def test_05_get_user_list(self):
# all users
userlist = get_user_list()
self.assertTrue(len(userlist) > 10, userlist)
# users from one realm
userlist = get_user_list({
"realm": self.realm1,
"username": "******",
"resolver": self.resolvername2
})
self.assertTrue(len(userlist) == 1, userlist)
# get the list with user
userlist = get_user_list(user=User(
login="******", resolver=self.resolvername1, realm=self.realm1))
self.assertTrue(len(userlist) > 10, userlist)
# users with email
userlist = get_user_list({
"realm": self.realm1,
"email": "*****@*****.**",
"resolver": self.resolvername2
})
self.assertTrue(len(userlist) == 0, userlist)
def merge_resolvers(source_realm, target_resolver, target_realm):
# get a user list for source_realm
user_list = get_user_list({"realm": source_realm})
# iterate through the user list
for source_user_attrs in user_list:
# create new user attributes based on the original attributes
new_user_attrs = create_new_user_attributes(source_user_attrs)
# check for an existing user with the same name in the target
# resolver if no user exists, create one in the new resolver
# and reassign existing tokens
if not get_user_list({
"resolver": target_resolver,
"username": new_user_attrs["username"]
}):
try:
create_user(target_resolver, new_user_attrs)
sys.stdout.write("Created user {0!s} in resolver {1!s}."
"\n".format(new_user_attrs["username"],
target_resolver))
except Exception as err:
sys.stderr.write("Failed to create user: {0!s}."
"\n".format(err))
continue
# create user objects to search and assign tokens
source_user_obj = User(source_user_attrs["username"],
source_realm,
resolver=source_user_attrs["resolver"])
new_user_obj = User(new_user_attrs["username"],
target_realm,
resolver=target_resolver)
# get the tokens assigned to the treated user and reassign them
# to the new user
source_token_list = get_tokens(user=source_user_obj)
for token_obj in source_token_list:
try:
# use db level to change token owner (lib functions
# unassign_token and assign_token reset failcount and pin)
TokenOwner.query.filter(
TokenOwner.token_id == token_obj.token.id).delete()
token_obj.add_user(new_user_obj)
token_obj.save()
sys.stdout.write("Assigned token {0!s} to {1!s}@{2!s}."
"\n".format(token_obj.token.serial,
new_user_attrs["username"],
target_realm))
except TokenAdminError as err:
sys.stdout.write("Failed to unassign and assign token "
"{0!s}: {1!s}.\n".format(
token_obj.token.serial, err))
continue
else:
sys.stderr.write(
"User with username {0!s} already exists in resolver "
"{1!s}.\n".format(new_user_attrs["username"], target_resolver))
def test_05_get_user_list(self):
# all users
userlist = get_user_list()
self.assertTrue(len(userlist) > 10, userlist)
# users from one realm
userlist = get_user_list({"realm": self.realm1,
"username": "******",
"resolver": self.resolvername2})
self.assertTrue(len(userlist) == 1, userlist)
# get the list with user
userlist = get_user_list(user=User(login="******",
resolver=self.resolvername1,
realm=self.realm1))
self.assertTrue(len(userlist) > 10, userlist)
def get_users(realm, include_inactive):
app = create_app(config_name="production",
config_file="/etc/privacyidea/pi.cfg",
silent=True)
with app.app_context():
realm = realm or get_default_realm()
params = {"realm": realm}
ulist = get_user_list(params)
active = None
if include_inactive:
active = True
for user in ulist:
user_obj = User(user.get("username"), realm, user.get("resolver"))
toks = get_tokens(user=user_obj, active=active)
if len(toks) == 0:
print(user.get("username"))
def do(self, action, options=None):
"""
This method executes the defined action in the given event.
