imports. pass django-otp-yubikey-1.0.0.post1/src/otp_yubikey/migrations/0000755000076600000240000000000014033357520024376 5ustar psagersstaff00000000000000django-otp-yubikey-1.0.0.post1/src/otp_yubikey/migrations/0001_initial.py0000644000076600000240000001114513527557143027055 0ustar psagersstaff00000000000000# -*- coding: utf-8 -*- from __future__ import unicode_literals from django.db import models, migrations import otp_yubikey.models from django.conf import settings class Migration(migrations.Migration): dependencies = [ migrations.swappable_dependency(settings.AUTH_USER_MODEL), ] operations = [ migrations.CreateModel( name='RemoteYubikeyDevice', fields=[ ('id', models.AutoField(verbose_name='ID', serialize=False, auto_created=True, primary_key=True)), ('name', models.CharField(help_text='The human-readable name of this device.', max_length=64)), ('confirmed', models.BooleanField(default=True, help_text='Is this device ready for use?')), ('public_id', models.CharField(help_text='The public identity of the YubiKey (modhex-encoded).', max_length=32, verbose_name='Public ID')), ], options={ 'abstract': False, 'verbose_name': 'Remote YubiKey device', }, bases=(models.Model,), ), migrations.CreateModel( name='ValidationService', fields=[ ('id', models.AutoField(verbose_name='ID', serialize=False, auto_created=True, primary_key=True)), ('name', models.CharField(help_text='The name of this validation service.', max_length=32)), ('api_id', models.IntegerField(default=1, help_text='Your API ID.', verbose_name='API ID')), ('api_key', models.CharField(default='', help_text='Your base64-encoded API key.', max_length=64, verbose_name='API key', blank=True)), ('base_url', models.URLField(default='', help_text="The base URL of the verification service. Defaults to Yubico's hosted API.", verbose_name='Base URL', blank=True)), ('api_version', models.CharField(default='2.0', help_text='The version of the validation api to use.', max_length=8, choices=[('1.0', '1.0'), ('1.1', '1.1'), ('2.0', '2.0')])), ('use_ssl', models.BooleanField(default=False, help_text='Use HTTPS API URLs by default?', verbose_name='Use SSL')), ('param_sl', models.CharField(default=None, help_text='The level of syncing required.', max_length=16, verbose_name='SL', blank=True)), ('param_timeout', models.CharField(default=None, help_text='The time to allow for syncing.', max_length=16, verbose_name='Timeout', blank=True)), ], options={ 'verbose_name': 'YubiKey validation service', }, bases=(models.Model,), ), migrations.CreateModel( name='YubikeyDevice', fields=[ ('id', models.AutoField(verbose_name='ID', serialize=False, auto_created=True, primary_key=True)), ('name', models.CharField(help_text='The human-readable name of this device.', max_length=64)), ('confirmed', models.BooleanField(default=True, help_text='Is this device ready for use?')), ('private_id', models.CharField(default=otp_yubikey.models.default_id, help_text='The 6-byte private ID (hex-encoded).', max_length=12, verbose_name='Private ID', validators=[otp_yubikey.models.id_validator])), ('key', models.CharField(default=otp_yubikey.models.default_key, help_text='The 16-byte AES key shared with this YubiKey (hex-encoded).', max_length=32, validators=[otp_yubikey.models.key_validator])), ('session', models.PositiveIntegerField(default=0, help_text='The non-volatile session counter most recently used by this device.')), ('counter', models.PositiveIntegerField(default=0, help_text='The volatile session usage counter most recently used by this device.')), ('user', models.ForeignKey(help_text='The user that this device belongs to.', to=settings.AUTH_USER_MODEL, on_delete=models.CASCADE)), ], options={ 'abstract': False, 'verbose_name': 'Local YubiKey device', }, bases=(models.Model,), ), migrations.AddField( model_name='remoteyubikeydevice', name='service', field=models.ForeignKey(to='otp_yubikey.ValidationService', on_delete=models.CASCADE), preserve_default=True, ), migrations.AddField( model_name='remoteyubikeydevice', name='user', field=models.ForeignKey(help_text='The user that this device belongs to.', to=settings.AUTH_USER_MODEL, on_delete=models.CASCADE), preserve_default=True, ), ] django-otp-yubikey-1.0.0.post1/src/otp_yubikey/migrations/0002_auto_20200723_1650.py0000644000076600000240000000071613706352732030025 0ustar psagersstaff00000000000000# Generated by Django 2.2.14 on 2020-07-23 16:50 from django.db import migrations, models class Migration(migrations.Migration): dependencies = [ ('otp_yubikey', '0001_initial'), ] operations = [ migrations.AlterField( model_name='validationservice', name='use_ssl', field=models.BooleanField(default=True, help_text='Use HTTPS API URLs by default?', verbose_name='Use SSL'), ), ] django-otp-yubikey-1.0.0.post1/src/otp_yubikey/migrations/__init__.py0000644000076600000240000000000013527557143026507 0ustar