def set_default():
"""
method:
system/set
description:
define default settings for tokens. These default settings
are used when new tokens are generated. The default settings will
not affect already enrolled tokens.
arguments:
DefaultMaxFailCount - Default value for the maximum allowed
authentication failures
DefaultSyncWindow - Default value for the synchronization
window
DefaultCountWindow - Default value for the coutner window
DefaultOtpLen - Default value for the OTP value length --
usually 6 or 8
DefaultResetFailCount - Default value, if the FailCounter should
be reset on successful authentication
[True|False]
returns:
a json result with a boolean
"result": true
exception:
if an error occurs an exception is serialized and returned
"""
keys = ["DefaultMaxFailCount",
"DefaultSyncWindow",
"DefaultCountWindow",
"DefaultOtpLen",
"DefaultResetFailCount"]
description = "parameters are: %s" % ", ".join(keys)
param = getLowerParams(request.all_data)
result = {}
for k in keys:
if k.lower() in param:
value = getParam(param, k.lower(), required)
res = set_privacyidea_config(k, value)
result[k] = res
g.audit_object.log({"success": True})
g.audit_object.add_to_log({"info": "%s=%s, " % (k, value)})
if len(result) == 0:
log.warning("Failed saving config. Could not find any "
"known parameter. %s"
% description)
raise ParameterError("Usage: %s" % description, id=77)
return send_result(result)
def check_policy_api():
"""
This function checks, if the given parameters would match a defined policy
or not.
:query user: the name of the user
:query realm: the realm of the user or the realm the administrator
want to do administrative tasks on.
:query resolver: the resolver of a user
:query scope: the scope of the policy
:query action: the action that is done - if applicable
:query IP_Address client: the client, from which this request would be
issued
:return: a json result with the keys allowed and policy in the value key
:rtype: json
:status 200: Policy created or modified.
:status 401: Authentication failed
**Example request**:
.. sourcecode:: http
GET /policy/check?user=admin&realm=r1&client=172.16.1.1 HTTP/1.1
Host: example.com
Accept: application/json
**Example response**:
.. sourcecode:: http
HTTP/1.0 200 OK
Content-Type: application/json
{
"id": 1,
"jsonrpc": "2.0",
"result": {
"status": true,
"value": {
"pol_update_del": {
"action": "enroll",
"active": true,
"client": "172.16.0.0/16",
"name": "pol_update_del",
"realm": "r1",
"resolver": "test",
"scope": "selfservice",
"time": "",
"user": "******"
}
}
},
"version": "privacyIDEA unknown"
}
"""
res = {}
param = getLowerParams(request.all_data)
user = getParam(param, "user", required)
realm = getParam(param, "realm", required)
scope = getParam(param, "scope", required)
action = getParam(param, "action", required)
client = getParam(param, "client", optional)
resolver = getParam(param, "resolver", optional)
P = g.policy_object
policies = P.get_policies(user=user,
realm=realm,
resolver=resolver,
scope=scope,
action=action,
client=client,
active=True)
if policies:
res["allowed"] = True
res["policy"] = policies
policy_names = []
for pol in policies:
policy_names.append(pol.get("name"))
g.audit_object.log(
{'info': "allowed by policy {0!s}".format(policy_names)})
else:
res["allowed"] = False
res["info"] = "No policies found"
g.audit_object.log({
"success":
True,
'action_detail':
"action = %s, realm = %s, scope = "
"%s" % (action, realm, scope)
})
return send_result(res)
def get_policy(name=None, export=None):
"""
this function is used to retrieve the policies that you
defined.
It can also be used to export the policy to a file.
:query name: will only return the policy with the given name
:query export: The filename needs to be specified as the
third part of the URL like policy.cfg. It
will then be exported to this file.
:query realm: will return all policies in the given realm
:query scope: will only return the policies within the given scope
:query active: Set to true or false if you only want to display
active or inactive policies.
:return: a json result with the configuration of the specified policies
:rtype: json
:status 200: Policy created or modified.
:status 401: Authentication failed
**Example request**:
In this example a policy "pol1" is created.