:param action:
:param options: Contains the flask parameters g, request, response
and the handler_def configuration
:type options: dict
:return:
"""
ret = True
g = options.get("g")
request = options.get("request")
response = options.get("response")
content = json.loads(response.data)
handler_def = options.get("handler_def")
handler_options = handler_def.get("options", {})
notify_type = handler_options.get("To", NOTIFY_TYPE.TOKENOWNER)
try:
logged_in_user = g.logged_in_user
except Exception:
logged_in_user = {}
tokenowner = self._get_tokenowner(request)
log.debug("Executing event for action {0!s}, user {1!s},"
"logged_in_user {2!s}".format(action, tokenowner,
logged_in_user))
# Determine recipient
recipient = None
if notify_type == NOTIFY_TYPE.TOKENOWNER and not tokenowner.is_empty():
recipient = {
"givenname": tokenowner.info.get("givenname"),
"surname": tokenowner.info.get("surname"),
"username": tokenowner.login,
"userrealm": tokenowner.realm,
"email": tokenowner.info.get("email"),
"mobile": tokenowner.info.get("mobile")
}
elif notify_type == NOTIFY_TYPE.INTERNAL_ADMIN:
username = handler_options.get("To "+NOTIFY_TYPE.INTERNAL_ADMIN)
internal_admin = get_db_admin(username)
recipient = {
"givenname": username,
"email": internal_admin.email if internal_admin else ""
}
elif notify_type == NOTIFY_TYPE.ADMIN_REALM:
# Send emails to all the users in the specified admin realm
admin_realm = handler_options.get("To "+NOTIFY_TYPE.ADMIN_REALM)
ulist = get_user_list({"realm": admin_realm})
# create a list of all user-emails, if the user has an email
emails = [u.get("email") for u in ulist if u.get("email")]
recipient = {
"givenname": "admin of realm {0!s}".format(admin_realm),
"email": emails
}
elif notify_type == NOTIFY_TYPE.LOGGED_IN_USER:
# Send notification to the logged in user
if logged_in_user.get("user") and not logged_in_user.get("realm"):
# internal admins have no realm
internal_admin = get_db_admin(logged_in_user.get("user"))
if internal_admin:
recipient = {
"givenname": logged_in_user.get("user"),
"email": internal_admin.email if internal_admin else ""
}
else:
# Try to find the user in the specified realm
user_obj = User(logged_in_user.get("user"),
logged_in_user.get("realm"))
if user_obj:
recipient = {
"givenname": user_obj.info.get("givenname"),
"surname": user_obj.info.get("surname"),
"email": user_obj.info.get("email"),
"mobile": user_obj.info.get("mobile")
}
elif notify_type == NOTIFY_TYPE.EMAIL:
email = handler_options.get("To "+NOTIFY_TYPE.EMAIL, "").split(",")
recipient = {
"email": email
}
else:
log.warning("Was not able to determine the recipient for the user "
"notification: {0!s}".format(handler_def))
if recipient:
# Collect all data
body = handler_options.get("body") or DEFAULT_BODY
serial = request.all_data.get("serial") or \
content.get("detail", {}).get("serial") or \
g.audit_object.audit_data.get("serial")
registrationcode = content.get("detail", {}).get("registrationcode")
tokentype = None
if serial:
tokens = get_tokens(serial=serial)
if tokens:
tokentype = tokens[0].get_tokentype()
else:
token_objects = get_tokens(user=tokenowner)
serial = ','.join([tok.get_serial() for tok in token_objects])
body = body.format(
admin=logged_in_user.get("username"),
realm=logged_in_user.get("realm"),
action=request.path,
serial=serial,
url=request.url_root,
user=tokenowner.info.get("givenname"),
surname=tokenowner.info.get("surname"),
givenname=recipient.get("givenname"),
username=tokenowner.login,
userrealm=tokenowner.realm,
tokentype=tokentype,
registrationcode=registrationcode,
recipient_givenname=recipient.get("givenname"),
recipient_surname=recipient.get("surname")
)
# Send notification
if action.lower() == "sendmail":
emailconfig = handler_options.get("emailconfig")
useremail = recipient.get("email")
subject = handler_options.get("subject") or \
"An action was performed on your token."
try:
ret = send_email_identifier(emailconfig,
recipient=useremail,
subject=subject, body=body)
except Exception as exx:
log.error("Failed to send email: {0!s}".format(exx))
ret = False
if ret:
log.info("Sent a notification email to user {0}".format(
recipient))
else:
log.warning("Failed to send a notification email to user "
"{0}".format(recipient))
elif action.lower() == "sendsms":
smsconfig = handler_options.get("smsconfig")
userphone = recipient.get("mobile")
try:
ret = send_sms_identifier(smsconfig, userphone, body)
except Exception as exx:
log.error("Failed to send sms: {0!s}".format(exx))
ret = False
if ret:
log.info("Sent a notification sms to user {0}".format(
recipient))
else:
log.warning("Failed to send a notification email to user "
"{0}".format(recipient))
return ret
def do(self, action, options=None):
"""
This method executes the defined action in the given event.
