def update(self, param): """ This method is called during the initialization process. :param param: parameters from the token init :type param: dict :return: None """ param["otpkey"] = generate_password(size=self.otp_len) PasswordTokenClass.update(self, param)
def init_random_pin(request=None, action=None): """ This policy function is to be used as a decorator in the API init function. If the policy is set accordingly it adds a random PIN to the request.all_data like. It uses the policy SCOPE.ENROLL, ACTION.OTPPINRANDOM to set a random OTP PIN during Token enrollment """ params = request.all_data policy_object = g.policy_object user_object = get_user_from_param(params) # get the length of the random PIN from the policies pin_pols = policy_object.get_action_values(action=ACTION.OTPPINRANDOM, scope=SCOPE.ENROLL, user=user_object.login, realm=user_object.realm, client=g.client_ip, unique=True) if len(pin_pols) == 1: log.debug("Creating random OTP PIN with length {0!s}".format( pin_pols[0])) request.all_data["pin"] = generate_password(size=int(pin_pols[0])) # handle the PIN handle_pols = policy_object.get_action_values( action=ACTION.PINHANDLING, scope=SCOPE.ENROLL, user=user_object.login, realm=user_object.realm, client=g.client_ip) # We can have more than one pin handler policy. So we can process the # PIN in several ways! for handle_pol in handle_pols: log.debug("Handle the random PIN with the class {0!s}".format( handle_pol)) packageName = ".".join(handle_pol.split(".")[:-1]) className = handle_pol.split(".")[-1:][0] mod = __import__(packageName, globals(), locals(), [className]) pin_handler_class = getattr(mod, className) pin_handler = pin_handler_class() # Send the PIN pin_handler.send(request.all_data["pin"], request.all_data.get("serial", "N/A"), user_object, tokentype=request.all_data.get("type", "hotp"), logged_in_user=g.logged_in_user) return True
def update(self, param): """ This method is called during the initialization process. :param param: parameters from the token init :type param: dict :return: None """ if "genkey" in param: # We do not need the genkey! We generate anyway. # Otherwise genkey and otpkey will raise an exception in # PasswordTokenClass del param["genkey"] param["otpkey"] = generate_password(size=self.otp_len) PasswordTokenClass.update(self, param)
def update(self, param): """ This method is called during the initialization process. :param param: parameters from the token init :type param: dict :return: None """ if "genkey" in param: # We do not need the genkey! We generate anyway. # Otherwise genkey and otpkey will raise an exception in # PasswordTokenClass del param["genkey"] param["otpkey"] = generate_password(size=self.otp_len) PasswordTokenClass.update(self, param)
def init_random_pin(request=None, action=None): """ This policy function is to be used as a decorator in the API init function. If the policy is set accordingly it adds a random PIN to the request.all_data like. It uses the policy SCOPE.ENROLL, ACTION.OTPPINRANDOM to set a random OTP PIN during Token enrollment """ params = request.all_data policy_object = g.policy_object user_object = get_user_from_param(params) # get the length of the random PIN from the policies pin_pols = policy_object.get_action_values(action=ACTION.OTPPINRANDOM, scope=SCOPE.ENROLL, user=user_object.login, realm=user_object.realm, client=request.remote_addr, unique=True) if len(pin_pols) == 1: log.debug("Creating random OTP PIN with length %s" % pin_pols[0]) request.all_data["pin"] = generate_password(size=int(pin_pols[0])) # handle the PIN handle_pols = policy_object.get_action_values( action=ACTION.PINHANDLING, scope=SCOPE.ENROLL, user=user_object.login, realm=user_object.realm, client=request.remote_addr) # We can have more than one pin handler policy. So we can process the # PIN in several ways! for handle_pol in handle_pols: log.debug("Handle the random PIN with the class %s" % handle_pol) packageName = ".".join(handle_pol.split(".")[:-1]) className = handle_pol.split(".")[-1:][0] mod = __import__(packageName, globals(), locals(), [className]) pin_handler_class = getattr(mod, className) pin_handler = pin_handler_class() # Send the PIN pin_handler.send(request.all_data["pin"], request.all_data.get("serial", "N/A"), user_object, tokentype=request.all_data.get("type", "hotp"), logged_in_user=g.logged_in_user) return True
def create_recoverycode(user, email=None, expiration_seconds=3600, recoverycode=None, base_url=""): """ Create and send a password recovery code :param user: User for whom the password reset code should be sent :type user: User Object :param email: The optional email of the user :param recoverycode: Only used for testing purpose :return: bool """ base_url = base_url.strip("recover") base_url += "#" recoverycode = recoverycode or generate_password(size=24) hash_code = hash_with_pepper(recoverycode) # send this recoverycode # pwreset = PasswordReset(hash_code, username=user.login, realm=user.realm, expiration_seconds=expiration_seconds) pwreset.save() res = False if not user: raise UserError("User required for recovery token.") user_email = user.info.get("email") if email and email.lower() != user_email.lower(): raise UserError("The email does not match the users email.") identifier = get_from_config("recovery.identifier") if identifier: # send email r = send_email_identifier( identifier, user_email, "Your password reset", BODY % (base_url, user.login, user.realm, recoverycode)) if not r: raise privacyIDEAError("Failed to send email. %s" % r) else: raise ConfigAdminError("Missing configuration " "recovery.identifier.") res = True return res
def create_recoverycode(user, email=None, expiration_seconds=3600, recoverycode=None, base_url=""): """ Create and send a password recovery code :param user: User for whom the password reset code should be sent :type user: User Object :param email: The optional email of the user :param recoverycode: Only used for testing purpose :return: bool """ base_url = base_url.strip("recover") base_url += "#" recoverycode = recoverycode or generate_password(size=24) hash_code = hash_with_pepper(recoverycode) # send this recoverycode # pwreset = PasswordReset(hash_code, username=user.login, realm=user.realm, expiration_seconds=expiration_seconds) pwreset.save() res = False if not user: raise UserError("User required for recovery token.") user_email = user.info.get("email") if email and email.lower() != user_email.lower(): raise UserError("The email does not match the users email.") identifier = get_from_config("recovery.identifier") if identifier: # send email r = send_email_identifier(identifier, user_email, "Your password reset", BODY % (base_url, user.login, user.realm, recoverycode)) if not r: raise privacyIDEAError("Failed to send email. {0!s}".format(r)) else: raise ConfigAdminError("Missing configuration " "recovery.identifier.") res = True return res