def load_form(self): ''' This shows the enrollment form for a requested token type. implicit parameters are: :param type: token type :param scope: defines the rendering scope :return: rendered html of the requested token ''' res = '' tok = None section = None scope = None try: try: act = self.request_params["type"] except KeyError: raise ParameterError("Missing parameter: 'type'", id=905) try: (tok, section, scope) = act.split('.') except Exception: return res if section != 'selfservice': return res if tok in tokenclass_registry: tclt = tokenclass_registry.get(tok) if hasattr(tclt, 'getClassInfo'): sections = tclt.getClassInfo(section, {}) if scope in list(sections.keys()): section = sections.get(scope) page = section.get('page') c.scope = page.get('scope') c.authUser = self.authUser html = page.get('html') res = render(os.path.sep + html).decode() res = remove_empty_lines(res) db.session.commit() return res except CompileException as exx: log.exception("[load_form] compile error while processing %r.%r:" "Exeption was %r" % (tok, scope, exx)) db.session.rollback() raise exx except Exception as exx: db.session.rollback() error = ('error (%r) accessing form data for: tok:%r, scope:%r' ', section:%r' % (exx, tok, scope, section)) log.exception(error) return "<h1>{}</h1><pre>{} {}</pre>".format( _("Failed to load form"), _("Error"), exx)
def tokentype(self): """""" c.title = "TokenTypeInfo" ttinfo = [] ttinfo.extend(list(tokenclass_registry.keys())) for tok in tokenclass_registry: tclass_object = tokenclass_registry.get(tok) if hasattr(tclass_object, "getClassType"): ii = tclass_object.getClassType() ttinfo.append(ii) log.debug("[index] importers: %s", IMPORT_TEXT) c.tokeninfo = ttinfo return render("/manage/tokentypeinfo.mako").decode("utf-8")
def tokentype(self): ''' ''' c.title = 'TokenTypeInfo' ttinfo = [] ttinfo.extend(list(tokenclass_registry.keys())) for tok in tokenclass_registry: tclass_object = tokenclass_registry.get(tok) if hasattr(tclass_object, 'getClassType'): ii = tclass_object.getClassType() ttinfo.append(ii) log.debug("[index] importers: %s" % IMPORT_TEXT) c.tokeninfo = ttinfo return render('/manage/tokentypeinfo.mako').decode('utf-8')
def tokentype(self): ''' ''' c.title = 'TokenTypeInfo' ttinfo = [] ttinfo.extend(tokenclass_registry.keys()) for tok in tokenclass_registry: tclass_object = tokenclass_registry.get(tok) if hasattr(tclass_object, 'getClassType'): ii = tclass_object.getClassType() ttinfo.append(ii) log.debug("[index] importers: %s" % IMPORT_TEXT) c.tokeninfo = ttinfo return render('/manage/tokentypeinfo.mako')
def add_dynamic_selfservice_policies(config, actions): """ add_dynamic_actions - load the html of the dynamic tokens according to the policy definition :param actions: the allowd policy actions for the current scope :type actions: array of actions names :return: hash of {tokentype : html for tab} """ dynamic_policies = [] defined_policies = [] for tok in tokenclass_registry: tclt = tokenclass_registry.get(tok) if hasattr(tclt, "getClassInfo"): # # check if we have a policy in the token definition try: policy = tclt.getClassInfo("policy", ret=None) if policy is not None and "selfservice" in policy: scope_policies = list(policy.get("selfservice").keys()) """ initialize the policies """ if len(defined_policies) == 0: for pol in actions: if "=" in pol: (name, val) = pol.split("=") defined_policies.append(name) for local_policy in scope_policies: if local_policy not in defined_policies: dynamic_policies.append(local_policy) except Exception as exx: log.info( "[_add_dynamic_actions] no policy for tokentype " "%r found (%r)", tok, exx, ) return dynamic_policies
def add_dynamic_selfservice_policies(config, actions): ''' add_dynamic_actions - load the html of the dynamic tokens according to the policy definition :param actions: the allowd policy actions for the current scope :type actions: array of actions names :return: hash of {tokentype : html for tab} ''' dynamic_policies = [] defined_policies = [] for tok in tokenclass_registry: tclt = tokenclass_registry.get(tok) if hasattr(tclt, 'getClassInfo'): # # check if we have a policy in the token definition try: policy = tclt.getClassInfo('policy', ret=None) if policy is not None and policy.has_key('selfservice'): scope_policies = policy.get('selfservice').keys() ''' initialize the policies ''' if len(defined_policies) == 0: for pol in actions: if '=' in pol: (name, val) = pol.split('=') defined_policies.append(name) for local_policy in scope_policies: if local_policy not in defined_policies: dynamic_policies.append(local_policy) except Exception as e: log.info('[_add_dynamic_actions] no policy for tokentype ' '%s found (%r)' % (unicode(tok), e)) return dynamic_policies
def add_dynamic_selfservice_policies(config, actions): ''' add_dynamic_actions - load the html of the dynamic tokens according to the policy definition :param actions: the allowd policy actions for the current scope :type actions: array of actions names :return: hash of {tokentype : html for tab} ''' dynamic_policies = [] defined_policies = [] for tok in tokenclass_registry: tclt = tokenclass_registry.get(tok) if hasattr(tclt, 'getClassInfo'): # # check if we have a policy in the token definition try: policy = tclt.getClassInfo('policy', ret=None) if policy is not None and policy.has_key('selfservice'): scope_policies = policy.get('selfservice').keys() ''' initialize the policies ''' if len(defined_policies) == 0: for pol in actions: if '=' in pol: (name, val) = pol.split('=') defined_policies.append(name) for local_policy in scope_policies: if local_policy not in defined_policies: dynamic_policies.append(local_policy) except Exception as e: log.info('[_add_dynamic_actions] no policy for tokentype ' '%s found (%r)' % (unicode(tok), e)) return dynamic_policies