:param action:
:param options: Contains the flask parameters g, request, response
and the handler_def configuration
:type options: dict
:return:
"""
ret = True
g = options.get("g")
request = options.get("request")
response = options.get("response")
content = self._get_response_content(response)
handler_def = options.get("handler_def")
handler_options = handler_def.get("options", {})
notify_type = handler_options.get("To", NOTIFY_TYPE.TOKENOWNER)
reply_to_type = handler_options.get("reply_to")
try:
logged_in_user = g.logged_in_user
except Exception:
logged_in_user = {}
tokenowner = self._get_tokenowner(request)
log.debug(u"Executing event for action {0!r}, user {1!r}, "
u"logged_in_user {2!r}".format(action, tokenowner,
logged_in_user))
# Determine recipient
recipient = None
reply_to = None
if reply_to_type == NOTIFY_TYPE.NO_REPLY_TO:
reply_to = ""
elif reply_to_type == NOTIFY_TYPE.TOKENOWNER and not tokenowner.is_empty(
):
reply_to = tokenowner.info.get("email")
elif reply_to_type == NOTIFY_TYPE.INTERNAL_ADMIN:
username = handler_options.get("reply_to " +
NOTIFY_TYPE.INTERNAL_ADMIN)
internal_admin = get_db_admin(username)
reply_to = internal_admin.email if internal_admin else ""
elif reply_to_type == NOTIFY_TYPE.ADMIN_REALM:
# Adds all email addresses from a specific admin realm to the reply-to-header
admin_realm = handler_options.get("reply_to " +
NOTIFY_TYPE.ADMIN_REALM)
attr = is_attribute_at_all()
ulist = get_user_list({"realm": admin_realm},
custom_attributes=attr)
# create a list of all user-emails, if the user has an email
emails = [u.get("email") for u in ulist if u.get("email")]
reply_to = ",".join(emails)
elif reply_to_type == NOTIFY_TYPE.LOGGED_IN_USER:
# Add email address from the logged in user into the reply-to header
if logged_in_user.get(
"username") and not logged_in_user.get("realm"):
# internal admins have no realm
internal_admin = get_db_admin(logged_in_user.get("username"))
if internal_admin:
reply_to = internal_admin.email if internal_admin else ""
else:
# Try to find the user in the specified realm
user_obj = User(logged_in_user.get("username"),
logged_in_user.get("realm"))
if user_obj:
reply_to = user_obj.info.get("email") if user_obj else ""
elif reply_to_type == NOTIFY_TYPE.EMAIL:
email = handler_options.get("reply_to " + NOTIFY_TYPE.EMAIL,
"").split(",")
reply_to = email[0]
else:
log.warning("Was not able to determine the email for the reply-to "
"header: {0!s}".format(handler_def))
if notify_type == NOTIFY_TYPE.TOKENOWNER and not tokenowner.is_empty():
recipient = {
"givenname": tokenowner.info.get("givenname"),
"surname": tokenowner.info.get("surname"),
"username": tokenowner.login,
"userrealm": tokenowner.realm,
"email": tokenowner.info.get("email"),
"mobile": tokenowner.info.get("mobile")
}
elif notify_type == NOTIFY_TYPE.INTERNAL_ADMIN:
username = handler_options.get("To " + NOTIFY_TYPE.INTERNAL_ADMIN)
internal_admin = get_db_admin(username)
recipient = {
"givenname": username,
"email": internal_admin.email if internal_admin else ""
}
elif notify_type == NOTIFY_TYPE.ADMIN_REALM:
# Send emails to all the users in the specified admin realm
admin_realm = handler_options.get("To " + NOTIFY_TYPE.ADMIN_REALM)
attr = is_attribute_at_all()
ulist = get_user_list({"realm": admin_realm},
custom_attributes=attr)
# create a list of all user-emails, if the user has an email
emails = [u.get("email") for u in ulist if u.get("email")]
recipient = {
"givenname": "admin of realm {0!s}".format(admin_realm),
"email": emails
}
elif notify_type == NOTIFY_TYPE.LOGGED_IN_USER:
# Send notification to the logged in user
if logged_in_user.get(
"username") and not logged_in_user.get("realm"):
# internal admins have no realm
internal_admin = get_db_admin(logged_in_user.get("username"))
