%global _empty_manifest_terminate_build 0 Name: python-yubival Version: 0.2.0 Release: 1 Summary: Django app that runs a standalone Yubikey validation server License: GPL-3.0-or-later URL: https://github.com/bruot/yubival Source0: https://mirrors.aliyun.com/pypi/web/packages/b5/f4/3105b129ebb8dc2c962abb16f76e9f3efd6cf85f56ba7b41a67248739a5c/yubival-0.2.0.tar.gz BuildArch: noarch Requires: python3-Django Requires: python3-YubiOTP %description ![Default branch test status](https://github.com/bruot/yubival/actions/workflows/test.yml/badge.svg) ![main branch coverage](https://codecov.io/gh/bruot/yubival/branch/main/graph/badge.svg?token=PNVDEEOHTU) # Yubival This Django app runs a standalone Yubikey OTP validation server. It implements [version 2.0 of the validation protocol](https://developers.yubico.com/yubikey-val/Validation_Protocol_V2.0.html) limited to the case of a single validation server. YubiKey devices and server API keys can easily be managed in the Django admin site or via command line. ## Installation Yubival can be integrated to any existing Django project. Alternatively, you can create a new Django site to host your validation server. If unfamiliar with Django, please follow the instructions at "Create a new standalone validation server" below. ### Add Yubival to an existing Django project Install the package from PyPI: ``` $ pip install yubival ``` Add `'yubival'` to the `INSTALLED_APPS` setting in settings.py. It is not required to enable the admin site. If you do, `INSTALLED_APPS` may look like: ``` INSTALLED_APPS = [ 'django.contrib.admin', 'django.contrib.auth', 'django.contrib.contenttypes', 'django.contrib.sessions', 'django.contrib.messages', 'django.contrib.staticfiles', 'yubival', ] ``` Add the app URLs to the root urls.py file: ``` from django.contrib import admin from django.urls import path, include urlpatterns = [ # ... path('admin/', admin.site.urls), # optional path('', include('yubival.urls')), ] ``` Update the database: ``` python manage.py migrate ``` When running the server, you should now be able to query the API at `/wsapi/2.0/verify`. When not providing any GET parameters, this returns a `MISSING_PARAMETER` status: ``` t=2021-10-29T08:31:11.885803 status=MISSING_PARAMETER ``` ### Create a new standalone validation server This section explains how to setup a new Django site with Yubival. It was tested on a Debian 10 distribution, with Python 3.9 and Django 3.2. Create a directory for the project: ``` $ mkdir myyubival $ cd myyubival ``` Create a Python environment and activate it: ``` $ python3 -m venv venv $ source venv/bin/activate ``` Install Django and Yubival: ``` $ pip install Django yubival ``` Create a new Django project and browse to the newly created directory: ``` $ django-admin startproject myyubival $ cd myyubival ``` Edit the _./myyubival/settings.py_ file to add `'yubival'` to the `INSTALLED_APPS` setting: ``` INSTALLED_APPS = [ # ... 'yubival', ] ``` Make the validation server URLs accessible by editing _./myyubival/urls.py_. Include the URLs from the Yubival app: ``` from django.contrib import admin from django.urls import path, include from django.views.generic.base import RedirectView urlpatterns = [ path('', RedirectView.as_view(pattern_name='admin:index')), path('admin/', admin.site.urls), path('', include('yubival.urls')), ] ``` For convenience, we redirect above the website root to the admin area. By default, Django will create a SQLite database located in a _db.sqlite3_ file in the project directory. To use other database engines, edit _./myyubival/settings.py_ to change the `DATABASES` setting; see the [Databases doc](https://docs.djangoproject.com/en/dev/ref/databases/). In both cases, run afterwards the following command to create the initial database tables: ``` python manage.py migrate ``` To be able to use the admin site and manage Yubikey devices and server API keys, create an initial user account: ``` $ python manage.py createsuperuser ``` To run the development web server, launch: ``` $ python manage.py runserver ``` The website can now be accessed at http://127.0.0.1:8000/. It should show a "Page not found" error. The validation API is located at http://127.0.0.1:8000/wsapi/2.0/verify and the admin site interface at http://127.0.0.1:8000/admin/. While the `runserver` command above is an easy way to check your configuration and test Yubival, it should not be used to run the web server in production. Refer to the [deployment docs](https://docs.djangoproject.com/en/dev/howto/deployment/) to learn how to deploy your new myyubival site. ## Commands usage ### Getting help All subcommands can print a detailed help with `--help`. Example: ``` $ python manage.py yubikey --help $ python manage.py yubikey add-existing --help ``` ### API keys management Services that need to use the Yubival validation server require an API key which is a shared secret between