psagersstaff00000000000000django-otp-yubikey-1.0.0.post1/src/otp_yubikey/models.py0000644000076600000240000001674114033351412024062 0ustar psagersstaff00000000000000from base64 import b64decode from binascii import hexlify, unhexlify from struct import pack from django.db import models from django.utils.encoding import force_str from django_otp.models import Device from django_otp.util import hex_validator, random_hex from yubiotp.client import YubiClient10, YubiClient11, YubiClient20 from yubiotp.modhex import modhex from yubiotp.otp import decode_otp def default_id(): return force_str(random_hex(6)) def id_validator(value): return hex_validator(6)(value) def default_key(): return force_str(random_hex(16)) def key_validator(value): return hex_validator(16)(value) class YubikeyDevice(Device): """ Represents a locally-verified YubiKey OTP :class:`~django_otp.models.Device`. .. attribute:: private_id *CharField*: The 6-byte private ID (hex-encoded). .. attribute:: key *CharField*: The 16-byte AES key shared with this YubiKey (hex-encoded). .. attribute:: session *PositiveIntegerField*: The non-volatile session counter most recently used by this device. .. attribute:: counter *PositiveIntegerField*: The volatile session usage counter most recently used by this device. """ private_id = models.CharField( max_length=12, validators=[id_validator], default=default_id, verbose_name="Private ID", help_text="The 6-byte private ID (hex-encoded)." ) key = models.CharField( max_length=32, validators=[key_validator], default=default_key, help_text="The 16-byte AES key shared with this YubiKey (hex-encoded)." ) session = models.PositiveIntegerField( default=0, help_text="The non-volatile session counter most recently used by this device." ) counter = models.PositiveIntegerField( default=0, help_text="The volatile session usage counter most recently used by this device." ) class Meta(Device.Meta): verbose_name = "Local YubiKey device" def public_id(self): """ The public ID of this device is the four-byte, big-endian, modhex-encoded primary key. """ return modhex(pack('>I', self.id)) public_id.short_description = 'Public Identity' public_id.admin_order_field = 'id' @property def bin_key(self): return unhexlify(self.key.encode()) def verify_token(self, token): if isinstance(token, str): token = token.encode('utf-8') try: public_id, otp = decode_otp(token, self.bin_key) except Exception: return False if public_id != self.public_id(): return False if hexlify(otp.uid) != self.private_id.encode(): return False if otp.session < self.session: return False if (otp.session == self.session) and (otp.counter <= self.counter): return False # All tests pass. Update the counters and return the good news. self.session = otp.session self.counter = otp.counter self.save() return True class ValidationService(models.Model): """ Represents a YubiKey validation web service. By default, this will point to Yubico's official hosted service, which you can customize. You can also create instances to point at any other service implementing the same protocol. .. attribute:: name *CharField*: The name of this validation service. .. attribute:: api_id *IntegerField*: Your API ID. The server needs this to sign responsees. (Default: 1) .. attribute:: api_key *CharField*: Your base64-encoded API key, used to sign requests. This is optional but strongly recommended. (Default: ``''``) .. attribute:: base_url *URLField*: The base URL of the verification service. Defaults to Yubico's hosted API. .. attribute:: api_version *CharField*: The version of the validation API to use: '1.0', '1.1', or '2.0'. (Default: '2.0') .. attribute:: use_ssl *BooleanField*: If ``True``, we'll use the HTTPS versions of the default URLs. (Default: ``True``). .. attribute:: param_sl *CharField*: The level of syncing required. See :class:`~yubiotp.client.YubiClient20`. .. attribute:: param_timeout *CharField*: The time to allow for syncing. See :class:`~yubiotp.client.YubiClient20`. """ API_VERSIONS = ['1.0', '1.1', '2.0'] name = models.CharField( max_length=32, help_text="The name of this validation service." ) api_id = models.IntegerField( default=1, verbose_name="API ID", help_text="Your API ID." ) api_key = models.CharField( max_length=64, blank=True, default='', verbose_name="API key", help_text="Your base64-encoded API key." ) base_url = models.URLField( blank=True, default='', verbose_name="Base URL", help_text="The base URL of the verification service. Defaults to Yubico's hosted API." ) api_version = models.CharField( max_length=8, choices=list(zip(API_VERSIONS, API_VERSIONS)), default='2.0', help_text="The version of the validation api to use." ) use_ssl = models.BooleanField( default=True, verbose_name="Use SSL", help_text="Use HTTPS API URLs by default?" ) param_sl = models.CharField( max_length=16, blank=True, default=None, verbose_name="SL", help_text="The