Exemple #1
0
    def update(self, param, reset_failcount=True):
        """
        update - process initialization parameters

        :param param: dict of initialization parameters
        :type param: dict

        :return: nothing

        """
        LOG.debug("[update] begin. adjust the token class with: param %r" %
                  param)

        _ = context['translate']

        # in the scope helpdesk we allways have a user
        # to whom the token will be assigned

        if param.get('::scope::', {}).get('helpdesk', False):
            user = param['::scope::']['user']
            u_info = getUserDetail(user)
            param[self.EMAIL_ADDRESS_KEY] = u_info.get('email', None)

        # specific - e-mail
        self._email_address = param[self.EMAIL_ADDRESS_KEY]

        # in scope selfservice - check if edit_email is allowed
        # if not allowed to edit, check if the email is the same
        # as from the user data
        if param.get('::scope::', {}).get('selfservice', False):
            user = param['::scope::']['user']
            if not is_email_editable(user):
                u_info = getUserDetail(user)
                u_email = u_info.get('email', None)
                if u_email.strip() != self._email_address.strip():
                    raise Exception(
                        _('User is not allowed to set '
                          'email address'))

        # in case of the e-mail token, only the server must know the otpkey
        # thus if none is provided, we let create one (in the TokenClass)
        if 'genkey' not in param and 'otpkey' not in param:
            param['genkey'] = 1

        HmacTokenClass.update(self, param, reset_failcount)

        LOG.debug("[update] end. all token parameters are set.")
        return
Exemple #2
0
    def get_mobile_number(self, user=None):
        """
        get the mobile number
            - from the token info or
            - if the policy allowes it, from the user info
        """

        if not user:
            return self._getPhone()

        pol = get_client_policy(
            context["Client"],
            scope="authentication",
            user=user,
            action="sms_dynamic_mobile_number",
        )

        get_dynamic = get_action_value(
            pol,
            scope="authentication",
            action="sms_dynamic_mobile_number",
            default=False,
        )

        if not get_dynamic:
            return self._getPhone()

        user_detail = getUserDetail(user)
        return user_detail.get("mobile", self._getPhone())
Exemple #3
0
    def get_mobile_number(self, user=None):
        '''
        get the mobile number
            - from the token info or
            - if the policy allowes it, from the user info
        '''

        if not user:
            return self._getPhone()

        pol = get_client_policy(context['Client'],
                                scope="authentication",
                                user=user,
                                action="sms_dynamic_mobile_number")

        if not pol:
            return self._getPhone()

        get_dynamic = getPolicyActionValue(pol,
                                           "sms_dynamic_mobile_number",
                                           is_string=True)

        if not get_dynamic:
            return self._getPhone()

        user_detail = getUserDetail(user)
        return user_detail.get('mobile', self._getPhone())
Exemple #4
0
    def _get_email_address(self, user=None):
        '''
        get the email address
            - from the token info or
            - if the policy allowes it, from the user info
        '''

        if not user:
            return self._email_address

        pol = get_client_policy(context['Client'],
                                scope="authentication",
                                user=user,
                                action="dynamic_email_address")

        if not pol:
            return self._email_address

        get_dynamic = get_action_value(pol,
                                       scope="authentication",
                                       action="dynamic_email_address",
                                       default='')

        if not get_dynamic:
            return self._email_address

        user_detail = getUserDetail(user)
        return user_detail.get('email', self._email_address)
Exemple #5
0
    def get_mobile_number(self, user=None):
        '''
        get the mobile number
            - from the token info or
            - if the policy allowes it, from the user info
        '''

        if not user:
            return self.get_phone()

        pol = get_client_policy(context['Client'],
                                scope="authentication",
                                user=user,
                                action="voice_dynamic_mobile_number")

        if not pol:
            return self.get_phone()

        get_dynamic = get_action_value(pol,
                                       scope='authentication',
                                       action="voice_dynamic_mobile_number",
                                       default=False)

        if not get_dynamic:
            return self.get_phone()

        user_detail = getUserDetail(user)
        return user_detail.get('mobile', self.get_phone())
Exemple #6
0
    def update(self, param, reset_failcount=True):
        """
        update - process initialization parameters

