def test_get_partition(
self,
mocked__get_client,
mocked__get_policies,
mocked_get_policy_definitions,
):
"""verify that client in the policy is honored for get_partition"""
m_policy = {
"general": {
"realm": "*",
"active": "True",
"client": "127.0.0.1/24",
"user": "******",
"time": "* * * * * *;",
"action": "partition=2",
"scope": "enrollment",
}
}
mocked_get_policy_definitions.return_value = {
"enrollment": {
"partition": {"type": "int", "desc": "partition"},
}
}
mocked__get_policies.return_value = m_policy
user = LinotpUser(login="******", realm="defaultrealm")
mocked__get_client.return_value = "127.0.0.1"
assert get_partition(["defaultrealm"], user=user) == 2
mocked__get_client.return_value = "128.0.0.1"
assert get_partition(["defaultrealm"], user=user) == 0
def test_get_partition(
self,
mocked__get_client,
mocked__get_policies,
mocked_get_policy_definitions,
):
"""verify that client in the policy is honored for get_partition"""
m_policy = {
'general': {
'realm': '*',
'active': 'True',
'client': '127.0.0.1/24',
'user': '******',
'time': '* * * * * *;',
'action': 'partition=2',
'scope': 'enrollment',
}
}
mocked_get_policy_definitions.return_value = {
'enrollment': {
'partition': {
'type': 'int',
'desc': 'partition'
},
}
}
mocked__get_policies.return_value = m_policy
user = LinotpUser(login='******', realm='defaultrealm')
mocked__get_client.return_value = '127.0.0.1'
assert get_partition(['defaultrealm'], user=user) == 2
mocked__get_client.return_value = '128.0.0.1'
assert get_partition(['defaultrealm'], user=user) == 0
def update(self, params):
"""
initialization entry hook for the enrollment process.
:param params: parameters provided by the client
:raises Exception: If the client supplied unrecognized
configuration parameters for this token type
:raises Exception: If the policy 'pushtoken_pairing_callback_url'
was not set.
:raises TokenStateError: If token state is not None
(default pre-enrollment state)
"""
param_keys = set(params.keys())
init_rollout_state_keys = set(['type', 'serial', '::scope::',
'user.login', 'description',
'user.realm', 'session', 'key_size',
'resConf', 'user', 'realm',
'pin'])
# ------------------------------------------------------------------- --
if not param_keys.issubset(init_rollout_state_keys):
# make sure the call aborts, if request
# type wasn't recognized
raise Exception('Unknown request type for token type pushtoken')
# if param keys are in above set, the token is
# initialized for the first time. this is e.g. done on the
# manage web ui. since the token doesn't exist in the database
# yet, its rollout state must be None (that is: the data for
# the rollout state doesn't exist yet)
self.ensure_state(None)
# --------------------------------------------------------------- --
# we check if callback policies are set. this must be done here
# because the token gets saved directly after the update method
# in the TokenHandler
_ = context['translate']
owner = get_token_owner(self)
if owner and owner.login and owner.realm:
realms = [owner.realm]
else:
realms = self.getRealms()
cb_url = get_single_auth_policy('pushtoken_pairing_callback_url',
user=owner, realms=realms)
if not cb_url:
raise Exception(_('Policy pushtoken_pairing_callback_url must '
'have a value'))
partition = get_partition(realms, owner)
self.addToTokenInfo('partition', partition)
# --------------------------------------------------------------- --
# we set the the active state of the token to False, because
# it should not be allowed to use it for validation before the
# pairing process is done
self.token.LinOtpIsactive = False
# -------------------------------------------------------------- --
TokenClass.update(self, params, reset_failcount=True)
# -------------------------------------------------------------- --
self.change_state('initialized')
def update(self, params):
param_keys = set(params.keys())
init_rollout_state_keys = set([
'type', 'hashlib', 'serial', '::scope::', 'key_size', 'user.login',
'description', 'user.realm', 'session', 'otplen', 'resConf',
'user', 'realm', 'qr', 'pin'
])
# ------------------------------------------------------------------- --
if not param_keys.issubset(init_rollout_state_keys):
# make sure the call aborts, if request
# type wasn't recognized
raise Exception('Unknown request type for token type qr')
