def setPin(self):
"""
method:
api/helpdesk/setPin
description:
This function sets the PIN of the token
arguments:
* serial - required
* pin - optional - uses random pin instead
returns:
an array with the list of affected serial numbers
"""
res = {}
try:
params = self.request_params
serial = params.get("serial")
if not serial:
raise ParameterError("Missing parameter: 'serial'")
tokens = getTokens4UserOrSerial(serial=serial)
result = []
for token in tokens:
owner = get_token_owner(token)
current_serial = token.getSerial()
pin = params.get(
'pin', createRandomPin(owner, min_pin_length=6))
# as the parameter pin in the params is evaluated by
# the checkPolicyPre and checkPolicyPost we need to put the
# parameter pin and current_serial into the params
params['pin'] = pin
params['serial'] = current_serial
# set pin is done by the admin/set with the parameter pin
checkPolicyPre(
'admin', method='set', param=params, user=owner)
token.setPin(pin)
# while in the pre checks for method='set' the post checks
# for 'setPin' which is used to determin if a new pin has to
# be generated
res = checkPolicyPost(
'admin', 'setPin', param=params, user=owner)
pin = res.get('new_pin', pin)
info = {
'message': ('A new pin ${Pin} has been set for your '
'token: ${serial}'),
'Subject': 'new pin set for token ${serial}',
'Pin': pin,
'serial': current_serial,
}
notify_user(owner, 'setPin', info, required=True)
result.append(serial)
c.audit['success'] = True
c.audit['info'] = result
Session.commit()
return sendResult(response, result)
except PolicyException as pex:
log.exception('[setPin] policy failed %r')
Session.rollback()
return sendError(response, pex, 1)
except Exception as exx:
log.exception('[setPin] error while setting pin')
Session.rollback()
return sendError(response, exx, 0)
finally:
Session.close()
def enroll(self):
"""
method:
api/helpdesk/enroll
description:
method to enroll a token as helpdesk
arguments:
* type: the token type, currently only 'email'
* user: the new token owner
* realm: (optional) the realm the user belongs to - used to identify the user
returns:
success as boolean
"""
ret = False
response_detail = {}
params = self.request_params
try:
if 'user' not in params:
raise ParameterError('missing parameter: user!')
if 'type' not in params:
raise ParameterError('missing parameter: type!')
# --------------------------------------------------------------- --
# determine token class
token_cls_alias = params.get("type")
lower_alias = token_cls_alias.lower()
if lower_alias not in tokenclass_registry:
raise TokenAdminError('admin/init failed: unknown token '
'type %r' % token_cls_alias, id=1610)
token_cls = tokenclass_registry.get(lower_alias)
# --------------------------------------------------------------- --
# call the token class hook in order to enrich/overwrite the
# parameters
helper_params = token_cls.get_helper_params_pre(params)
params.update(helper_params)
# --------------------------------------------------------------- --
# fetch user from parameters.
user = getUserFromParam(params)
# --------------------------------------------------------------- --
# create a new pin according to the policies
if 'pin' not in params:
params['pin'] = createRandomPin(user, min_pin_length=6)
# --------------------------------------------------------------- --
if 'otpkey' not in params:
params['genkey'] = '1'
# --------------------------------------------------------------- --
# check admin authorization
res = checkPolicyPre('admin', 'init', params, user=user)
# --------------------------------------------------------------- --
helper_params = token_cls.get_helper_params_post(params, user=user)
params.update(helper_params)
# --------------------------------------------------------------- --
# create new serial
th = TokenHandler()
serial = th.genSerial(token_cls_alias)
params['serial'] = serial
log.info("[init] initialize token. user: %s, serial: %s"
% (user.login, serial))
# --------------------------------------------------------------- --
# scope_extension: we are in scope helpdesk
# this is eg required to notify the emailtoken to use the
# email from user if none is given as param
params['::scope::'] = {
'helpdesk': True,
'user': user
}
(ret, token) = th.initToken(params, user)
# --------------------------------------------------------------- --
# different token types return different information on
# initialization (e.g. otpkey, pairing_url, etc)
initDetail = token.getInitDetail(params, user)
response_detail.update(initDetail)
# --------------------------------------------------------------- --
# prepare data for audit
if token is not None and ret is True:
c.audit['serial'] = token.getSerial()
c.audit['token_type'] = token.type
c.audit['success'] = ret
c.audit['user'] = user.login
c.audit['realm'] = user.realm
c.audit['action_detail'] += get_token_num_info()
res = checkPolicyPost('admin', 'init', params, user=user)
pin = res.get('new_pin', params['pin'])
message = ("A new ${tokentype} token (${serial}) "
"with pin '${Pin}' "
"for ${givenname} ${surname} has been enrolled.")
info = {
'message': message,
'Subject': 'New %s token enrolled' % token.type,
'Pin': pin,
'tokentype': token.type
}
info.update(response_detail)
notify_user(user, 'enrollment', info, required=True)
c.audit['action_detail'] += get_token_num_info()
c.audit['success'] = ret
return sendResult(response, ret)
except PolicyException as pex:
log.exception("Policy Exception while enrolling token")
Session.rollback()
return sendError(response, pex, 1)
except Exception as exx:
log.exception("Exception while enrolling token")
Session.rollback()
return sendError(response, exx, 1)