def update(self, param, reset_failcount=True):
'''
update - process initialization parameters
:param param: dict of initialization parameters
:type param: dict
:return: nothing
'''
log.debug("[update] begin. adjust the token class with: param %r"
% (param))
# specific - phone
phone = getParam(param, "phone", required)
self.setPhone(phone)
## in case of the sms token, only the server must know the otpkey
## thus if none is provided, we let create one (in the TokenClass)
if not param.has_key('genkey') and not param.has_key('otpkey'):
param['genkey'] = 1
HmacTokenClass.update(self, param, reset_failcount)
log.debug("[update] end. all token parameters are set.")
return
def update(self, param, reset_failcount=True):
"""
update - process initialization parameters
:param param: dict of initialization parameters
:type param: dict
:return: nothing
"""
LOG.debug("[update] begin. adjust the token class with: param %r" %
param)
# specific - e-mail
self._email_address = getParam(param,
self.EMAIL_ADDRESS_KEY,
optional=False)
## in case of the e-mail token, only the server must know the otpkey
## thus if none is provided, we let create one (in the TokenClass)
if not 'genkey' in param and not 'otpkey' in param:
param['genkey'] = 1
HmacTokenClass.update(self, param, reset_failcount)
LOG.debug("[update] end. all token parameters are set.")
return
def update(self, param, reset_failcount=True):
'''
update - process initialization parameters
:param param: dict of initialization parameters
:type param: dict
:return: nothing
'''
log.debug("[update] begin. adjust the token class with: param %r" %
(param))
# specific - phone
phone = getParam(param, "phone", required)
self.setPhone(phone)
# # in case of the sms token, only the server must know the otpkey
# # thus if none is provided, we let create one (in the TokenClass)
if not param.has_key('genkey') and not param.has_key('otpkey'):
param['genkey'] = 1
HmacTokenClass.update(self, param, reset_failcount)
log.debug("[update] end. all token parameters are set.")
return
def update(self, param, reset_failcount=True):
"""
update - process initialization parameters
:param param: dict of initialization parameters
:type param: dict
:return: nothing
"""
LOG.debug("[update] begin. adjust the token class with: param %r" % param)
# specific - e-mail
self._email_address = param[self.EMAIL_ADDRESS_KEY]
# in scope selfservice - check if edit_email is allowed
# if not allowed to edit, check if the email is the same
# as from the user data
if param.get('::scope::', {}).get('selfservice', False):
user = param['::scope::']['user']
if not is_email_editable(user):
u_info = getUserDetail(user)
u_email = u_info.get('email', None)
if u_email.strip() != self._email_address.strip():
raise Exception(_('User is not allowed to set email address'))
## in case of the e-mail token, only the server must know the otpkey
## thus if none is provided, we let create one (in the TokenClass)
if not 'genkey' in param and not 'otpkey' in param:
param['genkey'] = 1
HmacTokenClass.update(self, param, reset_failcount)
LOG.debug("[update] end. all token parameters are set.")
