Exemplo n.º 1
0
    def update(self, param, reset_failcount=True):
        '''
        update - process initialization parameters

        :param param: dict of initialization parameters
        :type param: dict

        :return: nothing

        '''
        log.debug("[update] begin. adjust the token class with: param %r"
                  % (param))

        # specific - phone
        phone = getParam(param, "phone", required)
        self.setPhone(phone)

        ## in case of the sms token, only the server must know the otpkey
        ## thus if none is provided, we let create one (in the TokenClass)
        if not param.has_key('genkey') and not param.has_key('otpkey'):
            param['genkey'] = 1

        HmacTokenClass.update(self, param, reset_failcount)

        log.debug("[update] end. all token parameters are set.")
        return
Exemplo n.º 2
0
    def update(self, param, reset_failcount=True):
        """
        update - process initialization parameters

        :param param: dict of initialization parameters
        :type param: dict

        :return: nothing

        """
        LOG.debug("[update] begin. adjust the token class with: param %r" %
                  param)

        # specific - e-mail
        self._email_address = getParam(param,
                                       self.EMAIL_ADDRESS_KEY,
                                       optional=False)

        ## in case of the e-mail token, only the server must know the otpkey
        ## thus if none is provided, we let create one (in the TokenClass)
        if not 'genkey' in param and not 'otpkey' in param:
            param['genkey'] = 1

        HmacTokenClass.update(self, param, reset_failcount)

        LOG.debug("[update] end. all token parameters are set.")
        return
Exemplo n.º 3
0
    def update(self, param, reset_failcount=True):
        '''
        update - process initialization parameters

        :param param: dict of initialization parameters
        :type param: dict

        :return: nothing

        '''
        log.debug("[update] begin. adjust the token class with: param %r" %
                  (param))

        # specific - phone
        phone = getParam(param, "phone", required)
        self.setPhone(phone)

        # # in case of the sms token, only the server must know the otpkey
        # # thus if none is provided, we let create one (in the TokenClass)
        if not param.has_key('genkey') and not param.has_key('otpkey'):
            param['genkey'] = 1

        HmacTokenClass.update(self, param, reset_failcount)

        log.debug("[update] end. all token parameters are set.")
        return
Exemplo n.º 4
0
    def update(self, param, reset_failcount=True):
        """
        update - process initialization parameters

        :param param: dict of initialization parameters
        :type param: dict

        :return: nothing

        """
        LOG.debug("[update] begin. adjust the token class with: param %r" % param)

        # specific - e-mail
        self._email_address = param[self.EMAIL_ADDRESS_KEY]
        # in scope selfservice - check if edit_email is allowed
        # if not allowed to edit, check if the email is the same
        # as from the user data
        if param.get('::scope::', {}).get('selfservice', False):
            user = param['::scope::']['user']
            if not is_email_editable(user):
                u_info = getUserDetail(user)
                u_email = u_info.get('email', None)
                if u_email.strip() != self._email_address.strip():
                    raise Exception(_('User is not allowed to set email address'))

        ## in case of the e-mail token, only the server must know the otpkey
        ## thus if none is provided, we let create one (in the TokenClass)
        if not 'genkey' in param and not 'otpkey' in param:
            param['genkey'] = 1

        HmacTokenClass.update(self, param, reset_failcount)

        LOG.debug("[update] end. all token parameters are set.")
        return
Exemplo n.º 5
0
    def __init__(self, aToken):
        HmacTokenClass.__init__(self, aToken)
        self.setType(u"sms")
        self.hKeyRequired = False

        # we support various hashlib methods, but only on create
        # which is effectively set in the update
        self.hashlibStr = getFromConfig("hotp.hashlib", "sha1")
        self.mode = ['challenge']
Exemplo n.º 6
0
    def __init__(self, aToken, context=None):
        HmacTokenClass.__init__(self, aToken, context=context)
        self.setType(u"email")
        self.hKeyRequired = False

        # we support various hashlib methods, but only on create
        # which is effectively set in the update
        self.hashlibStr = self.context['Config'].get("hotp.hashlib", "sha1")
        self.mode = ['challenge']
Exemplo n.º 7
0
    def __init__(self, aToken):
        HmacTokenClass.__init__(self, aToken)
        self.setType(u"email")
        self.hKeyRequired = False

