def test_get_selfservice_actions2(self, mocked__get_client, mocked__get_policies, mocked_get_policy_definitions): """Verify the policy evaluation via helper get_selfservice_actions""" mocked__get_client.return_value = '127.0.0.1' simple_user = LinotpUser(login='******', realm='defaultrealm') anonym_user = LinotpUser(login='******', realm='defaultrealm') policy_set = copy.deepcopy(PolicySet) # ----------------------------------------------------------------- -- mocked_get_policy_definitions.return_value = { 'selfservice': { 'otp_pin_maxlength': { 'type': 'int' }, 'enrollHMAC': { 'type': 'bool' }, 'reset': { 'type': 'bool' }, } } # verify that general policy is honored policy_set['general']['action'] = ( 'otp_pin_maxlength=4, enrollHMAC, reset') mocked__get_policies.return_value = policy_set res = get_selfservice_actions(simple_user, 'otp_pin_maxlength') assert 'otp_pin_maxlength' in res assert res['otp_pin_maxlength'] == 4 # ----------------------------------------------------------------- -- # verify that user specific policy is honored policy_set['simple_user']['action'] = ( 'otp_pin_maxlength=6, delete, reset') mocked__get_policies.return_value = policy_set res = get_selfservice_actions(simple_user, 'otp_pin_maxlength') assert 'otp_pin_maxlength' in res assert res['otp_pin_maxlength'] == 6 # ----------------------------------------------------------------- -- # verify that user specific policy is honored but only for the user res = get_selfservice_actions(anonym_user, 'otp_pin_maxlength') assert 'otp_pin_maxlength' in res assert res['otp_pin_maxlength'] == 4
def webprovisiongoogletoken(self): """ This is the form for an google token to do web provisioning. """ try: c.actions = get_selfservice_actions(self.authUser) return render("/selfservice/webprovisiongoogle.mako") except Exception as exx: log.error("[webprovisiongoogletoken] failed with error: %r", exx) return sendError(response, exx)
def get_context(config, user, client): """ get the user dependend rendering context :param user: the selfservice auth user :param realm: the selfservice realm :param client: the selfservice client info - required for pre_context :return: context dict, with all rendering attributes """ context = get_pre_context(client) context["user"] = get_userinfo(user) context["imprint"] = get_imprint(user.realm) context["tokenArray"] = getTokenForUser(user) context["actions"] = list() for action_name, action_value in get_selfservice_actions(user).items(): if action_value is True: context["actions"].append(action_name) else: context["settings"][action_name] = action_value return context
def __before__(self, **params): """ __before__ is called before every action This is the authentication to self service. If you want to do ANYTHING with the selfservice, you need to be authenticated. The _before_ is executed before any other function in this controller. :param params: list of named arguments :return: -nothing- or in case of an error a Response created by sendError with the context info 'before' """ action = request_context['action'] self.redirect = None try: c.version = get_version() c.licenseinfo = get_copyright_info() c.version_ref = base64.encodebytes(c.version.encode())[:6] g.audit['success'] = False self.client = get_client(request) g.audit['client'] = self.client # -------------------------------------------------------------- -- # handle requests which dont require authetication if action in ['logout', 'custom_style']: return # -------------------------------------------------------------- -- # get the authenticated user auth_type, auth_user, auth_state = get_auth_user(request) # -------------------------------------------------------------- -- # handle not authenticated requests if not auth_user or auth_type not in ['user_selfservice']: if action in ['login']: return if action in ['index']: self.redirect = True return redirect(url_for('.login')) else: raise Unauthorized('No valid session') # -------------------------------------------------------------- -- # handle authenticated requests # there is only one special case, which is the login that # could be forwarded to the index page if action in ['login']: if auth_state != 'authenticated': return self.redirect = True return redirect(url_for('.index')) # -------------------------------------------------------------- -- # in case of user_selfservice, an unauthenticated request should always go to login if auth_user and auth_type == 'user_selfservice' \ and auth_state != 'authenticated': self.redirect = True return redirect(url_for('.login')) # futher processing with the authenticated user if auth_state != 'authenticated': raise Unauthorized('No valid session') c.user = auth_user.login c.realm = auth_user.realm self.authUser = auth_user # -------------------------------------------------------------- -- # authenticated session verification if auth_type == 'user_selfservice': # checking the session only for not_form_access actions if action not in self.form_access_methods: valid_session = check_session(request, auth_user, self.client) if not valid_session: g.audit['action'] = request.path[1:] g.audit['info'] = "session expired" current_app.audit_obj.log(g.audit) raise Unauthorized('No valid session') # -------------------------------------------------------------- -- c.imprint = get_imprint(c.realm) c.tokenArray = [] c.user = self.authUser.login c.realm = self.authUser.realm # only the defined actions should be displayed # - remark: the generic actions like enrollTT are allready approved # to have a rendering section and included actions = get_selfservice_actions(self.authUser) c.actions = actions for action_name, action_value in actions.items(): if action_value is True: c.