def test_45_check_realm_pass(self):
# create a bunch of tokens in the realm
# disabled token
serial = "inactive"
init_token({"serial": serial,
"otpkey": self.otpkey,
"pin": serial}, User("cornelius", self.realm1))
enable_token(serial, False)
# not assigned token
serial = "not_assigned"
init_token({"serial": serial,
"otpkey": self.otpkey,
"pin": serial}, tokenrealms=[self.realm1])
# a normal token
serial = "assigned"
init_token({"serial": serial,
"otpkey": self.otpkey,
"pin": serial}, User("cornelius", self.realm1))
# check if the tokens were created accordingly
tokens = get_tokens(realm=self.realm1, tokentype="hotp",
assigned=False, serial="not_assigned")
self.assertEqual(len(tokens), 1)
tokens = get_tokens(realm=self.realm1, tokentype="hotp",
active=False, serial="inactive")
self.assertEqual(len(tokens), 1)
tokens = get_tokens(realm=self.realm1, tokentype="hotp",
active=True, assigned=True, serial="assigned")
self.assertEqual(len(tokens), 1)
# an inactive token does not match
r = check_realm_pass(self.realm1, "inactive" + "287082")
self.assertEqual(r[0], False)
# The remaining tokens are checked, but the pin does not match,
# so we get "wrong otp pin"
self.assertEqual(r[1].get("message"), "wrong otp pin")
# an unassigned token does not match
r = check_realm_pass(self.realm1, "unassigned" + "287082")
self.assertEqual(r[0], False)
# The remaining tokens are checked, but the pin does not match,
# so we get "wrong otp pin"
self.assertEqual(r[1].get("message"), "wrong otp pin")
# a token assigned to a user does match
r = check_realm_pass(self.realm1, "assigned" + "287082")
# One token in the realm matches the pin and the OTP value
self.assertEqual(r[0], True)
# The remaining tokens are checked, but the pin does not match,
# so we get "wrong otp pin"
self.assertEqual(r[1].get("message"), "matching 1 tokens")
def authenticate(self, passw, user=None, options=None):
"""
do the authentication on base of password / otp and user and
options, the request parameters.
Here we contact the other privacyIDEA server to validate the OtpVal.
:param passw: the password / otp
:param user: the requesting user
:param options: the additional request parameters
:return: tuple of (success, otp_count - 0 or -1, reply)
"""
pin_match = True
otp_counter = -1
reply = None
required_realms = self._get_realms()
# This holds the found serial numbers in the realms
found_serials = {}
separator = self._get_separator()
passwords = passw.split(separator)
for realm in required_realms.keys():
found_serials[realm] = []
for otp in passwords:
res, reply = check_realm_pass(
realm, otp, exclude_types=[self.get_tokentype()])
if res:
serial = reply.get("serial")
found_serials[realm].append(serial)
# uniquify the serials in the list
found_serials[realm] = list(set(found_serials[realm]))
if len(found_serials[realm]) < required_realms[realm]:
reply = {
"foureyes":
"Only found {0:d} tokens in realm {1!s}".format(
len(found_serials[realm]), realm)
}
otp_counter = -1
break
else:
otp_counter = 1
return pin_match, otp_counter, reply
def _authenticate_in_realm(self, realm, password):
"""
This method tries to authenticate a given credential (can be PIN + OTP)
against tokens in a realm and returns the serial of the token, if successful.
Otherwise None
:param realm: The realm where to authenticate
:param password: The PIN + OTP
:return: token_id or None
"""
serial = None
res, reply = check_realm_pass(realm, password,
exclude_types=[self.get_tokentype()])
if res:
serial = reply.get("serial")
return serial
def authenticate(self, passw, user=None, options=None):
"""
do the authentication on base of password / otp and user and
options, the request parameters.
Here we contact the other privacyIDEA server to validate the OtpVal.
:param passw: the password / otp
:param user: the requesting user
:param options: the additional request parameters
:return: tuple of (success, otp_count - 0 or -1, reply)
"""
pin_match = True
otp_counter = -1
reply = None
required_realms = self._get_realms()
# This holds the found serial numbers in the realms
found_serials = {}
separator = self._get_separator()
passwords = passw.split(separator)
for realm in required_realms.keys():
found_serials[realm] = []
for otp in passwords:
res, reply = check_realm_pass(realm, otp)
if res:
serial = reply.get("serial")
found_serials[realm].append(serial)
# uniquify the serials in the list
found_serials[realm] = list(set(found_serials[realm]))
if len(found_serials[realm]) < required_realms[realm]:
reply = {"foureyes": "Only found %i tokens in realm %s" % (
len(found_serials[realm]), realm)}
otp_counter = -1
break
else:
otp_counter = 1
return pin_match, otp_counter, reply
def test_45_check_realm_pass(self):
# create a bunch of tokens in the realm
# disabled token
serial = "inactive"
init_token({
"serial": serial,
"otpkey": self.otpkey,
"pin": serial
}, User("cornelius", self.realm1))
enable_token(serial, False)
# not assigned token
serial = "not_assigned"
init_token({
"serial": serial,
"otpkey": self.otpkey,
"pin": serial
},
tokenrealms=[self.realm1])
# a normal token
serial = "assigned"
init_token({
"serial": serial,
"otpkey": self.otpkey,
"pin": serial
}, User("cornelius", self.realm1))
# check if the tokens were created accordingly
tokens = get_tokens(realm=self.realm1,
tokentype="hotp",
assigned=False,
serial="not_assigned")
self.assertEqual(len(tokens), 1)
tokens = get_tokens(realm=self.realm1,
tokentype="hotp",
active=False,
serial="inactive")
self.assertEqual(len(tokens), 1)
tokens = get_tokens(realm=self.realm1,
tokentype="hotp",
active=True,
assigned=True,
serial="assigned")
self.assertEqual(len(tokens), 1)
# an inactive token does not match
r = check_realm_pass(self.realm1, "inactive" + "287082")
self.assertEqual(r[0], False)
# The remaining tokens are checked, but the pin does not match,
# so we get "wrong otp pin"
self.assertEqual(r[1].get("message"), "wrong otp pin")
# an unassigned token does not match
r = check_realm_pass(self.realm1, "unassigned" + "287082")
self.assertEqual(r[0], False)
# The remaining tokens are checked, but the pin does not match,
# so we get "wrong otp pin"
self.assertEqual(r[1].get("message"), "wrong otp pin")
# a token assigned to a user does match
r = check_realm_pass(self.realm1, "assigned" + "287082")
# One token in the realm matches the pin and the OTP value
self.assertEqual(r[0], True)
# The remaining tokens are checked, but the pin does not match,
# so we get "wrong otp pin"
self.assertEqual(r[1].get("message"), "matching 1 tokens")