        # we support various hashlib methods, but only on create
        # which is effectively set in the update
        self.hashlibStr = getFromConfig("hotp.hashlib", "sha1")
        self.mode = ['challenge']
Exemplo n.º 8
0
    def update(self, param, reset_failcount=True):
        '''
        update - process initialization parameters

        :param param: dict of initialization parameters
        :type param: dict

        :return: nothing

        '''
        _ = context['translate']

        log.debug("[update] begin. adjust the token class with: param %r" %
                  (param))

        # specific - phone
        phone = getParam(param, "phone", required)

        # in scope selfservice - check if edit_sms is allowed
        # if not allowed to edit, check if the phone is the same
        # as from the user data
        if param.get('::scope::', {}).get('selfservice', False):
            user = param['::scope::']['user']
            if not is_phone_editable(user):
                u_info = getUserDetail(user)
                u_phone = u_info.get('mobile', u_info.get('phone', None))
                if u_phone != phone:
                    raise Exception(
                        _('User is not allowed to '
                          'set phone number'))

        self.setPhone(phone)

        # in case of the sms token, only the server must know the otpkey
        # thus if none is provided, we let create one (in the TokenClass)
        if 'genkey' not in param and 'otpkey' not in param:
            param['genkey'] = 1

        HmacTokenClass.update(self, param, reset_failcount)

        log.debug("[update] end. all token parameters are set.")
        return
Exemplo n.º 9
0
    def checkOtp(self, anOtpVal, counter, window, options=None):
        '''
        checkOtp - check the otpval of a token against a given counter
        in the + window range

        :param passw: the to be verified passw/pin
        :type passw: string

        :return: counter if found, -1 if not found
        :rtype: int
        '''

        log.debug("[checkOtp] begin. start to verify the otp value: anOtpVal:"
                  " %r, counter: %r, window: %r, options: %r "
                  % (anOtpVal, counter, window, options))

        if not options:
            options = {}

        ret = HmacTokenClass.checkOtp(self, anOtpVal, counter, window)
        if ret != -1:
            if self.isValid() == False:
                ret = -1

        if ret >= 0:
            if get_auth_AutoSMSPolicy():
                user = None
                message = "<otp>"
                realms = self.getRealms()
                if realms:
                    _sms_ret, message = get_auth_smstext(realm=realms[0])

                if 'user' in options:
                    user = options.get('user', None)
                    if user:
                        _sms_ret, message = get_auth_smstext(realm=user.realm)
                realms = self.getRealms()

                if 'data' in options or 'message' in options:
                    message = options.get('data',
                                          options.get('message', '<otp>'))

                try:
                    _success, message = self.sendSMS(message=message)
                except Exception as exx:
                    log.exception(exx)
                finally:
                    self.incOtpCounter(ret, reset=False)
        if ret >= 0:
            msg = "otp verification was successful!"
        else:
            msg = "otp verification failed!"
        log.debug("[checkOtp] end. %s ret: %r" % (msg, ret))
        return ret
Exemplo n.º 10
0
    def checkOtp(self, anOtpVal, counter, window, options=None):
        '''
        checkOtp - check the otpval of a token against a given counter
        in the + window range

        :param passw: the to be verified passw/pin
        :type passw: string

        :return: counter if found, -1 if not found
        :rtype: int
        '''

        log.debug("[checkOtp] begin. start to verify the otp value: anOtpVal:"
                  " %r, counter: %r, window: %r, options: %r " %
                  (anOtpVal, counter, window, options))

        if not options:
            options = {}

        ret = HmacTokenClass.checkOtp(self, anOtpVal, counter, window)
        if ret != -1:
            if self.isValid() is False:
                ret = -1

        if ret >= 0:
            if get_auth_AutoSMSPolicy():
                user = None
                message = "<otp>"
                realms = self.getRealms()
                if realms:
                    _sms_ret, message = get_auth_smstext(realm=realms[0])

                if 'user' in options:
                    user = options.get('user', None)
                    if user:
                        _sms_ret, message = get_auth_smstext(realm=user.realm)
                realms = self.getRealms()

                if 'data' in options or 'message' in options:
                    message = options.get('data',
                                          options.get('message', '<otp>'))

                try:
                    _success, message = self.sendSMS(message=message)
                except Exception as exx:
                    log.exception(exx)
                finally:
                    self.incOtpCounter(ret, reset=False)
        if ret >= 0:
            msg = "otp verification was successful!"
        else:
            msg = "otp verification failed!"
        log.debug("[checkOtp] end. %s ret: %r" % (msg, ret))
        return ret
Exemplo n.º 11
0
    def update(self, param, reset_failcount=True):
        '''
        update - process initialization parameters