__setattr__(action_name, -1) continue c.__setattr__(action_name, action_value) c.dynamic_actions = add_dynamic_selfservice_enrollment(config, c.actions) # we require to establish all token local defined # policies to be initialiezd additional_policies = add_dynamic_selfservice_policies(config, actions) for policy in additional_policies: c.__setattr__(policy, -1) c.otplen = -1 c.totp_len = -1 c.pin_policy = _get_auth_PinPolicy(user=self.authUser) except (flap.HTTPUnauthorized, flap.HTTPForbidden) as acc: # the exception, when an abort() is called if forwarded log.info("[__before__::%r] webob.exception %r" % (action, acc)) db.session.rollback() raise acc except Exception as e: log.exception("[__before__] failed with error: %r" % e) db.session.rollback() return sendError(response, e, context='before')
def test_get_selfservice_actions( self, mocked__get_client, mocked__get_policies, mocked_get_policy_definitions, ): """Verify the policy evaluation via helper get_selfservice_actions""" mocked__get_client.return_value = "127.0.0.1" simple_user = LinotpUser(login="******", realm="defaultrealm") anonym_user = LinotpUser(login="******", realm="defaultrealm") policy_set = copy.deepcopy(PolicySet) mocked_get_policy_definitions.return_value = { "selfservice": { "setDescription": { "type": "bool" }, "enrollHMAC": { "type": "bool" }, "reset": { "type": "bool" }, } } # ----------------------------------------------------------------- -- # verify that general policy is honored policy_set["general"]["action"] = "setDescription, enrollHMAC, reset" mocked__get_policies.return_value = policy_set res = get_selfservice_actions(simple_user, "setDescription") assert "setDescription" in res assert res["setDescription"] res = get_selfservice_actions(simple_user) assert "setDescription" not in res assert "disable" in res assert get_selfservice_actions(simple_user, "setDescription") assert not get_selfservice_actions(anonym_user, "disable") # ----------------------------------------------------------------- -- # verify that user specific policy is honored policy_set["simple_user"]["action"] = "setDescription, disable" mocked__get_policies.return_value = policy_set res = get_selfservice_actions(simple_user) assert "setDescription" in res assert "disable" in res assert "reset" not in res
def test_get_selfservice_actions2( self, mocked__get_client, mocked__get_policies, mocked_get_policy_definitions, ): """Verify the policy evaluation via helper get_selfservice_actions""" mocked__get_client.return_value = "127.0.0.1" simple_user = LinotpUser(login="******", realm="defaultrealm") anonym_user = LinotpUser(login="******", realm="defaultrealm") policy_set = copy.deepcopy(PolicySet) # ----------------------------------------------------------------- -- mocked_get_policy_definitions.return_value = { "selfservice": { "otp_pin_maxlength": { "type": "int" }, "enrollHMAC": { "type": "bool" }, "reset": { "type": "bool" }, } } # verify that general policy is honored policy_set["general"][ "action"] = "otp_pin_maxlength=4, enrollHMAC, reset" mocked__get_policies.return_value = policy_set res = get_selfservice_actions(simple_user, "otp_pin_maxlength") assert "otp_pin_maxlength" in res assert res["otp_pin_maxlength"] == 4 # ----------------------------------------------------------------- -- # verify that user specific policy is honored policy_set["simple_user"][ "action"] = "otp_pin_maxlength=6, delete, reset" mocked__get_policies.return_value = policy_set res = get_selfservice_actions(simple_user, "otp_pin_maxlength") assert "otp_pin_maxlength" in res assert res["otp_pin_maxlength"] == 6 # ----------------------------------------------------------------- -- # verify that user specific policy is honored but only for the user res = get_selfservice_actions(anonym_user, "otp_pin_maxlength") assert "otp_pin_maxlength" in res assert res["otp_pin_maxlength"] == 4
def test_get_selfservice_actions(self, mocked__get_client, mocked__get_policies, mocked_get_policy_definitions): """Verify the policy evaluation via helper get_selfservice_actions""" mocked__get_client.return_value = '127.0.0.1' simple_user = LinotpUser(login='******', realm='defaultrealm') anonym_user = LinotpUser(login='******', realm='defaultrealm') policy_set = copy.deepcopy(PolicySet) mocked_get_policy_definitions.return_value = { 'selfservice': { 'setDescription': { 'type': 'bool' }, 'enrollHMAC': { 'type': 'bool' }, 'reset': { 'type': 'bool' }, } } # ----------------------------------------------------------------- -- # verify that general policy is honored policy_set['general']['action'] = ('setDescription, enrollHMAC, reset') mocked__get_policies.return_value = policy_set res = get_selfservice_actions(simple_user, 'setDescription') assert 'setDescription' in res assert res['setDescription'] res = get_selfservice_actions(simple_user) assert 'setDescription' not in res assert 'disable' in res assert get_selfservice_actions(simple_user, 'setDescription') assert not get_selfservice_actions(anonym_user, 'disable') # ----------------------------------------------------------------- -- # verify that user specific policy is honored policy_set['simple_user']['action'] = ('setDescription, disable') mocked__get_policies.return_value = policy_set res = get_selfservice_actions(simple_user) assert 'setDescription' in res assert 'disable' in res assert 'reset' not in res