return
def __init__(self, aToken):
HmacTokenClass.__init__(self, aToken)
self.setType(u"sms")
self.hKeyRequired = False
# we support various hashlib methods, but only on create
# which is effectively set in the update
self.hashlibStr = getFromConfig("hotp.hashlib", "sha1")
self.mode = ['challenge']
def __init__(self, aToken, context=None):
HmacTokenClass.__init__(self, aToken, context=context)
self.setType(u"email")
self.hKeyRequired = False
# we support various hashlib methods, but only on create
# which is effectively set in the update
self.hashlibStr = self.context['Config'].get("hotp.hashlib", "sha1")
self.mode = ['challenge']
def __init__(self, aToken):
HmacTokenClass.__init__(self, aToken)
self.setType(u"email")
self.hKeyRequired = False
# we support various hashlib methods, but only on create
# which is effectively set in the update
self.hashlibStr = getFromConfig("hotp.hashlib", "sha1")
self.mode = ['challenge']
def update(self, param, reset_failcount=True):
'''
update - process initialization parameters
:param param: dict of initialization parameters
:type param: dict
:return: nothing
'''
_ = context['translate']
log.debug("[update] begin. adjust the token class with: param %r" %
(param))
# specific - phone
phone = getParam(param, "phone", required)
# in scope selfservice - check if edit_sms is allowed
# if not allowed to edit, check if the phone is the same
# as from the user data
if param.get('::scope::', {}).get('selfservice', False):
user = param['::scope::']['user']
if not is_phone_editable(user):
u_info = getUserDetail(user)
u_phone = u_info.get('mobile', u_info.get('phone', None))
if u_phone != phone:
raise Exception(
_('User is not allowed to '
'set phone number'))
self.setPhone(phone)
# in case of the sms token, only the server must know the otpkey
# thus if none is provided, we let create one (in the TokenClass)
if 'genkey' not in param and 'otpkey' not in param:
param['genkey'] = 1
HmacTokenClass.update(self, param, reset_failcount)
log.debug("[update] end. all token parameters are set.")
return
def checkOtp(self, anOtpVal, counter, window, options=None):
'''
checkOtp - check the otpval of a token against a given counter
in the + window range
:param passw: the to be verified passw/pin
:type passw: string
:return: counter if found, -1 if not found
:rtype: int
'''
log.debug("[checkOtp] begin. start to verify the otp value: anOtpVal:"
" %r, counter: %r, window: %r, options: %r "
% (anOtpVal, counter, window, options))
if not options:
options = {}
ret = HmacTokenClass.checkOtp(self, anOtpVal, counter, window)
if ret != -1:
if self.isValid() == False:
ret = -1
if ret >= 0:
if get_auth_AutoSMSPolicy():
user = None
message = "<otp>"
realms = self.getRealms()
if realms:
_sms_ret, message = get_auth_smstext(realm=realms[0])
if 'user' in options:
user = options.get('user', None)
if user:
_sms_ret, message = get_auth_smstext(realm=user.realm)
realms = self.getRealms()
if 'data' in options or 'message' in options:
message = options.get('data',
options.get('message', '<otp>'))
try:
_success, message = self.sendSMS(message=message)
except Exception as exx:
log.exception(exx)
finally:
self.incOtpCounter(ret, reset=False)
if ret >= 0:
msg = "otp verification was successful!"
else:
msg = "otp verification failed!"
log.debug("[checkOtp] end. %s ret: %r" % (msg, ret))
return ret
def checkOtp(self, anOtpVal, counter, window, options=None):
'''
checkOtp - check the otpval of a token against a given counter
in the + window range
:param passw: the to be verified passw/pin
:type passw: string
:return: counter if found, -1 if not found
:rtype: int
'''
log.debug("[checkOtp] begin. start to verify the otp value: anOtpVal:"
" %r, counter: %r, window: %r, options: %r " %
(anOtpVal, counter, window, options))
if not options:
options = {}
ret = HmacTokenClass.checkOtp(self, anOtpVal, counter, window)
if ret != -1:
if self.isValid() is False:
ret = -1
if ret >= 0:
if get_auth_AutoSMSPolicy():
user = None
message = "<otp>"
realms = self.getRealms()
if realms:
_sms_ret, message = get_auth_smstext(realm=realms[0])
if 'user' in options:
user = options.get('user', None)
if user:
_sms_ret, message = get_auth_smstext(realm=user.realm)
realms = self.getRealms()
if 'data' in options or 'message' in options:
message = options.get('data',
options.get('message', '<otp>'))
try:
_success, message = self.sendSMS(message=message)
except Exception as exx:
log.exception(exx)
finally:
self.incOtpCounter(ret, reset=False)
if ret >= 0:
msg = "otp verification was successful!"
else:
msg = "otp verification failed!"