if internal_admin:
recipient = {
"givenname": logged_in_user.get("username"),
"email": internal_admin.email if internal_admin else ""
}
else:
# Try to find the user in the specified realm
user_obj = User(logged_in_user.get("username"),
logged_in_user.get("realm"))
if user_obj:
recipient = {
"givenname": user_obj.info.get("givenname"),
"surname": user_obj.info.get("surname"),
"email": user_obj.info.get("email"),
"mobile": user_obj.info.get("mobile")
}
elif notify_type == NOTIFY_TYPE.EMAIL:
email = handler_options.get("To " + NOTIFY_TYPE.EMAIL,
"").split(",")
recipient = {"email": email}
else:
log.warning("Was not able to determine the recipient for the user "
"notification: {0!s}".format(handler_def))
if recipient or action.lower() == "savefile":
# In case of "savefile" we do not need a recipient
# Collect all data
body = handler_options.get("body") or DEFAULT_BODY
if body.startswith("file:"): # pragma no cover
# We read the template from the file.
filename = body[5:]
try:
with open(filename, "r", encoding="utf-8") as f:
body = f.read()
except Exception as e:
log.warning(
u"Failed to read email template from file {0!r}: {1!r}"
.format(filename, e))
log.debug(u"{0!s}".format(traceback.format_exc()))
subject = handler_options.get("subject") or \
"An action was performed on your token."
serial = request.all_data.get("serial") or \
content.get("detail", {}).get("serial") or \
g.audit_object.audit_data.get("serial")
registrationcode = content.get("detail",
{}).get("registrationcode")
pin = content.get("detail", {}).get("pin")
googleurl_value = content.get("detail", {}).get("googleurl",
{}).get("value")
googleurl_img = content.get("detail", {}).get("googleurl",
{}).get("img")
tokentype = None
if serial:
tokens = get_tokens(serial=serial)
if tokens:
tokentype = tokens[0].get_tokentype()
else:
token_objects = get_tokens(user=tokenowner)
serial = ','.join([tok.get_serial() for tok in token_objects])
tags = create_tag_dict(
logged_in_user=logged_in_user,
request=request,
client_ip=g.client_ip,
pin=pin,
googleurl_value=googleurl_value,
recipient=recipient,
tokenowner=tokenowner,
serial=serial,
tokentype=tokentype,
registrationcode=registrationcode,
escape_html=action.lower() == "sendmail"
and handler_options.get("mimetype", "").lower() == "html")
body = to_unicode(body).format(googleurl_img=googleurl_img, **tags)
subject = subject.format(**tags)
# Send notification
if action.lower() == "sendmail":
emailconfig = handler_options.get("emailconfig")
mimetype = handler_options.get("mimetype", "plain")
useremail = recipient.get("email")
attach_qrcode = handler_options.get("attach_qrcode", False)
if attach_qrcode and googleurl_img:
# get the image part of the googleurl
googleurl = urlopen(googleurl_img)
mail_body = MIMEMultipart('related')
mail_body.attach(MIMEText(body, mimetype))
mail_img = MIMEImage(googleurl.read())
mail_img.add_header('Content-ID', '<token_image>')
mail_img.add_header(
'Content-Disposition',
'inline; filename="{0!s}.png"'.format(serial))
mail_body.attach(mail_img)
body = mail_body
try:
ret = send_email_identifier(emailconfig,
recipient=useremail,
subject=subject,
body=body,
reply_to=reply_to,
mimetype=mimetype)
except Exception as exx:
log.error("Failed to send email: {0!s}".format(exx))
ret = False
if ret:
log.info("Sent a notification email to user {0}".format(
recipient))
else:
log.warning("Failed to send a notification email to user "
"{0}".format(recipient))
elif action.lower() == "savefile":
spooldir = get_app_config_value(
"PI_NOTIFICATION_HANDLER_SPOOLDIRECTORY",
"/var/lib/privacyidea/notifications/")
filename = handler_options.get("filename")
random = get_alphanum_str(16)
filename = filename.format(random=random,