Yubival and the service. The key is used to sign requests and responses to and from the validation server. API keys can be managed using the `manage.py apikey` command: ``` $ python manage.py apikey add service.example.com Created: service.example.com (1): id: 1 key: gnQ1sZWtRgCjm17waaiGHQptp8w= $ python manage.py apikey list 1 service.example.com $ python manage.py apikey delete 1 Deleted: service.example.com (1) ``` ### Yubikey devices management YubiKeys can be added, listed and deleted using the commands below. To add a key, either use `manage.py yubikey add` that will automatically generate a public ID, a private ID and an AES key that you can use to configure a new Yubikey device, or use `manage.py yubikey add-existing` if you have a YubiKey for which you already know its parameters, including its secret key. In any case, make sure that the Yubival server will be the only validation server for the YubiKeys you register. If not, it would become possible to reuse OTP. ``` $ python manage.py yubikey add James Created: James (cnfbfdinbblh): Public ID: cnfbfdinbblh Private ID: 1b935e02e095 AES key: fcea0ea12f97923ec4f952e0e170d419 $ python manage.py yubikey add-existing Evelyn gkhcilelifuv 0123456789ab 00112233445566778899aabbccddeeff Created: Evelyn (gkhcilelifuv) $ python manage.py yubikey list cnfbfdinbblh James gkhcilelifuv Evelyn $ python manage.py yubikey delete cnfbfdinbblh Deleted: James (cnfbfdinbblh) ``` %package -n python3-yubival Summary: Django app that runs a standalone Yubikey validation server Provides: python-yubival BuildRequires: python3-devel BuildRequires: python3-setuptools BuildRequires: python3-pip %description -n python3-yubival ![Default branch test status](https://github.com/bruot/yubival/actions/workflows/test.yml/badge.svg) ![main branch coverage](https://codecov.io/gh/bruot/yubival/branch/main/graph/badge.svg?token=PNVDEEOHTU) # Yubival This Django app runs a standalone Yubikey OTP validation server. It implements [version 2.0 of the validation protocol](https://developers.yubico.com/yubikey-val/Validation_Protocol_V2.0.html) limited to the case of a single validation server. YubiKey devices and server API keys can easily be managed in the Django admin site or via command line. ## Installation Yubival can be integrated to any existing Django project. Alternatively, you can create a new Django site to host your validation server. If unfamiliar with Django, please follow the instructions at "Create a new standalone validation server" below. ### Add Yubival to an existing Django project Install the package from PyPI: ``` $ pip install yubival ``` Add `'yubival'` to the `INSTALLED_APPS` setting in settings.py. It is not required to enable the admin site. If you do, `INSTALLED_APPS` may look like: ``` INSTALLED_APPS = [ 'django.contrib.admin', 'django.contrib.auth', 'django.contrib.contenttypes', 'django.contrib.sessions', 'django.contrib.messages', 'django.contrib.staticfiles', 'yubival', ] ``` Add the app URLs to the root urls.py file: ``` from django.contrib import admin from django.urls import path, include urlpatterns = [ # ... path('admin/', admin.site.urls), # optional path('', include('yubival.urls')), ] ``` Update the database: ``` python manage.py migrate ``` When running the server, you should now be able to query the API at `/wsapi/2.0/verify`. When not providing any GET parameters, this returns a `MISSING_PARAMETER` status: ``` t=2021-10-29T08:31:11.885803 status=MISSING_PARAMETER ``` ### Create a new standalone validation server This section explains how to setup a new Django site with Yubival. It was tested on a Debian 10 distribution, with Python 3.9 and Django 3.2. Create a directory for the project: ``` $ mkdir myyubival $ cd myyubival ``` Create a Python environment and activate it: ``` $ python3 -m venv venv $ source venv/bin/activate ``` Install Django and Yubival: ``` $ pip install Django yubival ``` Create a new Django project and browse to the newly created directory: ``` $ django-admin startproject myyubival $ cd myyubival ``` Edit the _./myyubival/settings.py_ file to add `'yubival'` to the `INSTALLED_APPS` setting: ``` INSTALLED_APPS = [ # ... 'yubival', ] ``` Make the validation server URLs accessible by editing _./myyubival/urls.py_. Include the URLs from the Yubival app: ``` from django.contrib import admin from django.urls import path, include from django.views.generic.base import RedirectView urlpatterns = [ path('', RedirectView.as_view(pattern_name='admin:index')), path('admin/', admin.site.urls), path('', include('yubival.urls')), ] ``` For convenience, we redirect above the website root to the admin area. By default, Django will create a SQLite database located in a _db.sqlite3_ file in the project directory. To use other database engines, edit _./myyubival/settings.py_ to change the `DATABASES` setting; see the [Databases doc](https://docs.djangoproject.com/en/dev/ref/databases/). In