        :param param: dict of initialization parameters
        :type param: dict

        :return: nothing

        '''
        _ = context['translate']

        log.debug("[update] begin. adjust the token class with: param %r"
                  % (param))

        # specific - phone
        phone = getParam(param, "phone", required)

        # in scope selfservice - check if edit_sms is allowed
        # if not allowed to edit, check if the phone is the same
        # as from the user data
        if param.get('::scope::', {}).get('selfservice', False):
            user = param['::scope::']['user']
            if not is_phone_editable(user):
                u_info = getUserDetail(user)
                u_phone = u_info.get('mobile', u_info.get('phone', None))
                if u_phone != phone:
                    raise Exception(_('User is not allowed to '
                                      'set phone number'))

        self.setPhone(phone)

        # in case of the sms token, only the server must know the otpkey
        # thus if none is provided, we let create one (in the TokenClass)
        if 'genkey' not in param and 'otpkey' not in param:
            param['genkey'] = 1

        HmacTokenClass.update(self, param, reset_failcount)

        log.debug("[update] end. all token parameters are set.")
        return
Exemplo n.º 12
0
    def update(self, param, reset_failcount=True):
        """
        update - process initialization parameters

        :param param: dict of initialization parameters
        :type param: dict

        :return: nothing

        """
        LOG.debug("[update] begin. adjust the token class with: param %r" %
                  param)

        _ = context['translate']

        # specific - e-mail
        self._email_address = param[self.EMAIL_ADDRESS_KEY]
        # in scope selfservice - check if edit_email is allowed
        # if not allowed to edit, check if the email is the same
        # as from the user data
        if param.get('::scope::', {}).get('selfservice', False):
            user = param['::scope::']['user']
            if not is_email_editable(user):
                u_info = getUserDetail(user)
                u_email = u_info.get('email', None)
                if u_email.strip() != self._email_address.strip():
                    raise Exception(
                        _('User is not allowed to set '
                          'email address'))

        ## in case of the e-mail token, only the server must know the otpkey
        ## thus if none is provided, we let create one (in the TokenClass)
        if not 'genkey' in param and not 'otpkey' in param:
            param['genkey'] = 1

        HmacTokenClass.update(self, param, reset_failcount)

        LOG.debug("[update] end. all token parameters are set.")
        return
Exemplo n.º 13
0
    def update(self, param, reset_failcount=True):
        """
        update - process initialization parameters

        :param param: dict of initialization parameters
        :type param: dict

        :return: nothing

        """
        log.debug("[update] begin. adjust the token class with: param %r" % (param))

        # specific - phone
        phone = getParam(param, "phone", required)

        # in scope selfservice - check if edit_sms is allowed
        # if not allowed to edit, check if the phone is the same
        # as from the user data
        if param.get("::scope::", {}).get("selfservice", False):
            user = param["::scope::"]["user"]
            if not is_phone_editable(user):
                u_info = getUserDetail(user)
                u_phone = u_info.get("mobile", u_info.get("phone", None))
                if u_phone != phone:
                    raise Exception(_("User is not allowed to " "set phone number"))

        self.setPhone(phone)

        # in case of the sms token, only the server must know the otpkey
        # thus if none is provided, we let create one (in the TokenClass)
        if "genkey" not in param and "otpkey" not in param:
            param["genkey"] = 1

        HmacTokenClass.update(self, param, reset_failcount)

        log.debug("[update] end. all token parameters are set.")
        return
Exemplo n.º 14
0
    def update(self, param, reset_failcount=True):
        """
        update - process initialization parameters

        :param param: dict of initialization parameters
        :type param: dict

        :return: nothing

        """
        LOG.debug("[update] begin. adjust the token class with: param %r" % param)

        # specific - e-mail
        self._email_address = getParam(param, self.EMAIL_ADDRESS_KEY, optional=False)

        ## in case of the e-mail token, only the server must know the otpkey
        ## thus if none is provided, we let create one (in the TokenClass)
        if not 'genkey' in param and not 'otpkey' in param:
            param['genkey'] = 1

        HmacTokenClass.update(self, param, reset_failcount)