        :param param: dict of initialization parameters
        :type param: dict

        :return: nothing

        """
        LOG.debug("[update] begin. adjust the token class with: param %r" % param)

        # specific - e-mail
        self._email_address = param[self.EMAIL_ADDRESS_KEY]
        # in scope selfservice - check if edit_email is allowed
        # if not allowed to edit, check if the email is the same
        # as from the user data
        if param.get('::scope::', {}).get('selfservice', False):
            user = param['::scope::']['user']
            if not is_email_editable(user):
                u_info = getUserDetail(user)
                u_email = u_info.get('email', None)
                if u_email.strip() != self._email_address.strip():
                    raise Exception(_('User is not allowed to set email address'))

        ## in case of the e-mail token, only the server must know the otpkey
        ## thus if none is provided, we let create one (in the TokenClass)
        if not 'genkey' in param and not 'otpkey' in param:
            param['genkey'] = 1

        HmacTokenClass.update(self, param, reset_failcount)

        LOG.debug("[update] end. all token parameters are set.")
        return
Exemple #7
0
    def update(self, param, reset_failcount=True):
        '''
        update - process initialization parameters

        :param param: dict of initialization parameters
        :type param: dict

        :return: nothing

        '''
        _ = context['translate']

        log.debug("[update] begin. adjust the token class with: param %r" %
                  (param))

        # specific - phone
        phone = getParam(param, "phone", required)

        # in scope selfservice - check if edit_sms is allowed
        # if not allowed to edit, check if the phone is the same
        # as from the user data
        if param.get('::scope::', {}).get('selfservice', False):
            user = param['::scope::']['user']
            if not is_phone_editable(user):
                u_info = getUserDetail(user)
                u_phone = u_info.get('mobile', u_info.get('phone', None))
                if u_phone != phone:
                    raise Exception(
                        _('User is not allowed to '
                          'set phone number'))

        self.setPhone(phone)

        # in case of the sms token, only the server must know the otpkey
        # thus if none is provided, we let create one (in the TokenClass)
        if 'genkey' not in param and 'otpkey' not in param:
            param['genkey'] = 1

        HmacTokenClass.update(self, param, reset_failcount)

        log.debug("[update] end. all token parameters are set.")
        return
Exemple #8
0
    def update(self, param, reset_failcount=True):
        '''
        update - process initialization parameters

        :param param: dict of initialization parameters
        :type param: dict

        :return: nothing

        '''
        _ = context['translate']

        # specific - phone
        try:
            phone = param['phone']
        except KeyError:
            raise ParameterError("Missing parameter: 'phone'")

        # in scope selfservice - check if edit_sms is allowed
        # if not allowed to edit, check if the phone is the same
        # as from the user data
        if param.get('::scope::', {}).get('selfservice', False):
            user = param['::scope::']['user']
            if not is_phone_editable(user):
                u_info = getUserDetail(user)
                u_phone = u_info.get('mobile', u_info.get('phone', None))
                if u_phone != phone:
                    raise Exception(
                        _('User is not allowed to '
                          'set phone number'))

        self.setPhone(phone)

        # in case of the sms token, only the server must know the otpkey
        # thus if none is provided, we let create one (in the TokenClass)
        if 'genkey' not in param and 'otpkey' not in param:
            param['genkey'] = 1

        HmacTokenClass.update(self, param, reset_failcount)

        return
Exemple #9
0
    def update(self, param, reset_failcount=True):
        '''
        update - process initialization parameters

        :param param: dict of initialization parameters
        :type param: dict

        :return: nothing

        '''
        _ = context['translate']

        log.debug("[update] begin. adjust the token class with: param %r"
                  % (param))

