def check_configuration(self):
"""
This method checks the sanity of the configuration of this provider.
If there is a configuration error, than an exception is raised.
:return:
"""
json_file = self.smsgateway.option_dict.get(FIREBASE_CONFIG.JSON_CONFIG)
server_config = None
with open(json_file) as f:
server_config = json.load(f)
if server_config:
if server_config.get("type") != "service_account":
raise ConfigAdminError(description="The JSON file is not a valid firebase credentials file.")
project_id = self.smsgateway.option_dict.get(FIREBASE_CONFIG.PROJECT_ID)
if server_config.get("project_id") != project_id:
raise ConfigAdminError(description="The project_id you entered does not match the project_id from the JSON file.")
else:
raise ConfigAdminError(description="Please check your configuration. Can not load JSON file.")
# We need at least
# FIREBASE_CONFIG.API_KEY_IOS and FIREBASE_CONFIG.APP_ID_IOS
# or
# FIREBASE_CONFIG.API_KEY and FIREBASE_CONFIG.APP_ID
android_configured = bool(self.smsgateway.option_dict.get(FIREBASE_CONFIG.APP_ID)) and \
bool(self.smsgateway.option_dict.get(FIREBASE_CONFIG.API_KEY))
ios_configured = bool(self.smsgateway.option_dict.get(FIREBASE_CONFIG.APP_ID_IOS)) and \
bool(self.smsgateway.option_dict.get(FIREBASE_CONFIG.API_KEY_IOS))
if not android_configured and not ios_configured:
raise ConfigAdminError(description="You need to at least configure either app_id and api_key or"
" app_id_ios and api_key_ios.")
def check_signature(subscription):
"""
Raises an Exception, if the signature does not match
"""
public = """-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz5gPkPYCAgab5nagG5G+
cUATHv/k5pNXU4z2Wc7h2BaJSJt2rspG109QNQyWqc28JwH/STzBQ8FZbxlyQ+zT
0xzrydfKBElLceFY/Jb7JtDdXarSvIFqejo2k5wW4yKWJYlIyqNQOYAnWVjQImOG
8Xu19uNxY+Fw5v5XBSgYPzt6q0AmzhD4udK8sYP7HLd+1LCa0X5H96Mef86NoPL3
W/E9n5Wel7Z621mPsx6lxgZiqLa2Bn79HMxkxkQ5muWIollss1yAKMStLkp7iISF
GW0yofQJjWecUHwBkZlawBz0lJBKDQObtUsjHB80VTnPGTcs4KYH+if8UHoR6Aug
4wIDAQAB
-----END PUBLIC KEY-----"""
try:
RSAkey = RSA.importKey(public)
hashvalue = SHA256.new("%s%s%s%s%s" % (subscription.get("systemid"),
subscription.get("customername"),
subscription.get("subscription"),
subscription.get("supportlevel"),
subscription.get("expires"))).digest()
signature = long(subscription.get("signature") or "100")
r = RSAkey.verify(hashvalue, (signature,))
except Exception as exx:
log.debug(traceback.format_exc())
raise ConfigAdminError("This is no valid subscription file. The "
"signature check failed.", id=132)
if r is False:
raise ConfigAdminError("This is no valid subscription file. Invalid "
"signature.", id=133)
# check the expiration date
if subscription.get("expires") != "never":
date_now = datetime.datetime.utcnow() - datetime.timedelta(days=1)
date_exp = datetime.datetime.strptime(subscription.get("expires"),
"%Y-%m-%d")
if date_now > date_exp:
raise ConfigAdminError("Your subscription has expired. Please "
"contact NetKnights for a new "
"subscription!", id=134)
return True
def get_radius(identifier):
"""
This returns the RADIUSServer object of the RADIUSServer definition
"identifier".
In case the identifier does not exist, an exception is raised.
:param identifier: The name of the RADIUSserver definition
:return: A RADIUSServer Object
"""
server_list = get_radiusservers(identifier=identifier)
if not server_list:
raise ConfigAdminError("The specified RADIUSServer configuration does "
"not exist.")
return server_list[0]
def create_sms_instance(identifier):
"""
This function creates and instance of SMS Provider (either HTTP, Smtp,
Sipgate) depending on the given sms gateway identifier.
:param identifier: The name of the SMS gateway configuration
:return: SMS Provider object
"""
gateway_definition = get_smsgateway(identifier)
if not gateway_definition:
raise ConfigAdminError('Could not find gateway definition with '
'identifier "{0!s}"'.format(identifier))
package_name, class_name = gateway_definition[0].providermodule.rsplit(
".", 1)
sms_klass = get_sms_provider_class(package_name, class_name)
sms_object = sms_klass(smsgateway=gateway_definition[0])
return sms_object
def create_recoverycode(user,
email=None,
expiration_seconds=3600,
recoverycode=None,
base_url=""):
"""
Create and send a password recovery code
:param user: User for whom the password reset code should be sent
:type user: User Object
:param email: The optional email of the user
:param recoverycode: Only used for testing purpose
:return: bool
"""
base_url = base_url.strip("recover")
base_url += "#"
recoverycode = recoverycode or generate_password(size=24)
hash_code = hash_with_pepper(recoverycode)
# send this recoverycode
#
pwreset = PasswordReset(hash_code,
username=user.login,
realm=user.realm,
expiration_seconds=expiration_seconds)
pwreset.save()
res = False
if not user:
raise UserError("User required for recovery token.")
user_email = user.info.get("email")
if email and email.lower() != user_email.lower():
raise UserError("The email does not match the users email.")
identifier = get_from_config("recovery.identifier")
if identifier:
# send email
r = send_email_identifier(
identifier, user_email, "Your password reset",
BODY.format(base_url, user.login, user.realm, recoverycode))
if not r:
raise privacyIDEAError("Failed to send email. {0!s}".format(r))
else:
raise ConfigAdminError("Missing configuration " "recovery.identifier.")
res = True
return res
