def init_1_QR_Token(self, activationkey=None, tokentype='ocra', serial=None, user=None, pin='pin', message='Message', ocrapin='', genkey='1', ocrasuite='OCRA-1:HOTP-SHA256-8:C-QA64'):
''' -2- acivate ocra token '''
parameters = {}
if tokentype is not None:
parameters['type'] = tokentype
if pin is not None:
parameters['pin'] = pin
if message is not None:
parameters['message'] = message
if genkey is not None:
parameters['genkey'] = genkey
if ocrapin is not None:
parameters['ocrapin'] = ocrapin
if user is not None:
parameters['user'] = user
elif serial is not None:
parameters['serial'] = serial
if activationkey is None:
activationkey = createActivationCode('1234567890')
parameters['activationcode'] = activationkey
if ocrasuite is not None:
parameters['ocrasuite'] = ocrasuite
response = self.app.get(genUrl(controller='admin', action='init'), params=parameters)
return (response, activationkey)
def getActivationCode(self):
'''
method:
ocra/getActivationCode
description:
returns an valid example activcation code
arguments:
./.
returns:
JSON with "activationcode": "JZXW4ZI=2A"
'''
from linotp.lib.crypto.utils import createActivationCode
res = {}
# description = 'ocra/getActivationCode'
try:
params = getLowerParams(self.request_params)
log.debug("[getActivationCode]: %r" % params)
checkPolicyPre('ocra', "activationcode")
ac = str(params.get('activationcode'))
activationCode = createActivationCode(acode=ac)
res = {'activationcode': activationCode}
Session.commit()
return sendResult(response, res, 1)
except PolicyException as pe:
log.exception("[getActivationCode] policy failed: %r" % pe)
Session.rollback()
return sendError(response, unicode(pe))
except Exception as exx:
log.exception("[getActivationCode] failed: %r" % exx)
Session.rollback()
return sendError(response, unicode(exx), 0)
finally:
Session.close()
def init_1_QR_Token(
self,
activationkey=None,
tokentype="ocra",
serial=None,
user=None,
pin="pin",
message="Message",
ocrapin="",
genkey="1",
ocrasuite="OCRA-1:HOTP-SHA256-8:C-QA64",
):
"""-2- acivate ocra token"""
parameters = {}
if tokentype is not None:
parameters["type"] = tokentype
if pin is not None:
parameters["pin"] = pin
if message is not None:
parameters["message"] = message
if genkey is not None:
parameters["genkey"] = genkey
if ocrapin is not None:
parameters["ocrapin"] = ocrapin
if user is not None:
parameters["user"] = user
elif serial is not None:
parameters["serial"] = serial
if activationkey is None:
activationkey = createActivationCode("1234567890")
parameters["activationcode"] = activationkey
if ocrasuite is not None:
parameters["ocrasuite"] = ocrasuite
response = self.app.get(genUrl(controller="admin", action="init"),
params=parameters)
return (response, activationkey)
def test_enroll_ocra2(self):
""" verify userservice enrollment and activation of an ocra2 token """
auth_user = {
'login': '******',
'password': '******'}
# ------------------------------------------------------------------ --
# setup the permissions
policy = {
'name': 'T1',
'action': 'activate_OCRA2, enrollOCRA2, delete, ',
'user': '******',
'realm': '*',
'scope': 'selfservice'
}
response = self.make_system_request('setPolicy', params=policy)
assert 'false' not in response, response
# ------------------------------------------------------------------ --
# enroll the ocra2 token - first part
ocra_otp = OcraOtp()
params = {
'genkey': '1',
'description': 'self enrolled',
'type': 'ocra2',
'sharedsecret': '1',
}
response = self.make_userselfservice_request(
'enroll', params=params, auth_user=auth_user, new_auth_cookie=True)
assert "<img" in response
serial = response.json['detail']['serial']
# update state to our ocra otp object
ocra_otp.init_1(response)
# ------------------------------------------------------------------ --
# enroll the ocra2 token - second part
activationcode = createActivationCode()
params = {
'activationcode': activationcode,
'type': 'ocra2',
'genkey': '1',
'serial': serial
}
response = self.make_userselfservice_request(
'activateocratoken', params=params,
auth_user=auth_user, new_auth_cookie=True)
assert response.json['result']['status'], response.body
# update state to our ocra otp object and extract challenge and transid
(challenge, transid) = ocra_otp.init_2(response, activationcode)
# ------------------------------------------------------------------ --
# finish the roll out by using the dedicated userservice endpoint
params = {
'serial': serial,
'transactionid': transid,
'pass': ocra_otp.callcOtp(challenge),
'type': 'ocra2'
}
response = self.make_userselfservice_request(
'finishocra2token', params=params,
auth_user=auth_user, new_auth_cookie=True)
assert 'false' not in response, response
# eof
def test_enroll_ocra2(self):
"""verify userservice enrollment and activation of an ocra2 token"""
auth_user = {
"login": "******",
"password": "******",
}
# ------------------------------------------------------------------ --
# setup the permissions
policy = {
"name": "T1",
"action": "activate_OCRA2, enrollOCRA2, delete, ",
"user": "******",
"realm": "*",
"scope": "selfservice",
}
response = self.make_system_request("setPolicy", params=policy)
assert "false" not in response, response
# ------------------------------------------------------------------ --
# enroll the ocra2 token - first part
ocra_otp = OcraOtp()
params = {
"genkey": "1",
"description": "self enrolled",
"type": "ocra2",
"sharedsecret": "1",
}
response = self.make_userselfservice_request("enroll",
params=params,
auth_user=auth_user,
new_auth_cookie=True)
assert "<img" in response
serial = response.json["detail"]["serial"]
# update state to our ocra otp object
ocra_otp.init_1(response)
# ------------------------------------------------------------------ --
# enroll the ocra2 token - second part
activationcode = createActivationCode()
params = {
"activationcode": activationcode,
"type": "ocra2",
"genkey": "1",
"serial": serial,
}
response = self.make_userselfservice_request(
"activateocratoken",
params=params,
auth_user=auth_user,
new_auth_cookie=True,
)
assert response.json["result"]["status"], response.body
# update state to our ocra otp object and extract challenge and transid
(challenge, transid) = ocra_otp.init_2(response, activationcode)
# ------------------------------------------------------------------ --
# finish the roll out by using the dedicated userservice endpoint
params = {
"serial": serial,
"transactionid": transid,
"pass": ocra_otp.callcOtp(challenge),
"type": "ocra2",
}
response = self.make_userselfservice_request(
"finishocra2token",
params=params,
auth_user=auth_user,
new_auth_cookie=True,
)
assert "false" not in response, response
