def setPin(self): """ method: api/helpdesk/setPin description: This function sets the PIN of the token arguments: * serial - required * pin - optional - uses random pin instead returns: an array with the list of affected serial numbers """ res = {} try: params = self.request_params serial = params.get("serial") if not serial: raise ParameterError("Missing parameter: 'serial'") tokens = getTokens4UserOrSerial(serial=serial) result = [] for token in tokens: owner = get_token_owner(token) current_serial = token.getSerial() pin = params.get( 'pin', createRandomPin(owner, min_pin_length=6)) # as the parameter pin in the params is evaluated by # the checkPolicyPre and checkPolicyPost we need to put the # parameter pin and current_serial into the params params['pin'] = pin params['serial'] = current_serial # set pin is done by the admin/set with the parameter pin checkPolicyPre( 'admin', method='set', param=params, user=owner) token.setPin(pin) # while in the pre checks for method='set' the post checks # for 'setPin' which is used to determin if a new pin has to # be generated res = checkPolicyPost( 'admin', 'setPin', param=params, user=owner) pin = res.get('new_pin', pin) info = { 'message': ('A new pin ${Pin} has been set for your ' 'token: ${serial}'), 'Subject': 'new pin set for token ${serial}', 'Pin': pin, 'serial': current_serial, } notify_user(owner, 'setPin', info, required=True) result.append(serial) c.audit['success'] = True c.audit['info'] = result Session.commit() return sendResult(response, result) except PolicyException as pex: log.exception('[setPin] policy failed %r') Session.rollback() return sendError(response, pex, 1) except Exception as exx: log.exception('[setPin] error while setting pin') Session.rollback() return sendError(response, exx, 0) finally: Session.close()
def enroll(self): """ method: api/helpdesk/enroll description: method to enroll a token as helpdesk arguments: * type: the token type, currently only 'email' * user: the new token owner * realm: (optional) the realm the user belongs to - used to identify the user returns: success as boolean """ ret = False response_detail = {} params = self.request_params try: if 'user' not in params: raise ParameterError('missing parameter: user!') if 'type' not in params: raise ParameterError('missing parameter: type!') # --------------------------------------------------------------- -- # determine token class token_cls_alias = params.get("type") lower_alias = token_cls_alias.lower() if lower_alias not in tokenclass_registry: raise TokenAdminError('admin/init failed: unknown token ' 'type %r' % token_cls_alias, id=1610) token_cls = tokenclass_registry.get(lower_alias) # --------------------------------------------------------------- -- # call the token class hook in order to enrich/overwrite the # parameters helper_params = token_cls.get_helper_params_pre(params) params.update(helper_params) # --------------------------------------------------------------- -- # fetch user from parameters. user = getUserFromParam(params) # --------------------------------------------------------------- -- # create a new pin according to the policies if 'pin' not in params: params['pin'] = createRandomPin(user, min_pin_length=6) # --------------------------------------------------------------- -- if 'otpkey' not in params: params['genkey'] = '1' # --------------------------------------------------------------- -- # check admin authorization res = checkPolicyPre('admin', 'init', params, user=user) # --------------------------------------------------------------- -- helper_params = token_cls.get_helper_params_post(params, user=user) params.update(helper_params) # --------------------------------------------------------------- -- # create new serial th = TokenHandler() serial = th.genSerial(token_cls_alias) params['serial'] = serial log.info("[init] initialize token. user: %s, serial: %s" % (user.login, serial)) # --------------------------------------------------------------- -- # scope_extension: we are in scope helpdesk # this is eg required to notify the emailtoken to use the # email from user if none is given as param params['::scope::'] = { 'helpdesk': True, 'user': user } (ret, token) = th.initToken(params, user) # --------------------------------------------------------------- -- # different token types return different information on # initialization (e.g. otpkey, pairing_url, etc) initDetail = token.getInitDetail(params, user) response_detail.update(initDetail) # --------------------------------------------------------------- -- # prepare data for audit if token is not None and ret is True: c.audit['serial'] = token.getSerial() c.audit['token_type'] = token.type c.audit['success'] = ret c.audit['user'] = user.login c.audit['realm'] = user.realm c.audit['action_detail'] += get_token_num_info() res = checkPolicyPost('admin', 'init', params, user=user) pin = res.get('new_pin', params['pin']) message = ("A new ${tokentype} token (${serial}) " "with pin '${Pin}' " "for ${givenname} ${surname} has been enrolled.") info = { 'message': message, 'Subject': 'New %s token enrolled' % token.type, 'Pin': pin, 'tokentype': token.type } info.update(response_detail) notify_user(user, 'enrollment', info, required=True) c.audit['action_detail'] += get_token_num_info() c.audit['success'] = ret return sendResult(response, ret) except PolicyException as pex: log.exception("Policy Exception while enrolling token") Session.rollback() return sendError(response, pex, 1) except Exception as exx: log.exception("Exception while enrolling token") Session.rollback() return sendError(response, exx, 1)