both cases, run afterwards the following command to create the initial database tables: ``` python manage.py migrate ``` To be able to use the admin site and manage Yubikey devices and server API keys, create an initial user account: ``` $ python manage.py createsuperuser ``` To run the development web server, launch: ``` $ python manage.py runserver ``` The website can now be accessed at http://127.0.0.1:8000/. It should show a "Page not found" error. The validation API is located at http://127.0.0.1:8000/wsapi/2.0/verify and the admin site interface at http://127.0.0.1:8000/admin/. While the `runserver` command above is an easy way to check your configuration and test Yubival, it should not be used to run the web server in production. Refer to the [deployment docs](https://docs.djangoproject.com/en/dev/howto/deployment/) to learn how to deploy your new myyubival site. ## Commands usage ### Getting help All subcommands can print a detailed help with `--help`. Example: ``` $ python manage.py yubikey --help $ python manage.py yubikey add-existing --help ``` ### API keys management Services that need to use the Yubival validation server require an API key which is a shared secret between Yubival and the service. The key is used to sign requests and responses to and from the validation server. API keys can be managed using the `manage.py apikey` command: ``` $ python manage.py apikey add service.example.com Created: service.example.com (1): id: 1 key: gnQ1sZWtRgCjm17waaiGHQptp8w= $ python manage.py apikey list 1 service.example.com $ python manage.py apikey delete 1 Deleted: service.example.com (1) ``` ### Yubikey devices management YubiKeys can be added, listed and deleted using the commands below. To add a key, either use `manage.py yubikey add` that will automatically generate a public ID, a private ID and an AES key that you can use to configure a new Yubikey device, or use `manage.py yubikey add-existing` if you have a YubiKey for which you already know its parameters, including its secret key. In any case, make sure that the Yubival server will be the only validation server for the YubiKeys you register. If not, it would become possible to reuse OTP. ``` $ python manage.py yubikey add James Created: James (cnfbfdinbblh): Public ID: cnfbfdinbblh Private ID: 1b935e02e095 AES key: fcea0ea12f97923ec4f952e0e170d419 $ python manage.py yubikey add-existing Evelyn gkhcilelifuv 0123456789ab 00112233445566778899aabbccddeeff Created: Evelyn (gkhcilelifuv) $ python manage.py yubikey list cnfbfdinbblh James gkhcilelifuv Evelyn $ python manage.py yubikey delete cnfbfdinbblh Deleted: James (cnfbfdinbblh) ``` %package help Summary: Development documents and examples for yubival Provides: python3-yubival-doc %description help ![Default branch test status](https://github.com/bruot/yubival/actions/workflows/test.yml/badge.svg) ![main branch coverage](https://codecov.io/gh/bruot/yubival/branch/main/graph/badge.svg?token=PNVDEEOHTU) # Yubival This Django app runs a standalone Yubikey OTP validation server. It implements [version 2.0 of the validation protocol](https://developers.yubico.com/yubikey-val/Validation_Protocol_V2.0.html) limited to the case of a single validation server. YubiKey devices and server API keys can easily be managed in the Django admin site or via command line. ## Installation Yubival can be integrated to any existing Django project. Alternatively, you can create a new Django site to host your validation server. If unfamiliar with Django, please follow the instructions at "Create a new standalone validation server" below. ### Add Yubival to an existing Django project Install the package from PyPI: ``` $ pip install yubival ``` Add `'yubival'` to the `INSTALLED_APPS` setting in settings.py. It is not required to enable the admin site. If you do, `INSTALLED_APPS` may look like: ``` INSTALLED_APPS = [ 'django.contrib.admin', 'django.contrib.auth', 'django.contrib.contenttypes', 'django.contrib.sessions', 'django.contrib.messages', 'django.contrib.staticfiles', 'yubival', ] ``` Add the app URLs to the root urls.py file: ``` from django.contrib import admin from django.urls import path, include urlpatterns = [ # ... path('admin/', admin.site.urls), # optional path('', include('yubival.urls')), ] ``` Update the database: ``` python manage.py migrate ``` When running the server, you should now be able to query the API at `/wsapi/2.0/verify`. When not providing any GET parameters, this returns a `MISSING_PARAMETER` status: ``` t=2021-10-29T08:31:11.885803 status=MISSING_PARAMETER ``` ### Create a new standalone validation server This section explains how to setup a new Django site with Yubival. It was tested on a Debian 10 distribution, with Python 3.9 and Django 3.2. Create a directory for the project: ``` $ mkdir myyubival $ cd myyubival ``` Create a Python environment and activate it: ``` $ python3 -m venv venv $ source venv/bin/activate ``` Install Django and Yubival: ``` $ pip install Django yubival ``` Create a new Django project and browse to the newly created directory: ``` $ django-admin startproject myyubival $ cd myyubival ``` Edit the _./myyubival/settings.py_ file to add `'yubival'` to the `INSTALLED_APPS` setting: ``` INSTALLED_APPS = [ # ... 