def load_form(self): ''' This shows the enrollment form for a requested token type. implicit parameters are: :param type: token type :param scope: defines the rendering scope :return: rendered html of the requested token ''' res = '' param = {} try: param.update(request.params) try: act = param["type"] except KeyError: raise ParameterError("Missing parameter: 'type'", id=905) try: (tok, section, scope) = act.split('.') except Exception: return res if section != 'selfservice': return res if tok in tokenclass_registry: tclt = tokenclass_registry.get(tok) if hasattr(tclt, 'getClassInfo'): sections = tclt.getClassInfo(section, {}) if scope in sections.keys(): section = sections.get(scope) page = section.get('page') c.scope = page.get('scope') c.authUser = self.authUser html = page.get('html') res = render(os.path.sep + html) res = remove_empty_lines(res) Session.commit() return res except CompileException as exx: log.exception("[load_form] compile error while processing %r.%r:" "Exeption was %r" % (tok, scope, exx)) Session.rollback() raise exx except Exception as exx: Session.rollback() error = ('error (%r) accessing form data for: tok:%r, scope:%r' ', section:%r' % (exx, tok, scope, section)) log.exception(error) return '<pre>%s</pre>' % error finally: Session.close()
def enroll(self): """ method: api/helpdesk/enroll description: method to enroll a token as helpdesk arguments: * type: the token type, currently only 'email' * user: the new token owner * realm: (optional) the realm the user belongs to - used to identify the user returns: success as boolean """ ret = False response_detail = {} params = self.request_params try: if 'user' not in params: raise ParameterError('missing parameter: user!') if 'type' not in params: raise ParameterError('missing parameter: type!') # --------------------------------------------------------------- -- # determine token class token_cls_alias = params.get("type") lower_alias = token_cls_alias.lower() if lower_alias not in tokenclass_registry: raise TokenAdminError('admin/init failed: unknown token ' 'type %r' % token_cls_alias, id=1610) token_cls = tokenclass_registry.get(lower_alias) # --------------------------------------------------------------- -- # call the token class hook in order to enrich/overwrite the # parameters helper_params = token_cls.get_helper_params_pre(params) params.update(helper_params) # --------------------------------------------------------------- -- # fetch user from parameters. user = getUserFromParam(params) # --------------------------------------------------------------- -- # create a new pin according to the policies if 'pin' not in params: params['pin'] = createRandomPin(user, min_pin_length=6) # --------------------------------------------------------------- -- if 'otpkey' not in params: params['genkey'] = '1' # --------------------------------------------------------------- -- # check admin authorization res = checkPolicyPre('admin', 'init', params, user=user) # --------------------------------------------------------------- -- helper_params = token_cls.get_helper_params_post(params, user=user) params.update(helper_params) # --------------------------------------------------------------- -- # create new serial th = TokenHandler() serial = th.genSerial(token_cls_alias) params['serial'] = serial log.info("[init] initialize token. user: %s, serial: %s" % (user.login, serial)) # --------------------------------------------------------------- -- # scope_extension: we are in scope helpdesk # this is eg required to notify the emailtoken to use the # email from user if none is given as param params['::scope::'] = { 'helpdesk': True, 'user': user } (ret, token) = th.initToken(params, user) # --------------------------------------------------------------- -- # different token types return different information on # initialization (e.g. otpkey, pairing_url, etc) initDetail = token.getInitDetail(params, user) response_detail.update(initDetail) # --------------------------------------------------------------- -- # prepare data for audit if token is not None and ret is True: c.audit['serial'] = token.getSerial() c.audit['token_type'] = token.type c.audit['success'] = ret c.audit['user'] = user.login c.audit['realm'] = user.realm c.audit['action_detail'] += get_token_num_info() res = checkPolicyPost('admin', 'init', params, user=user) pin = res.get('new_pin', params['pin']) message = ("A new ${tokentype} token (${serial}) " "with pin '${Pin}' " "for ${givenname} ${surname} has been enrolled.") info = { 'message': message, 'Subject': 'New %s token enrolled' % token.type, 'Pin': pin, 'tokentype': token.type } info.update(response_detail) notify_user(user, 'enrollment', info, required=True) c.audit['action_detail'] += get_token_num_info() c.audit['success'] = ret return sendResult(response, ret) except PolicyException as pex: log.exception("Policy Exception while enrolling token") Session.rollback() return sendError(response, pex, 1) except Exception as exx: log.exception("Exception while enrolling token") Session.rollback() return sendError(response, exx, 1)