log.debug("[checkOtp] end. %s ret: %r" % (msg, ret))
return ret
def update(self, param, reset_failcount=True):
'''
update - process initialization parameters
:param param: dict of initialization parameters
:type param: dict
:return: nothing
'''
_ = context['translate']
log.debug("[update] begin. adjust the token class with: param %r"
% (param))
# specific - phone
phone = getParam(param, "phone", required)
# in scope selfservice - check if edit_sms is allowed
# if not allowed to edit, check if the phone is the same
# as from the user data
if param.get('::scope::', {}).get('selfservice', False):
user = param['::scope::']['user']
if not is_phone_editable(user):
u_info = getUserDetail(user)
u_phone = u_info.get('mobile', u_info.get('phone', None))
if u_phone != phone:
raise Exception(_('User is not allowed to '
'set phone number'))
self.setPhone(phone)
# in case of the sms token, only the server must know the otpkey
# thus if none is provided, we let create one (in the TokenClass)
if 'genkey' not in param and 'otpkey' not in param:
param['genkey'] = 1
HmacTokenClass.update(self, param, reset_failcount)
log.debug("[update] end. all token parameters are set.")
return
def update(self, param, reset_failcount=True):
"""
update - process initialization parameters
:param param: dict of initialization parameters
:type param: dict
:return: nothing
"""
LOG.debug("[update] begin. adjust the token class with: param %r" %
param)
_ = context['translate']
# specific - e-mail
self._email_address = param[self.EMAIL_ADDRESS_KEY]
# in scope selfservice - check if edit_email is allowed
# if not allowed to edit, check if the email is the same
# as from the user data
if param.get('::scope::', {}).get('selfservice', False):
user = param['::scope::']['user']
if not is_email_editable(user):
u_info = getUserDetail(user)
u_email = u_info.get('email', None)
if u_email.strip() != self._email_address.strip():
raise Exception(
_('User is not allowed to set '
'email address'))
## in case of the e-mail token, only the server must know the otpkey
## thus if none is provided, we let create one (in the TokenClass)
if not 'genkey' in param and not 'otpkey' in param:
param['genkey'] = 1
HmacTokenClass.update(self, param, reset_failcount)
LOG.debug("[update] end. all token parameters are set.")
return
def update(self, param, reset_failcount=True):
"""
update - process initialization parameters
:param param: dict of initialization parameters
:type param: dict
:return: nothing
"""
log.debug("[update] begin. adjust the token class with: param %r" % (param))
# specific - phone
phone = getParam(param, "phone", required)
# in scope selfservice - check if edit_sms is allowed
# if not allowed to edit, check if the phone is the same
# as from the user data
if param.get("::scope::", {}).get("selfservice", False):
user = param["::scope::"]["user"]
if not is_phone_editable(user):
u_info = getUserDetail(user)
u_phone = u_info.get("mobile", u_info.get("phone", None))
if u_phone != phone:
raise Exception(_("User is not allowed to " "set phone number"))
self.setPhone(phone)
# in case of the sms token, only the server must know the otpkey
# thus if none is provided, we let create one (in the TokenClass)
if "genkey" not in param and "otpkey" not in param:
param["genkey"] = 1
HmacTokenClass.update(self, param, reset_failcount)
log.debug("[update] end. all token parameters are set.")
return
def update(self, param, reset_failcount=True):
"""
update - process initialization parameters
:param param: dict of initialization parameters
:type param: dict
:return: nothing
"""
LOG.debug("[update] begin. adjust the token class with: param %r" % param)
# specific - e-mail
self._email_address = getParam(param, self.EMAIL_ADDRESS_KEY, optional=False)
## in case of the e-mail token, only the server must know the otpkey
## thus if none is provided, we let create one (in the TokenClass)
if not 'genkey' in param and not 'otpkey' in param:
param['genkey'] = 1
HmacTokenClass.update(self, param, reset_failcount)
LOG.debug("[update] end. all token parameters are set.")