'yubival', ] ``` Make the validation server URLs accessible by editing _./myyubival/urls.py_. Include the URLs from the Yubival app: ``` from django.contrib import admin from django.urls import path, include from django.views.generic.base import RedirectView urlpatterns = [ path('', RedirectView.as_view(pattern_name='admin:index')), path('admin/', admin.site.urls), path('', include('yubival.urls')), ] ``` For convenience, we redirect above the website root to the admin area. By default, Django will create a SQLite database located in a _db.sqlite3_ file in the project directory. To use other database engines, edit _./myyubival/settings.py_ to change the `DATABASES` setting; see the [Databases doc](https://docs.djangoproject.com/en/dev/ref/databases/). In both cases, run afterwards the following command to create the initial database tables: ``` python manage.py migrate ``` To be able to use the admin site and manage Yubikey devices and server API keys, create an initial user account: ``` $ python manage.py createsuperuser ``` To run the development web server, launch: ``` $ python manage.py runserver ``` The website can now be accessed at http://127.0.0.1:8000/. It should show a "Page not found" error. The validation API is located at http://127.0.0.1:8000/wsapi/2.0/verify and the admin site interface at http://127.0.0.1:8000/admin/. While the `runserver` command above is an easy way to check your configuration and test Yubival, it should not be used to run the web server in production. Refer to the [deployment docs](https://docs.djangoproject.com/en/dev/howto/deployment/) to learn how to deploy your new myyubival site. ## Commands usage ### Getting help All subcommands can print a detailed help with `--help`. Example: ``` $ python manage.py yubikey --help $ python manage.py yubikey add-existing --help ``` ### API keys management Services that need to use the Yubival validation server require an API key which is a shared secret between Yubival and the service. The key is used to sign requests and responses to and from the validation server. API keys can be managed using the `manage.py apikey` command: ``` $ python manage.py apikey add service.example.com Created: service.example.com (1): id: 1 key: gnQ1sZWtRgCjm17waaiGHQptp8w= $ python manage.py apikey list 1 service.example.com $ python manage.py apikey delete 1 Deleted: service.example.com (1) ``` ### Yubikey devices management YubiKeys can be added, listed and deleted using the commands below. To add a key, either use `manage.py yubikey add` that will automatically generate a public ID, a private ID and an AES key that you can use to configure a new Yubikey device, or use `manage.py yubikey add-existing` if you have a YubiKey for which you already know its parameters, including its secret key. In any case, make sure that the Yubival server will be the only validation server for the YubiKeys you register. If not, it would become possible to reuse OTP. ``` $ python manage.py yubikey add James Created: James (cnfbfdinbblh): Public ID: cnfbfdinbblh Private ID: 1b935e02e095 AES key: fcea0ea12f97923ec4f952e0e170d419 $ python manage.py yubikey add-existing Evelyn gkhcilelifuv 0123456789ab 00112233445566778899aabbccddeeff Created: Evelyn (gkhcilelifuv) $ python manage.py yubikey list cnfbfdinbblh James gkhcilelifuv Evelyn $ python manage.py yubikey delete cnfbfdinbblh Deleted: James (cnfbfdinbblh) ``` %prep %autosetup -n yubival-0.2.0 %build %py3_build %install %py3_install install -d -m755 %{buildroot}/%{_pkgdocdir} if [ -d doc ]; then cp -arf doc %{buildroot}/%{_pkgdocdir}; fi if [ -d docs ]; then cp -arf docs %{buildroot}/%{_pkgdocdir}; fi if [ -d example ]; then cp -arf example %{buildroot}/%{_pkgdocdir}; fi if [ -d examples ]; then cp -arf examples %{buildroot}/%{_pkgdocdir}; fi pushd %{buildroot} if [ -d usr/lib ]; then find usr/lib -type f -printf "\"/%h/%f\"\n" >> filelist.lst fi if [ -d usr/lib64 ]; then find usr/lib64 -type f -printf "\"/%h/%f\"\n" >> filelist.lst fi if [ -d usr/bin ]; then find usr/bin -type f -printf "\"/%h/%f\"\n" >> filelist.lst fi if [ -d usr/sbin ]; then find usr/sbin -type f -printf "\"/%h/%f\"\n" >> filelist.lst fi touch doclist.lst if [ -d usr/share/man ]; then find usr/share/man -type f -printf "\"/%h/%f.gz\"\n" >> doclist.lst fi popd mv %{buildroot}/filelist.lst . mv %{buildroot}/doclist.lst . %files -n python3-yubival -f filelist.lst %dir %{python3_sitelib}/* %files help -f doclist.lst %{_docdir}/* %changelog * Tue Jun 20 2023 Python_Bot - 0.2.0-1 - Package Spec generated