I try to verify a code generate by simply-jwt, but the second step when I tried to verify this, it's become False and I try to understand why
the purpose it's to generate a code after login and verify this code in a second step
here the views calls on the url:
class ObtainAuthTokenStep1(TokenViewBase):
serializer_class = AuthTokenSerializer
def post(self, request, *args, **kwargs):
serializer = self.get_serializer(data=request.data)
if serializer.is_valid():
user = serializer.validated_data['user']
# Generate a 2FA code and secret
secret = base64.b32encode(SECRET_KEY.encode()).decode()
totp = pyotp.TOTP(secret)
verification_code = totp.now()
send_verification_code_via_email(user, verification_code)
# Generate a code token with the secret embedded
refresh = RefreshToken.for_user(user)
refresh['totp_secret'] = secret
code_token = str(refresh.access_token)
response_data = {
'code_token': code_token,
'message': 'Verification code sent to your email.'
}
return Response(response_data, status=status.HTTP_200_OK)
return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
and the serializers for the check:
class AuthTokenStep2Serializer(serializers.Serializer):
code_token = serializers.CharField()
code = serializers.CharField()
def validate(self, attrs):
code_token = attrs.get('code_token')
code = attrs.get('code')
if code_token and code:
decode_token(code_token)
secret = base64.b32encode(SECRET_KEY.encode()).decode()
totp = pyotp.TOTP(secret)
if not totp.verify(code):
raise serializers.ValidationError(_('Invalid code.'))
else:
raise serializers.ValidationError(_('Must include "code_token" and "code".'))
return attrs
If I do the same thing in a terminal I don't have any problem and the sending code work well