.. sourcecode:: http
GET /policy/pol1 HTTP/1.1
Host: example.com
Accept: application/json
**Example response**:
.. sourcecode:: http
HTTP/1.0 200 OK
Content-Type: application/json
{
"id": 1,
"jsonrpc": "2.0",
"result": {
"status": true,
"value": {
"pol_update_del": {
"action": "enroll",
"active": true,
"client": "1.1.1.1",
"name": "pol_update_del",
"realm": "r1",
"resolver": "test",
"scope": "selfservice",
"time": "",
"user": "******"
}
}
},
"version": "privacyIDEA unknown"
}
"""
param = getLowerParams(request.all_data)
realm = getParam(param, "realm")
scope = getParam(param, "scope")
active = getParam(param, "active")
P = g.policy_object
if not export:
log.debug(
"retrieving policy name: {0!s}, realm: {1!s}, scope: {2!s}".format(
name, realm, scope))
pol = P.get_policies(name=name,
realm=realm,
scope=scope,
active=active,
all_times=True)
ret = send_result(pol)
else:
# We want to export all policies
pol = P.get_policies()
response = make_response(export_policies(pol))
response.headers["Content-Disposition"] = ("attachment; "
"filename=%s" % export)
ret = response
g.audit_object.log({
"success":
True,
'info':
"name = {0!s}, realm = {1!s}, scope = {2!s}".format(
name, realm, scope)
})
return ret
def check_policy_api():
"""
This function checks, if the given parameters would match a defined policy
or not.
:query user: the name of the user
:query realm: the realm of the user or the realm the administrator
want to do administrative tasks on.
:query resolver: the resolver of a user
:query scope: the scope of the policy
:query action: the action that is done - if applicable
:query IP_Address client: the client, from which this request would be
issued
:return: a json result with the keys allowed and policy in the value key
:rtype: json
:status 200: Policy created or modified.
:status 401: Authentication failed
**Example request**:
.. sourcecode:: http
GET /policy/check?user=admin&realm=r1&client=172.16.1.1 HTTP/1.1
Host: example.com
Accept: application/json
**Example response**:
.. sourcecode:: http
HTTP/1.0 200 OK
Content-Type: application/json
{
"id": 1,
"jsonrpc": "2.0",
"result": {
"status": true,
"value": {
"pol_update_del": {
"action": "enroll",
"active": true,
"client": "172.16.0.0/16",
"name": "pol_update_del",
"realm": "r1",
"resolver": "test",
"scope": "selfservice",
"time": "",
"user": "******"
}
}
},
"version": "privacyIDEA unknown"
}
"""
res = {}
param = getLowerParams(request.all_data)
user = getParam(param, "user", required)
realm = getParam(param, "realm", required)
scope = getParam(param, "scope", required)
action = getParam(param, "action", required)
client = getParam(param, "client", optional)
resolver = getParam(param, "resolver", optional)
P = g.policy_object
policies = P.get_policies(user=user, realm=realm, resolver=resolver,
scope=scope, action=action, client=client,
active=True)
if policies:
res["allowed"] = True
res["policy"] = policies
policy_names = []
for pol in policies:
policy_names.append(pol.get("name"))
g.audit_object.log({'info': "allowed by policy %s" % policy_names})
else:
res["allowed"] = False
res["info"] = "No policies found"
g.audit_object.log({"success": True,
'action_detail': "action = %s, realm = %s, scope = "
"%s" % (action, realm, scope)
})
return send_result(res)
def get_policy(name=None, export=None):
"""
this function is used to retrieve the policies that you
defined.
It can also be used to export the policy to a file.
:query name: will only return the policy with the given name
:query export: The filename needs to be specified as the
third part of the URL like policy.cfg. It
will then be exported to this file.
:query realm: will return all policies in the given realm
:query scope: will only return the policies within the given scope
:query active: Set to true or false if you only want to display
active or inactive policies.
:return: a json result with the configuration of the specified policies
:rtype: json
:status 200: Policy created or modified.
:status 401: Authentication failed
**Example request**:
In this example a policy "pol1" is created.
.. sourcecode:: http
GET /policy/pol1 HTTP/1.1
Host: example.com
Accept: application/json
**Example response**:
.. sourcecode:: http
HTTP/1.0 200 OK
Content-Type: application/json
{
"id": 1,
"jsonrpc": "2.0",
"result": {
"status": true,
"value": {
"pol_update_del": {
"action": "enroll",
"active": true,
"client": "1.1.1.1",
"name": "pol_update_del",
"realm": "r1",
"resolver": "test",
"scope": "selfservice",
"time": "",
"user": "******"
}
}
},
"version": "privacyIDEA unknown"
}
"""
param = getLowerParams(request.all_data)
realm = getParam(param, "realm")
scope = getParam(param, "scope")
active = getParam(param, "active")
P = g.policy_object
if not export:
log.debug("retrieving policy name: %s, realm: %s, scope: %s"
% (name, realm, scope))
pol = P.get_policies(name=name, realm=realm, scope=scope, active=active)
ret = send_result(pol)
else:
# We want to export all policies
pol = P.get_policies()
response = make_response(export_policies(pol))
response.headers["Content-Disposition"] = ("attachment; "
"filename=%s" % export)
ret = response
g.audit_object.log({"success": True,
'info': "name = %s, realm = %s, scope = %s" %
(name, realm, scope)})
return ret