level of syncing required." ) param_timeout = models.CharField( max_length=16, blank=True, default=None, verbose_name="Timeout", help_text="The time to allow for syncing." ) class Meta(object): verbose_name = "YubiKey validation service" def __unicode__(self): return self.name def get_client(self): api_key = b64decode(self.api_key.encode()) or None if self.api_version == '2.0': client = YubiClient20(self.api_id, api_key, self.use_ssl, False, self.param_sl or None, self.param_timeout or None) elif self.api_version == '1.1': client = YubiClient11(self.api_id, api_key, self.use_ssl) else: client = YubiClient10(self.api_id, api_key, self.use_ssl) if self.base_url: client.base_url = self.base_url return client class RemoteYubikeyDevice(Device): """ Represents a YubiKey device that is to be verified with a remote validation service. In order create these devices, you must have at least one :class:`~otp_yubikey.models.ValidationService` in the database. .. attribute:: service *ForeignKey*: The validation service to use for this device. .. attribute:: public_id *CharField*: The public identity of the YubiKey (modhex-encoded). """ service = models.ForeignKey(ValidationService, on_delete=models.CASCADE) public_id = models.CharField(max_length=32, verbose_name="Public ID", help_text="The public identity of the YubiKey (modhex-encoded).") class Meta(Device.Meta): verbose_name = "Remote YubiKey device" def verify_token(self, token): verified = False if token[:-32] == self.public_id: client = self.service.get_client() response = client.verify(token) verified = response.is_ok() return verified django-otp-yubikey-1.0.0.post1/src/otp_yubikey/tests.py0000644000076600000240000000732113706353555023753 0ustar psagersstaff00000000000000from binascii import unhexlify from django.db import IntegrityError from django_otp.tests import TestCase from yubiotp.otp import YubiKey, encode_otp class YubikeyTest(TestCase): # YubiKey device simulators. alice_key = YubiKey(unhexlify(b'5dc30490956b'), 6, 0) bob_key = YubiKey(unhexlify(b'326f70826d31'), 11, 0) def setUp(self): try: alice = self.create_user('alice', 'password') bob = self.create_user('bob', 'password') except IntegrityError: self.skipTest("Unable to create the test user") else: self.alice_device = alice.yubikeydevice_set.create( private_id='5dc30490956b', key='fb362a0853be5e5306d5cc2483f279cb', session=5, counter=0) self.alice_public = self.alice_device.public_id() self.bob_device = bob.yubikeydevice_set.create( private_id='326f70826d31', key='11080a0e7a56d0a1546f327f20626308', session=10, counter=3) self.bob_public = self.bob_device.public_id() def test_verify_alice(self): _, token = self.alice_token() ok = self.alice_device.verify_token(token) self.assertTrue(ok) def test_verify_unicode(self): _, token = self.alice_token() ok = self.alice_device.verify_token(token.decode('ascii')) self.assertTrue(ok) def test_counter_increment(self): otp, token = self.alice_token(5, 7) ok = self.alice_device.verify_token(token) self.assertTrue(ok) self.assertEqual(self.alice_device.session, 5) self.assertEqual(self.alice_device.counter, 7) def test_no_verify_mismatch(self): _, token = self.alice_token() ok = self.bob_device.verify_token(token) self.assertFalse(ok) def test_replay(self): otp, token = self.alice_token() ok1 = self.alice_device.verify_token(token) ok2 = self.alice_device.verify_token(token) self.assertTrue(ok1) self.assertFalse(ok2) self.assertEqual(self.alice_device.session, otp.session) self.assertEqual(self.alice_device.counter, otp.counter) def test_bad_public_id(self): self.alice_public = self.bob_public otp, token = self.alice_token() ok = self.alice_device.verify_token(token) self.assertFalse(ok) def test_bad_private_id(self): alice_key = YubiKey(unhexlify(b'2627dc624cbd'), 6, 0) otp = alice_key.generate() token = encode_otp(otp, self.alice_aes, self.alice_public) ok = self.alice_device.verify_token(token) self.assertFalse(ok) def test_session_replay(self): otp, token = self.alice_token(4, 0) ok = self.alice_device.verify_token(token) self.assertFalse(ok) def test_counter_replay(self): otp, token = self.alice_token(5, 0) ok = self.alice_device.verify_token(token) self.assertFalse(ok) def test_bad_decrypt(self): otp = self.alice_key.generate() token = encode_otp(otp, self.bob_aes, self.alice_public) ok = self.alice_device.verify_token(token) self.assertFalse(ok) def test_bogus_token(self): ok = self.alice_device.verify_token('completelybogus') self.assertFalse(ok) def alice_token(self, session=None, counter=None): otp = self.alice_key.generate() if session is not None: otp.session = session if counter is not None: otp.counter = counter return otp, encode_otp(otp, self.alice_aes, self.alice_public) @property def alice_aes(self): return self.alice_device.bin_key @property def bob_aes(self): return self.bob_device.bin_key