def create_google_authenticator_url(user, realm, key, type="hmac", serial=""): ''' This creates the google authenticator URL. This url may only be 119 characters long. Otherwise we qrcode.js can not create the qrcode. If the URL would be longer, we shorten the username We expect the key to be hexlified! ''' # policy depends on some lib.util if "hmac" == type.lower(): type = "hotp" label = "" key_bin = binascii.unhexlify(key) # also strip the padding =, as it will get problems with the google app. otpkey = base64.b32encode(key_bin).strip('=') #'url' : "otpauth://hotp/%s?secret=%s&counter=0" % ( user@realm, otpkey ) base_len = len("otpauth://%s/?secret=%s&counter=0" % (type, otpkey)) max_len = 119 allowed_label_len = max_len - base_len log.debug("[create_google_authenticator_url] we got %s characters left for the token label" % str(allowed_label_len)) label = get_tokenlabel(user, realm, serial) label = label[0:allowed_label_len] url_label = quote(label) return "otpauth://%s/%s?secret=%s&counter=0" % (type, url_label, otpkey)
def create_google_authenticator_url(user, realm, key, type="hmac", serial=""): ''' This creates the google authenticator URL. This url may only be 119 characters long. Otherwise we qrcode.js can not create the qrcode. If the URL would be longer, we shorten the username We expect the key to be hexlified! ''' # policy depends on some lib.util if "hmac" == type.lower(): type = "hotp" label = "" key_bin = binascii.unhexlify(key) # also strip the padding =, as it will get problems with the google app. otpkey = base64.b32encode(key_bin).strip('=') #'url' : "otpauth://hotp/%s?secret=%s&counter=0" % ( user@realm, otpkey ) base_len = len("otpauth://%s/?secret=%s&counter=0" % (type, otpkey)) max_len = 119 allowed_label_len = max_len - base_len log.debug( "[create_google_authenticator_url] we got %s characters left for the token label" % str(allowed_label_len)) label = get_tokenlabel(user, realm, serial) label = label[0:allowed_label_len] url_label = quote(label) return "otpauth://%s/%s?secret=%s&counter=0" % (type, url_label, otpkey)
def create_google_authenticator(param: dict, user=None) -> str: """Create the google url from the parameters :param param: dict containing the parameters :param user: the user to which the token should be assigned :return: the google authenticator url """ serial = param["serial"] login = user and user.login or param.get("user.login", "") realm = user and user.realm or param.get("user.realm", "") description = param.get("description", "") token_label = get_tokenlabel( serial=serial, user=login, realm=realm, description=description ) issuer = get_tokenissuer( serial=serial, user=login, realm=realm, description=description ) # --------------------------------------------------------------------- -- # as the issuer is also used as an url parameter, # we add it to the parameters param["issuer"] = issuer # build the label, which is defined as: # label = accountname / issuer (“:” / “%3A”) *”%20” accountname label = quote(issuer) + ":" + quote(token_label) return google_authenticator_url(label, param)
def test_get_tokenlabel_wo_policy(self, mock__get_client, mock_has_client_policy): mock__get_client.return_value = "localhost" mock_has_client_policy.return_value = {} res = get_tokenlabel(serial="123") assert res == "123" res = get_tokenlabel(serial="123", user="******") assert res == "hugo" res = get_tokenlabel(serial="123", user="******", realm="home") assert res == "hugo" res = get_tokenlabel(serial="123", user="******", realm="home", description="nothing") assert res == "hugo"
def test_get_tokenlabel_w_policy(self, mock__get_client, mock_has_client_policy, mock_get_action_value): mock__get_client.return_value = "localhost" mock_has_client_policy.return_value = {} mock_get_action_value.return_value = "<d>.<r>.<u>.<s>" res = get_tokenlabel(serial="!") assert res == "...!" res = get_tokenlabel(serial="!", user="******") assert res == "..matters.!" res = get_tokenlabel(serial="!", user="******", realm="else") assert res == ".else.matters.!" res = get_tokenlabel(serial="!", user="******", realm="else", description="nothing") assert res == "nothing.else.matters.!"
def create_oathtoken_url(user, realm, otpkey, type="hmac", serial=""): # 'url' : 'oathtoken:///addToken?name='+serial + # '&key='+otpkey+ # '&timeBased=false&counter=0&numDigites=6&lockdown=true', timebased = "" if "totp" == type.lower(): timebased = "&timeBased=true" label = get_tokenlabel(user, realm, serial) url_label = quote(label) url = "oathtoken:///addToken?name=%s&lockdown=true&key=%s%s" % ( url_label, otpkey, timebased) return url
def create_oathtoken_url(user, realm, otpkey, type="hmac", serial=""): # 'url' : 'oathtoken:///addToken?name='+serial + # '&key='+otpkey+ # '&timeBased=false&counter=0&numDigites=6&lockdown=true', timebased = "" if "totp" == type.lower(): timebased = "&timeBased=true" label = get_tokenlabel(user, realm, serial) url_label = quote(label) url = "oathtoken:///addToken?name=%s&lockdown=true&key=%s%s" % ( url_label, otpkey, timebased ) return url
def create_google_authenticator(param, user=None): ''' create url for google authenticator :param param: request dictionary :return: string with google url ''' typ = param.get("type", 'hotp') if typ.lower() == 'hmac': typ = 'hotp' if not typ.lower() in ['totp', 'hotp']: raise NoOtpAuthTokenException('not supported otpauth token type: %r' % typ) serial = param.get("serial", None) digits = param.get("otplen", '6') otpkey = param.get("otpkey", None) login = '' realm = '' if user: login = user.login or '' realm = user.realm or '' login = login or param.get('user.login', '') realm = realm or param.get('user.realm', '') url_param = {} if not otpkey: raise Exception('Failed to create token url due to missing seed!') key = base64.b32encode(binascii.unhexlify(otpkey)) key = key.strip("=") algo = param.get("hashlib", "sha1") or "sha1" algo = algo.upper() if algo not in['SHA1', 'SHA256', 'SHA512', 'MD5']: algo = 'SHA1' if algo != 'SHA1': url_param['algorithm'] = algo url_param['secret'] = key # dont add default if digits != '6': url_param['digits'] = digits if typ not in ['totp']: url_param['counter'] = 0 if 'timeStep' in param: url_param['period'] = param.get('timeStep') issuer = get_tokenissuer(login, realm, serial) if issuer: url_param['issuer'] = quote(issuer) ga = "otpauth://%s/%s" % (typ, serial) qg_param = urllib.urlencode(url_param) base_len = len(ga) + len(qg_param) max_len = 400 allowed_label_len = max_len - base_len log.debug("[create_google_authenticator_url] we got %s characters" " left for the token label" % str(allowed_label_len)) # show the user login in the token prefix if len(login) > 0: label = get_tokenlabel(login, realm, serial) if len(param.get('description', '')) > 0 and '<d>' in label: label = label.replace('<d>', param.get('description')) else: label = serial or '' if len(param.get('description', '')) > 0: label = label + ':' + param.get('description') if issuer: label = issuer + ':' + label label = label[0:allowed_label_len] url_label = quote(label, ':') ga = "otpauth://%s/%s?%s" % (typ, url_label, qg_param) log.debug("google authenticator: %r" % ga[:20]) return ga