def __init__(self, aToken): HmacTokenClass.__init__(self, aToken) self.setType(u"email") self.hKeyRequired = False # we support various hashlib methods, but only on create # which is effectively set in the update self.hashlibStr = context['Config'].get("hotp.hashlib", "sha1") self.mode = ['challenge']
def update(self, param, reset_failcount=True): """ update - process initialization parameters :param param: dict of initialization parameters :type param: dict :return: nothing """ LOG.debug("[update] begin. adjust the token class with: param %r" % param) _ = context['translate'] # specific - e-mail self._email_address = param[self.EMAIL_ADDRESS_KEY] # in scope selfservice - check if edit_email is allowed # if not allowed to edit, check if the email is the same # as from the user data if param.get('::scope::', {}).get('selfservice', False): user = param['::scope::']['user'] if not is_email_editable(user): u_info = getUserDetail(user) u_email = u_info.get('email', None) if u_email.strip() != self._email_address.strip(): raise Exception(_('User is not allowed to set ' 'email address')) # in case of the e-mail token, only the server must know the otpkey # thus if none is provided, we let create one (in the TokenClass) if 'genkey' not in param and 'otpkey' not in param: param['genkey'] = 1 HmacTokenClass.update(self, param, reset_failcount) LOG.debug("[update] end. all token parameters are set.") return
def checkOtp(self, anOtpVal, counter, window, options=None): ''' checkOtp - check the otpval of a token against a given counter in the + window range :param passw: the to be verified passw/pin :type passw: string :return: counter if found, -1 if not found :rtype: int ''' if not options: options = {} ret = HmacTokenClass.checkOtp(self, anOtpVal, counter, window) if ret != -1: if self.isValid() is False: ret = -1 if ret >= 0: if get_auth_AutoSMSPolicy(): user = None message = "<otp>" realms = self.getRealms() if realms: _sms_ret, message = get_auth_smstext(realm=realms[0]) if 'user' in options: user = options.get('user', None) if user: _sms_ret, message = get_auth_smstext(realm=user.realm) realms = self.getRealms() if 'data' in options or 'message' in options: message = options.get('data', options.get('message', '<otp>')) try: _success, message = self.sendSMS(message=message) except Exception as exx: log.exception(exx) finally: self.incOtpCounter(ret, reset=False) if ret >= 0: msg = "otp verification was successful!" else: msg = "otp verification failed!" log.debug(msg) return ret
def update(self, param, reset_failcount=True): """ update - process initialization parameters :param param: dict of initialization parameters :type param: dict :return: nothing """ LOG.debug("[update] begin. adjust the token class with: param %r", param) # specific - e-mail self._email_address = param[self.EMAIL_ADDRESS_KEY] # in scope selfservice - check if edit_email is allowed # if not allowed to edit, check if the email is the same # as from the user data if param.get("::scope::", {}).get("selfservice", False): user = param["::scope::"]["user"] if not is_email_editable(user): u_info = getUserDetail(user) u_email = u_info.get("email", None) if u_email.strip() != self._email_address.strip(): raise Exception( _("User is not allowed to set email address")) # in case of the e-mail token, only the server must know the otpkey # thus if none is provided, we let create one (in the TokenClass) if "genkey" not in param and "otpkey" not in param: param["genkey"] = 1 HmacTokenClass.update(self, param, reset_failcount) LOG.debug("[update] end. all token parameters are set.") return