**tags).lstrip(os.path.sep)
outfile = os.path.normpath(os.path.join(spooldir, filename))
if not outfile.startswith(spooldir):
log.error(
u'Cannot write outside of spooldir {0!s}!'.format(
spooldir))
else:
try:
with open(outfile, "w") as f:
f.write(body)
except Exception as err:
log.error(
u"Failed to write notification file: {0!s}".format(
err))
elif action.lower() == "sendsms":
smsconfig = handler_options.get("smsconfig")
userphone = recipient.get("mobile")
try:
ret = send_sms_identifier(smsconfig, userphone, body)
except Exception as exx:
log.error("Failed to send sms: {0!s}".format(exx))
ret = False
if ret:
log.info("Sent a notification sms to user {0}".format(
recipient))
else:
log.warning("Failed to send a notification email to user "
"{0}".format(recipient))
return ret
def do(self, action, options=None):
"""
This method executes the defined action in the given event.
:param action:
:param options: Contains the flask parameters g, request, response
and the handler_def configuration
:type options: dict
:return:
"""
ret = True
g = options.get("g")
request = options.get("request")
response = options.get("response")
content = self._get_response_content(response)
handler_def = options.get("handler_def")
handler_options = handler_def.get("options", {})
notify_type = handler_options.get("To", NOTIFY_TYPE.TOKENOWNER)
try:
logged_in_user = g.logged_in_user
except Exception:
logged_in_user = {}
tokenowner = self._get_tokenowner(request)
log.debug(u"Executing event for action {0!r}, user {1!r}, "
u"logged_in_user {2!r}".format(action, tokenowner,
logged_in_user))
# Determine recipient
recipient = None
if notify_type == NOTIFY_TYPE.TOKENOWNER and not tokenowner.is_empty():
recipient = {
"givenname": tokenowner.info.get("givenname"),
"surname": tokenowner.info.get("surname"),
"username": tokenowner.login,
"userrealm": tokenowner.realm,
"email": tokenowner.info.get("email"),
"mobile": tokenowner.info.get("mobile")
}
elif notify_type == NOTIFY_TYPE.INTERNAL_ADMIN:
username = handler_options.get("To "+NOTIFY_TYPE.INTERNAL_ADMIN)
internal_admin = get_db_admin(username)
recipient = {
"givenname": username,
"email": internal_admin.email if internal_admin else ""
}
elif notify_type == NOTIFY_TYPE.ADMIN_REALM:
# Send emails to all the users in the specified admin realm
admin_realm = handler_options.get("To "+NOTIFY_TYPE.ADMIN_REALM)
ulist = get_user_list({"realm": admin_realm})
# create a list of all user-emails, if the user has an email
emails = [u.get("email") for u in ulist if u.get("email")]
recipient = {
"givenname": "admin of realm {0!s}".format(admin_realm),
"email": emails
}
elif notify_type == NOTIFY_TYPE.LOGGED_IN_USER:
# Send notification to the logged in user
if logged_in_user.get("username") and not logged_in_user.get(
"realm"):
# internal admins have no realm
internal_admin = get_db_admin(logged_in_user.get("username"))
if internal_admin:
recipient = {
"givenname": logged_in_user.get("username"),
"email": internal_admin.email if internal_admin else ""
}
else:
# Try to find the user in the specified realm
user_obj = User(logged_in_user.get("username"),
logged_in_user.get("realm"))
if user_obj:
recipient = {
"givenname": user_obj.info.get("givenname"),
"surname": user_obj.info.get("surname"),
"email": user_obj.info.get("email"),
"mobile": user_obj.info.get("mobile")
}
elif notify_type == NOTIFY_TYPE.EMAIL:
email = handler_options.get("To "+NOTIFY_TYPE.EMAIL, "").split(",")
recipient = {
"email": email
}
else:
log.warning("Was not able to determine the recipient for the user "
"notification: {0!s}".format(handler_def))
if recipient:
# Collect all data
body = handler_options.get("body") or DEFAULT_BODY
subject = handler_options.get("subject") or \
"An action was performed on your token."