return
def checkOtp(self, anOtpVal, counter, window, options=None):
'''
checkOtp - check the otpval of a token against a given counter
in the + window range
:param passw: the to be verified passw/pin
:type passw: string
:return: counter if found, -1 if not found
:rtype: int
'''
log.debug(
"[checkOtp] begin. start to verify the otp value: anOtpVal:" +
" %r, counter: %r, window: %r, options: %r " %
(anOtpVal, counter, window, options))
ret = HmacTokenClass.checkOtp(self, anOtpVal, counter, window)
if ret != -1:
if self.isValid() == False:
ret = -1
if ret >= 0:
if get_auth_AutoSMSPolicy():
user = None
message = "<otp>"
if options is not None and type(options) == dict:
user = options.get('user', None)
if user:
sms_ret, message = get_auth_smstext(realm=user.realm)
self.incOtpCounter(ret, reset=False)
success, message = self.sendSMS(message=message)
if ret >= 0:
msg = "otp verification was successful!"
else:
msg = "otp verification failed!"
log.debug("[checkOtp] end. %s ret: %r" % (msg, ret))
return ret
def checkOtp(self, anOtpVal, counter, window, options=None):
"""
checkOtp - check the otpval of a token against a given counter
in the + window range
:param passw: the to be verified passw/pin
:type passw: string
:return: counter if found, -1 if not found
:rtype: int
"""
log.debug(
"[checkOtp] begin. start to verify the otp value: anOtpVal:"
+ " %r, counter: %r, window: %r, options: %r " % (anOtpVal, counter, window, options)
)
ret = HmacTokenClass.checkOtp(self, anOtpVal, counter, window)
if ret != -1:
if self.isValid() == False:
ret = -1
if ret >= 0:
if get_auth_AutoSMSPolicy():
user = None
message = "<otp>"
if options is not None and type(options) == dict:
user = options.get("user", None)
if user:
sms_ret, message = get_auth_smstext(realm=user.realm)
self.incOtpCounter(ret, reset=False)
success, message = self.sendSMS(message=message)
if ret >= 0:
msg = "otp verification was successful!"
else:
msg = "otp verification failed!"
log.debug("[checkOtp] end. %s ret: %r" % (msg, ret))
return ret
def update(self, param):
'''
update - process the initialization parameters
:param param: dict of initialization parameters
:type param: dict
:return: nothing
'''
log.debug("[update] begin. Process the initialization parameters: param %r" % (param))
## check for the required parameters
val = getParam(param, "hashlib", optional)
if val is not None:
self.hashlibStr = val
else:
self.hashlibStr = 'sha1'
otpKey = ''
if (self.hKeyRequired == True):
genkey = int(getParam(param, "genkey", optional) or 0)
if 1 == genkey:
# if hashlibStr not in keylen dict, this will raise an Exception
otpKey = generate_otpkey(keylen.get(self.hashlibStr))
del param['genkey']
else:
# genkey not set: check otpkey is given
# this will raise an exception if otpkey is not present
otpKey = getParam(param, "otpkey", required)
# finally set the values for the update
param['otpkey'] = otpKey
param['hashlib'] = self.hashlibStr
val = getParam(param, "otplen", optional)
if val is not None:
self.setOtpLen(int(val))
else:
self.setOtpLen(getFromConfig("DefaultOtpLen"))
val = getParam(param, "timeStep", optional)
if val is not None:
self.timeStep = val
val = getParam(param, "timeWindow", optional)
if val is not None:
self.timeWindow = val
val = getParam(param, "timeShift", optional)
if val is not None:
self.timeShift = val
HmacTokenClass.update(self, param)
self.addToTokenInfo("timeWindow", self.timeWindow)
self.addToTokenInfo("timeShift", self.timeShift)
self.addToTokenInfo("timeStep", self.timeStep)
self.addToTokenInfo("hashlib", self.hashlibStr)
log.debug("[update] end. Processing the initialization parameters done.")
return
