def test_33_determine_logged_in_user(self):
(role, user, realm, adminuser, adminrealm) = determine_logged_in_userparams({"role": "user",
"username": "******",
"realm": "realm1"}, {})
self.assertEqual(role, "user")
self.assertEqual(user, "hans")
self.assertEqual(realm, "realm1")
self.assertEqual(adminuser, None)
self.assertEqual(adminrealm, None)
(role, user, realm, adminuser, adminrealm) = determine_logged_in_userparams({"role": "admin",
"username": "******",
"realm": "realm1"},
{"user": "******",
"realm": "domain"})
self.assertEqual(role, "admin")
self.assertEqual(user, "peter")
self.assertEqual(realm, "domain")
self.assertEqual(adminuser, "hans")
self.assertEqual(adminrealm, "realm1")
self.assertRaises(PolicyError, determine_logged_in_userparams,
{"role": "marshal",
"username": "******",
"realm": "Wild West"},
{"user": "******",
"realm": "Dodge City"})
def get_default_settings(cls, g, params):
"""
This method returns a dictionary with additional settings for token
enrollment.
The settings that are evaluated are
SCOPE.ADMIN|SCOPE.USER, action=trusted_Assertion_CA_path
It sets a list of configured paths.
The returned dictionary is added to the parameters of the API call.
:param g: context object, see documentation of ``Match``
:param params: The call parameters
:type params: dict
:return: default parameters
"""
ret = {ACTION.TRUSTED_CA_PATH: DEFAULT_CA_PATH}
(role, username, userrealm, adminuser,
adminrealm) = determine_logged_in_userparams(g.logged_in_user, params)
# Now we fetch CA-pathes from the policies
paths = Match.generic(g,
scope=role,
action=ACTION.TRUSTED_CA_PATH,
user=username,
realm=userrealm,
adminuser=adminuser,
adminrealm=adminrealm).action_values(
unique=False,
allow_white_space_in_action=True)
if paths:
ret[ACTION.TRUSTED_CA_PATH] = list(paths)
return ret
def get_default_settings(cls, g, params):
"""
This method returns a dictionary with default settings for token
enrollment.
These default settings are defined in SCOPE.USER or SCOPE.ADMIN and are
totp_hashlib, totp_timestep and totp_otplen.
If these are set, the user or admin will only be able to enroll tokens
with these values.
The returned dictionary is added to the parameters of the API call.
:param g: context object, see documentation of ``Match``
:param params: The call parameters
:type params: dict
:return: default parameters
"""
ret = {}
if not g.logged_in_user:
return ret
(role, username, userrealm, adminuser,
adminrealm) = determine_logged_in_userparams(g.logged_in_user, params)
hashlib_pol = Match.generic(
g,
scope=role,
action="totp_hashlib",
user=username,
realm=userrealm,
adminuser=adminuser,
adminrealm=adminrealm).action_values(unique=True)
if hashlib_pol:
ret["hashlib"] = list(hashlib_pol)[0]
timestep_pol = Match.generic(
g,
scope=role,
action="totp_timestep",
user=username,
realm=userrealm,
adminuser=adminuser,
adminrealm=adminrealm).action_values(unique=True)
if timestep_pol:
ret["timeStep"] = list(timestep_pol)[0]
otplen_pol = Match.generic(
g,
scope=role,
action="totp_otplen",
user=username,
realm=userrealm,
adminuser=adminuser,
adminrealm=adminrealm).action_values(unique=True)
if otplen_pol:
ret["otplen"] = list(otplen_pol)[0]
return ret