serial = request.all_data.get("serial") or \
content.get("detail", {}).get("serial") or \
g.audit_object.audit_data.get("serial")
registrationcode = content.get("detail", {}).get("registrationcode")
googleurl_value = content.get("detail", {}).get("googleurl",
{}).get("value")
googleurl_img = content.get("detail", {}).get("googleurl",
{}).get("img")
tokentype = None
if serial:
tokens = get_tokens(serial=serial)
if tokens:
tokentype = tokens[0].get_tokentype()
else:
token_objects = get_tokens(user=tokenowner)
serial = ','.join([tok.get_serial() for tok in token_objects])
time = datetime.datetime.now().strftime("%H:%M:%S")
date = datetime.datetime.now().strftime("%Y-%m-%d")
tags = dict(admin=logged_in_user.get("username"),
realm=logged_in_user.get("realm"),
action=request.path,
serial=serial,
url=request.url_root,
user=tokenowner.info.get("givenname"),
surname=tokenowner.info.get("surname"),
givenname=recipient.get("givenname"),
username=tokenowner.login,
userrealm=tokenowner.realm,
tokentype=tokentype,
registrationcode=registrationcode,
recipient_givenname=recipient.get("givenname"),
recipient_surname=recipient.get("surname"),
googleurl_value=googleurl_value,
time=time,
date=date,
client_ip=g.client_ip,
ua_browser=request.user_agent.browser,
ua_string=request.user_agent.string)
body = body.format(googleurl_img=googleurl_img,
**tags)
subject = subject.format(**tags)
# Send notification
if action.lower() == "sendmail":
emailconfig = handler_options.get("emailconfig")
mimetype = handler_options.get("mimetype", "plain")
useremail = recipient.get("email")
reply_to = handler_options.get("reply_to")
try:
ret = send_email_identifier(emailconfig,
recipient=useremail,
subject=subject, body=body,
reply_to=reply_to,
mimetype=mimetype)
except Exception as exx:
log.error("Failed to send email: {0!s}".format(exx))
ret = False
if ret:
log.info("Sent a notification email to user {0}".format(
recipient))
else:
log.warning("Failed to send a notification email to user "
"{0}".format(recipient))
elif action.lower() == "sendsms":
smsconfig = handler_options.get("smsconfig")
userphone = recipient.get("mobile")
try:
ret = send_sms_identifier(smsconfig, userphone, body)
except Exception as exx:
log.error("Failed to send sms: {0!s}".format(exx))
ret = False
if ret:
log.info("Sent a notification sms to user {0}".format(
recipient))
else:
log.warning("Failed to send a notification email to user "
"{0}".format(recipient))
return ret
def create_default_tokens(realm, auth_token=None, username=None,
userinfo_key=None, userinfo_value=None,
tokentype=None, check_existing_tokentype=None):
"""
This method creates the default tokens for the users in the given realm.
You may add a userinfo condition.
"""
# for reasons of speed in the unprivileged case, imports are placed here
from privacyidea.lib.token import init_token, get_tokens
from privacyidea.lib.user import User, get_user_list
from privacyidea.app import create_app
tokentypes = [tokentype] if tokentype else PRIMARY_TOKEN_TYPES
app = create_app(config_name="production",
config_file="/etc/privacyidea/pi.cfg",
silent=True)
with app.app_context():
# if no username is given, get all users from the specified realm
if not username:
user_list = get_user_list({"realm": realm})
user_objects = [User(user["username"], realm)
for user in user_list]
# else, get only the specified user
else:
user_objects = [User(username, realm)]
for user_obj in user_objects:
if user_obj.exist():
if check_userinfo(user_obj, userinfo_key, userinfo_value):
for type in tokentypes:
serial = None
tokens = get_tokens(user=user_obj, tokentype=check_existing_tokentype)
# if no token of the specified type exists, create one
# create sms token only if mobile number exists
if len(tokens) == 0:
if (type == "email" and not user_obj.info.get("email")) or \
(type == "sms" and not user_obj.get_user_phone(index=0,
phone_type='mobile')):
log.info("User attribute missing for user {0!s}@{1!s}."