# if param keys are in {'type', 'hashlib'} the token is
# initialized for the first time. this is e.g. done on the
# manage web ui. since the token doesn't exist in the database
# yet, its rollout state must be None (that is: they data for
# the rollout state doesn't exist yet)
self.ensure_state(None)
# --------------------------------------------------------------- --
# we check if callback policies are set. this must be done here
# because the token gets saved directly after the update method
# in the TokenHandler
_ = context['translate']
owner = get_token_owner(self)
if owner and owner.login and owner.realm:
realms = [owner.realm]
else:
realms = self.getRealms()
pairing_policies = [
'qrtoken_pairing_callback_url', 'qrtoken_pairing_callback_sms'
]
cb_url = get_single_auth_policy(pairing_policies[0],
user=owner,
realms=realms)
cb_sms = get_single_auth_policy(pairing_policies[1],
user=owner,
realms=realms)
if not cb_url and not cb_sms:
raise Exception(
_('Policy %s must have a value') %
_(" or ").join(pairing_policies))
challenge_policies = [
'qrtoken_challenge_callback_url', 'qrtoken_challenge_callback_sms'
]
cb_url = get_single_auth_policy(challenge_policies[0],
user=owner,
realms=realms)
cb_sms = get_single_auth_policy(challenge_policies[1],
user=owner,
realms=realms)
if not cb_url and not cb_sms:
raise Exception(
_('Policy %s must have a value') %
_(" or ").join(challenge_policies))
partition = get_partition(realms, owner)
self.addToTokenInfo('partition', partition)
# --------------------------------------------------------------- --
# we set the the active state of the token to False, because
# it should not be allowed to use it for validation before the
# pairing process is done
self.token.LinOtpIsactive = False
# --------------------------------------------------------------- --
if 'otplen' not in params:
params['otplen'] = getFromConfig("QRTokenOtpLen", 8)
# -------------------------------------------------------------- --
TokenClass.update(self, params, reset_failcount=True)
def update(self, params):
"""
initialization entry hook for the enrollment process.
:param params: parameters provided by the client
:raises Exception: If the client supplied unrecognized
configuration parameters for this token type
:raises Exception: If the policy 'pushtoken_pairing_callback_url'
was not set.
:raises TokenStateError: If token state is not None
(default pre-enrollment state)
"""
param_keys = set(params.keys())
init_rollout_state_keys = set(['type', 'serial', '::scope::',
'user.login', 'description',
'user.realm', 'session', 'key_size',
'resConf', 'user', 'realm',
'pin'])
# ------------------------------------------------------------------- --
if not param_keys.issubset(init_rollout_state_keys):
# make sure the call aborts, if request
# type wasn't recognized
raise Exception('Unknown request type for token type pushtoken')
# if param keys are in above set, the token is
# initialized for the first time. this is e.g. done on the
# manage web ui. since the token doesn't exist in the database
# yet, its rollout state must be None (that is: the data for
# the rollout state doesn't exist yet)
self.ensure_state(None)
# --------------------------------------------------------------- --
# we check if callback policies are set. this must be done here
# because the token gets saved directly after the update method
# in the TokenHandler
_ = context['translate']
owner = get_token_owner(self)
if owner and owner.login and owner.realm:
realms = [owner.realm]
else:
realms = self.getRealms()
cb_url = get_single_auth_policy('pushtoken_pairing_callback_url',
user=owner, realms=realms)
if not cb_url:
raise Exception(_('Policy pushtoken_pairing_callback_url must '
'have a value'))
partition = get_partition(realms, owner)
self.addToTokenInfo('partition', partition)
# --------------------------------------------------------------- --
# we set the the active state of the token to False, because
# it should not be allowed to use it for validation before the
# pairing process is done
self.token.LinOtpIsactive = False
# -------------------------------------------------------------- --
TokenClass.update(self, params, reset_failcount=True)
# -------------------------------------------------------------- --
self.change_state('initialized')