        LOG.debug("[update] end. all token parameters are set.")
        return
Exemplo n.º 15
0
    def checkOtp(self, anOtpVal, counter, window, options=None):
        '''
        checkOtp - check the otpval of a token against a given counter
        in the + window range

        :param passw: the to be verified passw/pin
        :type passw: string

        :return: counter if found, -1 if not found
        :rtype: int
        '''

        log.debug(
            "[checkOtp] begin. start to verify the otp value: anOtpVal:" +
            " %r, counter: %r, window: %r, options: %r " %
            (anOtpVal, counter, window, options))

        ret = HmacTokenClass.checkOtp(self, anOtpVal, counter, window)
        if ret != -1:
            if self.isValid() == False:
                ret = -1

        if ret >= 0:
            if get_auth_AutoSMSPolicy():
                user = None
                message = "<otp>"
                if options is not None and type(options) == dict:
                    user = options.get('user', None)
                    if user:
                        sms_ret, message = get_auth_smstext(realm=user.realm)
                self.incOtpCounter(ret, reset=False)
                success, message = self.sendSMS(message=message)

        if ret >= 0:
            msg = "otp verification was successful!"
        else:
            msg = "otp verification failed!"
        log.debug("[checkOtp] end. %s ret: %r" % (msg, ret))
        return ret
Exemplo n.º 16
0
    def checkOtp(self, anOtpVal, counter, window, options=None):
        """
        checkOtp - check the otpval of a token against a given counter
        in the + window range

        :param passw: the to be verified passw/pin
        :type passw: string

        :return: counter if found, -1 if not found
        :rtype: int
        """

        log.debug(
            "[checkOtp] begin. start to verify the otp value: anOtpVal:"
            + " %r, counter: %r, window: %r, options: %r " % (anOtpVal, counter, window, options)
        )

        ret = HmacTokenClass.checkOtp(self, anOtpVal, counter, window)
        if ret != -1:
            if self.isValid() == False:
                ret = -1

        if ret >= 0:
            if get_auth_AutoSMSPolicy():
                user = None
                message = "<otp>"
                if options is not None and type(options) == dict:
                    user = options.get("user", None)
                    if user:
                        sms_ret, message = get_auth_smstext(realm=user.realm)
                self.incOtpCounter(ret, reset=False)
                success, message = self.sendSMS(message=message)

        if ret >= 0:
            msg = "otp verification was successful!"
        else:
            msg = "otp verification failed!"
        log.debug("[checkOtp] end. %s ret: %r" % (msg, ret))
        return ret
Exemplo n.º 17
0
    def update(self, param):
        '''
        update - process the initialization parameters

        :param param: dict of initialization parameters
        :type param: dict

        :return: nothing
        '''
        log.debug("[update] begin. Process the initialization parameters: param %r" % (param))

        ## check for the required parameters
        val = getParam(param, "hashlib", optional)
        if val is not None:
            self.hashlibStr = val
        else:
            self.hashlibStr = 'sha1'

        otpKey = ''

        if (self.hKeyRequired == True):
            genkey = int(getParam(param, "genkey", optional) or 0)
            if 1 == genkey:
                # if hashlibStr not in keylen dict, this will raise an Exception
                otpKey = generate_otpkey(keylen.get(self.hashlibStr))
                del param['genkey']
            else:
                # genkey not set: check otpkey is given
                # this will raise an exception if otpkey is not present
                otpKey = getParam(param, "otpkey", required)

        # finally set the values for the update
        param['otpkey'] = otpKey
        param['hashlib'] = self.hashlibStr

        val = getParam(param, "otplen", optional)
        if val is not None:
            self.setOtpLen(int(val))
        else:
            self.setOtpLen(getFromConfig("DefaultOtpLen"))

        val = getParam(param, "timeStep", optional)
        if val is not None:
            self.timeStep = val

        val = getParam(param, "timeWindow", optional)
        if val is not None:
            self.timeWindow = val

        val = getParam(param, "timeShift", optional)
        if val is not None:
            self.timeShift = val


        HmacTokenClass.update(self, param)

        self.addToTokenInfo("timeWindow", self.timeWindow)
        self.addToTokenInfo("timeShift", self.timeShift)
        self.addToTokenInfo("timeStep", self.timeStep)
        self.addToTokenInfo("hashlib", self.hashlibStr)

        log.debug("[update]  end. Processing the initialization parameters done.")
        return