"Cannot create {2!s} token.".format(user_obj.login,
user_obj.realm, type))
continue
else:
params = {"type": type}
params.update(ADD_PARAMS[type])
params.update({"user": user_obj.login, "realm": user_obj.realm})
if INIT_VIA_API:
# enroll token via API (triggers event handlers at token_init)
r = requests.post(URL + '/token/init', verify=VERIFY,
data=params,
headers={"Authorization": auth_token})
status = r.json().get("result").get("status")
if status is True:
serial = r.json().get("detail").get("serial")
else:
error = r.json().get("result").get("error")
log.info("Enrolling {0!s} token for user {1!s} in realm "
"{2!s} via API: {3!s}".format(type,
user_obj.login,
user_obj.realm,
error.get("message")))
else:
# enroll token via lib method (faster)
token_obj = init_token(params, user_obj)
serial = token_obj.token.serial
if serial:
log.info('Enrolled a primary {0!s} token for '
'user {1!s} in realm {2!s}'.format(type,
user_obj.login,
user_obj.realm))
else:
log.info("User {0!s} in realm {1!s} already has a {2!s} token. "
"Not creating another one.".format(user_obj.login,
user_obj.realm,
check_existing_tokentype or "**any**"))
else:
log.info('User {0!s} does not exists in any resolver in '
'realm {1!s}'.format(user_obj.login, user_obj.realm))
def migrate(config_obj):
from_app = create_app(config_name="production",
config_file=config_obj.PRIVACYIDEA_FROM,
silent=True)
to_app = create_app(config_name="production",
config_file=config_obj.PRIVACYIDEA_TO,
silent=True)
new_users = []
new_tokens = []
with from_app.app_context():
# find all the users
userlist = get_user_list(param=config_obj.MIGRATE_USER_FIND)
for user in userlist:
if re.match(config_obj.MIGRATE_USER_PATTERN, user.get("username")):
new_username = re.sub(config_obj.MIGRATE_USER_PATTERN,
config_obj.MIGRATE_USER_REPLACE,
user.get("username"))
new_user = {"username": new_username, "tokenlist": []}
for attr in config_obj.MIGRATE_ATTRIBUTES:
new_user[attr] = user.get(attr)
tokens = get_tokens(
user=User(user.get("username"),
realm=config_obj.MIGRATE_USER_FIND.get("realm")))
for token in tokens:
new_tokens.append(token_to_dict(token.token))
new_user["tokenlist"].append(token.token.serial)
new_users.append(new_user)
with to_app.app_context():
# create the new tokens
for tok in new_tokens:
if config_obj.MIGRATE_SERIAL_PATTERN:
tok["serial"] = re.sub(config_obj.MIGRATE_SERIAL_PATTERN,
config_obj.MIGRATE_SERIAL_REPLACE,
tok["serial"])
info_list = tok.get("info_list")
del (tok["info_list"])
toks = get_tokens(serial=tok.get("serial"))
if len(toks) > 0:
print("New token {0!s} aleady exists.".format(
tok.get("serial")))
else:
create_token_from_dict(tok, info_list)
# create the new users
for user in new_users:
tokenlist = user.get("tokenlist")
del (user["tokenlist"])
ul = get_user_list({
"username": user.get("username"),
"realm": config_obj.TO_REALM,
"resolver": config_obj.TO_RESOLVER
})
if not ul:
uid = create_user(config_obj.TO_RESOLVER, user)
print("Created user {0!s}".format(uid))
else:
print("User already exists!")
user_obj = User(login=user.get("username"),
realm=config_obj.TO_REALM,
resolver=config_obj.TO_RESOLVER)
# Assign token
for serial in tokenlist:
serial = re.sub(config_obj.MIGRATE_SERIAL_PATTERN,
config_obj.MIGRATE_SERIAL_REPLACE, serial)
print("Assigning token {0!s} to user {1!s}".format(
serial, user_obj))
try:
assign_token(serial, user_obj)
except Exception:
print(
"Error assigning token - probably the token is already assigned."
)