def test_validate_seed(self, moch_getFromConfig): """provided seed should be a valid HEX string""" hmac_token = HmacTokenClass(FakeTokenModel()) goodseed = "1234ab18790bdef1234" hmac_token.validate_seed(goodseed) badseed = "1234ab18790bdef1234g" with self.assertRaises(InvalidSeedException) as cm: hmac_token.validate_seed(badseed) the_exception = cm.exception errormsg = ( "The provided token seed contains non-hexadecimal characters") self.assertEqual(errormsg, the_exception.msg) anotherbadseed = "1234ab187fH90bdef1234" with self.assertRaises(InvalidSeedException) as cm: hmac_token.validate_seed(anotherbadseed) the_exception = cm.exception errormsg = ( "The provided token seed contains non-hexadecimal characters") self.assertEqual(errormsg, the_exception.msg)
def test_hmac_hashlib_sha1(mock_getFromConfig): mock_getFromConfig.return_value = 'sha1' hmac_token = HmacTokenClass(FakeTokenModel()) assert hmac_token.hashlibStr == 'sha1'
def update(self, param): ''' update - process the initialization parameters :param param: dict of initialization parameters :type param: dict :return: nothing ''' ## check for the required parameters val = param.get("hashlib") if val is not None: self.hashlibStr = val else: self.hashlibStr = 'sha1' otpKey = '' if (self.hKeyRequired is True): genkey = int(param.get("genkey", 0)) if 1 == genkey: # if hashlibStr not in keylen dict, this will raise an Exception otpKey = generate_otpkey(keylen.get(self.hashlibStr)) del param['genkey'] else: # genkey not set: check otpkey is given # this will raise an exception if otpkey is not present try: otpKey = param['otpkey'] except KeyError: raise ParameterError("Missing parameter: 'serial'") # finally set the values for the update param['otpkey'] = otpKey param['hashlib'] = self.hashlibStr val = param.get("otplen") if val is not None: self.setOtpLen(int(val)) else: self.setOtpLen(getFromConfig("DefaultOtpLen")) val = param.get("timeStep") if val is not None: self.timeStep = val val = param.get("timeWindow") if val is not None: self.timeWindow = val val = param.get("timeShift") if val is not None: self.timeShift = val HmacTokenClass.update(self, param) if self.timeWindow is not None and self.timeWindow != '': self.addToTokenInfo("timeWindow", self.timeWindow) if self.timeShift is not None and self.timeShift != '': self.addToTokenInfo("timeShift", self.timeShift) if self.timeStep is not None and self.timeStep != '': self.addToTokenInfo("timeStep", self.timeStep) if self.hashlibStr: self.addToTokenInfo("hashlib", self.hashlibStr) return
def update(self, param): ''' update - process the initialization parameters :param param: dict of initialization parameters :type param: dict :return: nothing ''' ## check for the required parameters val = param.get("hashlib") if val is not None: self.hashlibStr = val else: self.hashlibStr = 'sha1' otpKey = '' if (self.hKeyRequired is True): genkey = int(param.get("genkey", 0)) if 1 == genkey: # if hashlibStr not in keylen dict, this will raise an Exception otpKey = generate_otpkey(keylen.get(self.hashlibStr)) del param['genkey'] else: # genkey not set: check otpkey is given # this will raise an exception if otpkey is not present try: otpKey = param['otpkey'] except KeyError: raise ParameterError("Missing parameter: 'serial'") # finally set the values for the update param['otpkey'] = otpKey param['hashlib'] = self.hashlibStr val = param.get("otplen") if val is not None: self.setOtpLen(int(val)) else: self.setOtpLen(getFromConfig("DefaultOtpLen")) val = param.get("timeStep") if val is not None: self.timeStep = val val = param.get("timeWindow") if val is not None: self.timeWindow = val val = param.get("timeShift") if val is not None: self.timeShift = val HmacTokenClass.update(self, param) if self.timeWindow is not None and self.timeWindow != '': self.addToTokenInfo("timeWindow", self.timeWindow) if self.timeShift is not None and self.timeShift != '': self.addToTokenInfo("timeShift", self.timeShift) if self.timeStep is not None and self.timeStep != '': self.addToTokenInfo("timeStep", self.timeStep) if self.hashlibStr: self.addToTokenInfo("hashlib", self.hashlibStr) return
def test_hmac_hashlib_sha256(mock_getFromConfig): mock_getFromConfig.return_value = "sha1" hmac_token = HmacTokenClass(FakeTokenModel("sha256")) assert hmac_token.hashlibStr == "sha256"