def incOtpFailCounter(self): self.token.LinOtpFailCount = self.token.LinOtpFailCount + 1 try: self.token.storeToken() except BaseException: log.error("Token fail counter update failed") raise TokenAdminError("Token Fail Counter update failed", id=1106) return self.token.LinOtpFailCount
def get_multi_otp(self, count=0, epoch_start=0, epoch_end=0, curTime=None): ''' This returns a dictionary of multiple future OTP values of the Tagespasswort token parameter count - how many otp values should be returned epoch_start - time based tokens: start when epoch_end - time based tokens: stop when return True/False error text OTP dictionary ''' otp_dict = {"type": "DPW", "otp": {}} ret = False error = "No count specified" try: otplen = int(self.token.LinOtpOtpLen) except ValueError as ex: log.error("[get_multi_otp] %r" % ex) return (False, unicode(ex), otp_dict) secretHOtp = self.token.getHOtpKey() dpw = dpwOtp(secretHOtp, otplen) log.debug("[get_multi_otp] retrieving %i OTP values for token %s" % (count, dpw)) if count > 0: now = datetime.datetime.now() if curTime: if type(curTime) == datetime.datetime: now = curTime elif type(curTime) == unicode: now = datetime.datetime.strptime(curTime, "%Y-%m-%d %H:%M:%S.%f") else: log.error("[get_multi_otp] wrong curTime type: %s" % type(curTime)) raise TokenAdminError( "[get_multi_otp] wrong curTime type: %s (%s)" % (type(curTime), curTime), id=2001) for i in range(count): delta = datetime.timedelta(days=i) date_string = (now + delta).strftime("%d%m%y") otpval = dpw.getOtp(date_string=date_string) otp_dict["otp"][(now + delta).strftime("%y-%m-%d")] = otpval ret = True log.debug("[get_multi_otp] %s" % otp_dict) return (ret, error, otp_dict)
def get_multi_otp(self, count=0, epoch_start=0, epoch_end=0, curTime=None): """ This returns a dictionary of multiple future OTP values of the Tagespasswort token parameter count - how many otp values should be returned epoch_start - time based tokens: start when epoch_end - time based tokens: stop when return True/False error text OTP dictionary """ otp_dict = {"type": "DPW", "otp": {}} ret = False error = "No count specified" try: otplen = int(self.token.LinOtpOtpLen) except ValueError as ex: log.error("[get_multi_otp] %r", ex) return (False, str(ex), otp_dict) if count > 0: now = datetime.now() if curTime: if isinstance(curTime, datetime): now = curTime elif isinstance(curTime, str): now = datetime.strptime(curTime, "%Y-%m-%d %H:%M:%S.%f") else: raise TokenAdminError( "[get_multi_otp] wrong curTime type:" " %s (%s)" % (type(curTime), curTime), id=2001, ) secObj = self._get_secret_object() with dpwOtp(secObj, otplen) as dpw: for i in range(count): delta = timedelta(days=i) date_string = (now + delta).strftime("%d%m%y") otpval = dpw.getOtp(date_string=date_string) otp_dict["otp"][ (now + delta).strftime("%y-%m-%d") ] = otpval ret = True return (ret, error, otp_dict)
def incOtpCounter(self, counter=None, reset=True): """ method incOtpCounter(aToken, counter) parameters: token - a token object counter - the new counter reset - optional - exception: in case of an transaction fail an exception is thrown side effects: default of reset will reset the failCounter """ resetCounter = False if counter is None: counter = self.token.LinOtpCount self.token.LinOtpCount = counter + 1 if reset is True: if getFromConfig("DefaultResetFailCount") == "True": resetCounter = True if resetCounter is True: if (self.token.LinOtpFailCount < self.token.LinOtpMaxFail and self.token.LinOtpIsactive is True): self.token.LinOtpFailCount = 0 try: self.token.storeToken() except Exception as ex: log.error("Token Counter update failed: %r", ex) raise TokenAdminError("Token Counter update failed: %r" % (ex), id=1106) return self.token.LinOtpCount
def enroll(self): """ method: api/helpdesk/enroll description: method to enroll a token as helpdesk arguments: * type: the token type, currently only 'email' * user: the new token owner * realm: (optional) the realm the user belongs to - used to identify the user returns: success as boolean """ ret = False response_detail = {} params = self.request_params try: if 'user' not in params: raise ParameterError('missing parameter: user!') if 'type' not in params: raise ParameterError('missing parameter: type!') # --------------------------------------------------------------- -- # determine token class token_cls_alias = params.get("type") lower_alias = token_cls_alias.lower() if lower_alias not in tokenclass_registry: raise TokenAdminError('admin/init failed: unknown token ' 'type %r' % token_cls_alias, id=1610) token_cls = tokenclass_registry.get(lower_alias) # --------------------------------------------------------------- -- # call the token class hook in order to enrich/overwrite the # parameters helper_params = token_cls.get_helper_params_pre(params) params.update(helper_params) # --------------------------------------------------------------- -- # fetch user from parameters. user = getUserFromParam(params) # --------------------------------------------------------------- -- # create a new pin according to the policies if 'pin' not in params: params['pin'] = createRandomPin(user, min_pin_length=6) # --------------------------------------------------------------- -- if 'otpkey' not in params: params['genkey'] = '1' # --------------------------------------------------------------- -- # check admin authorization res = checkPolicyPre('admin', 'init', params, user=user) # --------------------------------------------------------------- -- helper_params = token_cls.get_helper_params_post(params, user=user) params.update(helper_params) # --------------------------------------------------------------- -- # create new serial th = TokenHandler() serial = th.genSerial(token_cls_alias) params['serial'] = serial log.info("[init] initialize token. user: %s, serial: %s" % (user.login, serial)) # --------------------------------------------------------------- -- # scope_extension: we are in scope helpdesk # this is eg required to notify the emailtoken to use the # email from user if none is given as param params['::scope::'] = { 'helpdesk': True, 'user': user } (ret, token) = th.initToken(params, user) # --------------------------------------------------------------- -- # different token types return different information on # initialization (e.g. otpkey, pairing_url, etc) initDetail = token.getInitDetail(params, user) response_detail.update(initDetail) # --------------------------------------------------------------- -- # prepare data for audit if token is not None and ret is True: c.audit['serial'] = token.getSerial() c.audit['token_type'] = token.type c.audit['success'] = ret c.audit['user'] = user.login c.audit['realm'] = user.realm c.audit['action_detail'] += get_token_num_info() res = checkPolicyPost('admin', 'init', params, user=user) pin = res.get('new_pin', params['pin']) message = ("A new ${tokentype} token (${serial}) " "with pin '${Pin}' " "for ${givenname} ${surname} has been enrolled.") info = { 'message': message, 'Subject': 'New %s token enrolled' % token.type, 'Pin': pin, 'tokentype': token.type } info.update(response_detail) notify_user(user, 'enrollment', info, required=True) c.audit['action_detail'] += get_token_num_info() c.audit['success'] = ret return sendResult(response, ret) except PolicyException as pex: log.exception("Policy Exception while enrolling token") Session.rollback() return sendError(response, pex, 1) except Exception as exx: log.exception("Exception while enrolling token") Session.rollback() return sendError(response, exx, 1)