        # specific - phone
        phone = getParam(param, "phone", required)

        # in scope selfservice - check if edit_sms is allowed
        # if not allowed to edit, check if the phone is the same
        # as from the user data
        if param.get('::scope::', {}).get('selfservice', False):
            user = param['::scope::']['user']
            if not is_phone_editable(user):
                u_info = getUserDetail(user)
                u_phone = u_info.get('mobile', u_info.get('phone', None))
                if u_phone != phone:
                    raise Exception(_('User is not allowed to '
                                      'set phone number'))

        self.setPhone(phone)

        # in case of the sms token, only the server must know the otpkey
        # thus if none is provided, we let create one (in the TokenClass)
        if 'genkey' not in param and 'otpkey' not in param:
            param['genkey'] = 1

        HmacTokenClass.update(self, param, reset_failcount)

        log.debug("[update] end. all token parameters are set.")
        return
Exemple #10
0
    def update(self, param, reset_failcount=True):
        """
        update - process initialization parameters

        :param param: dict of initialization parameters
        :type param: dict

        :return: nothing

        """

        # specific - phone
        try:
            phone = param["phone"]
        except KeyError:
            raise ParameterError("Missing parameter: 'phone'")

        # in scope selfservice - check if edit_sms is allowed
        # if not allowed to edit, check if the phone is the same
        # as from the user data
        if param.get("::scope::", {}).get("selfservice", False):
            user = param["::scope::"]["user"]
            if not is_phone_editable(user):
                u_info = getUserDetail(user)
                u_phone = u_info.get("mobile", u_info.get("phone", None))
                if u_phone != phone:
                    raise Exception(
                        _("User is not allowed to set phone number")
                    )

        self.setPhone(phone)

        # in case of the sms token, only the server must know the otpkey
        # thus if none is provided, we let create one (in the TokenClass)
        if "genkey" not in param and "otpkey" not in param:
            param["genkey"] = 1

        HmacTokenClass.update(self, param, reset_failcount)

        return
Exemple #11
0
    def update(self, param, reset_failcount=True):
        """
        update - process initialization parameters

        :param param: dict of initialization parameters
        :type param: dict

        :return: nothing

        """
        LOG.debug("[update] begin. adjust the token class with: param %r",
                  param)

        # specific - e-mail
        self._email_address = param[self.EMAIL_ADDRESS_KEY]

        # in scope selfservice - check if edit_email is allowed
        # if not allowed to edit, check if the email is the same
        # as from the user data
        if param.get("::scope::", {}).get("selfservice", False):
            user = param["::scope::"]["user"]
            if not is_email_editable(user):
                u_info = getUserDetail(user)
                u_email = u_info.get("email", None)
                if u_email.strip() != self._email_address.strip():
                    raise Exception(
                        _("User is not allowed to set email address"))

        # in case of the e-mail token, only the server must know the otpkey
        # thus if none is provided, we let create one (in the TokenClass)
        if "genkey" not in param and "otpkey" not in param:
            param["genkey"] = 1

        HmacTokenClass.update(self, param, reset_failcount)

        LOG.debug("[update] end. all token parameters are set.")
        return
Exemple #12
0
    def update(self, param, reset_failcount=True):
        """
        update - process initialization parameters

        :param param: dict of initialization parameters
        :type param: dict

        :return: nothing

        """
        log.debug("[update] begin. adjust the token class with: param %r" % (param))

        # specific - phone
        phone = getParam(param, "phone", required)

        # in scope selfservice - check if edit_sms is allowed
        # if not allowed to edit, check if the phone is the same
        # as from the user data
        if param.get("::scope::", {}).get("selfservice", False):
            user = param["::scope::"]["user"]
            if not is_phone_editable(user):
                u_info = getUserDetail(user)
                u_phone = u_info.get("mobile", u_info.get("phone", None))
                if u_phone != phone:
                    raise Exception(_("User is not allowed to " "set phone number"))

        self.setPhone(phone)

        # in case of the sms token, only the server must know the otpkey
        # thus if none is provided, we let create one (in the TokenClass)
        if "genkey" not in param and "otpkey" not in param:
            param["genkey"] = 1

        HmacTokenClass.update(self, param, reset_failcount)

        log.debug("[update] end. all token parameters are set.")
        return