Exemplo n.º 1
0
    def test_03_is_password_reset(self):
        # create resolver and realm
        param = self.parameters
        param["resolver"] = "register"
        param["type"] = "sqlresolver"
        r = save_resolver(param)
        self. assertTrue(r > 0)

        added, failed = set_realm("register", resolvers=["register"])
        self.assertTrue(added > 0)
        self.assertEqual(len(failed), 0)

        # No user policy at all
        r = is_password_reset()
        self.assertEqual(r, True)

        # create policy
        set_policy(name="pwrest", scope=SCOPE.USER, action=ACTION.PASSWORDRESET)
        r = is_password_reset()
        self.assertEqual(r, True)

        # create policy that does not allow password_reset
        set_policy(name="pwrest", scope=SCOPE.USER, action=ACTION.DELETE)
        r = is_password_reset()
        self.assertEqual(r, False)
Exemplo n.º 2
0
def single_page_application():
    instance = request.script_root
    if instance == "/":
        instance = ""
    # The backend URL should come from the configuration of the system.
    backend_url = ""

    # The default theme. We can change this later
    theme = current_app.config.get("PI_CSS", DEFAULT_THEME)

    browser_lang = request.accept_languages.best_match(["en", "de"])
    # check if login with REMOTE_USER is allowed.
    remote_user = ""
    password_reset = False
    try:
        if is_remote_user_allowed(request):
            remote_user = request.remote_user
        password_reset = is_password_reset()
        hsm_ready = True
    except HSMException:
        hsm_ready = False

    return render_template("index.html", instance=instance,
                           backendUrl=backend_url,
                           browser_lang=browser_lang,
                           remote_user=remote_user,
                           theme=theme,
                           password_reset=password_reset,
                           hsm_ready=hsm_ready)
Exemplo n.º 3
0
def single_page_application():
    instance = request.script_root
    if instance == "/":
        instance = ""
    # The backend URL should come from the configuration of the system.
    backend_url = ""

    # The default theme. We can change this later
    theme = current_app.config.get("PI_CSS", DEFAULT_THEME)

    browser_lang = request.accept_languages.best_match(["en", "de"])
    # check if login with REMOTE_USER is allowed.
    remote_user = ""
    password_reset = False
    try:
        if is_remote_user_allowed(request):
            remote_user = request.remote_user
        password_reset = is_password_reset()
        hsm_ready = True
    except HSMException:
        hsm_ready = False

    return render_template("index.html",
                           instance=instance,
                           backendUrl=backend_url,
                           browser_lang=browser_lang,
                           remote_user=remote_user,
                           theme=theme,
                           password_reset=password_reset,
                           hsm_ready=hsm_ready)
Exemplo n.º 4
0
def single_page_application():
    instance = request.script_root
    if instance == "/":
        instance = ""
    # The backend URL should come from the configuration of the system.
    backend_url = ""

    # The default theme. We can change this later
    theme = current_app.config.get("PI_CSS", DEFAULT_THEME)
    # Get further customizations
    customization = current_app.config.get("PI_CUSTOMIZATION",
                                           "/static/customize/")
    customization = customization.strip('/')
    # TODO: we should add the CSS into PI_CUSTOMZATION/css
    # Enrollment-Wizard:
    #    PI_CUSTOMIZATION/views/includes/token.enroll.pre.top.html
    #    PI_CUSTOMIZATION/views/includes/token.enroll.pre.bottom.html
    #    PI_CUSTOMIZATION/views/includes/token.enroll.post.top.html
    #    PI_CUSTOMIZATION/views/includes/token.enroll.post.bottom.html
    browser_lang = request.accept_languages.best_match(["en", "de"])
    # check if login with REMOTE_USER is allowed.
    remote_user = ""
    password_reset = False
    if not hasattr(request, "all_data"):
        request.all_data = {}
    # Depending on displaying the realm dropdown, we fill realms or not.
    policy_object = PolicyClass()
    realms = ""
    client_ip = request.access_route[0] if request.access_route else \
        request.remote_addr
    realm_dropdown = policy_object.get_policies(action=ACTION.REALMDROPDOWN,
                                                scope=SCOPE.WEBUI,
                                                client=client_ip)
    if realm_dropdown:
        realms = ",".join(get_realms().keys())

    try:
        if is_remote_user_allowed(request):
            remote_user = request.remote_user
        password_reset = is_password_reset()
        hsm_ready = True
    except HSMException:
        hsm_ready = False

    return render_template("index.html",
                           instance=instance,
                           backendUrl=backend_url,
                           browser_lang=browser_lang,
                           remote_user=remote_user,
                           theme=theme,
                           password_reset=password_reset,
                           hsm_ready=hsm_ready,
                           customization=customization,
                           realms=realms)
Exemplo n.º 5
0
def single_page_application():
    instance = request.script_root
    if instance == "/":
        instance = ""
    # The backend URL should come from the configuration of the system.
    backend_url = ""

    # The default theme. We can change this later
    theme = current_app.config.get("PI_CSS", DEFAULT_THEME)
    # Get further customizations
    customization = current_app.config.get("PI_CUSTOMIZATION",
                                           "/static/customize/")
    customization = customization.strip('/')
    # TODO: we should add the CSS into PI_CUSTOMZATION/css
    # Enrollment-Wizard:
    #    PI_CUSTOMIZATION/views/includes/token.enroll.pre.top.html
    #    PI_CUSTOMIZATION/views/includes/token.enroll.pre.bottom.html
    #    PI_CUSTOMIZATION/views/includes/token.enroll.post.top.html
    #    PI_CUSTOMIZATION/views/includes/token.enroll.post.bottom.html
    browser_lang = request.accept_languages.best_match(["en", "de"])
    # check if login with REMOTE_USER is allowed.
    remote_user = ""
    password_reset = False
    # Depending on displaying the realm dropdown, we fill realms or not.
    policy_object = PolicyClass()
    realms = ""
    client_ip = request.access_route[0] if request.access_route else \
        request.remote_addr
    realm_dropdown = policy_object.get_policies(action=ACTION.REALMDROPDOWN,
                                                scope=SCOPE.WEBUI,
                                                client=client_ip)
    if realm_dropdown:
        realms = ",".join(get_realms().keys())

    try:
        if is_remote_user_allowed(request):
            remote_user = request.remote_user
        password_reset = is_password_reset()
        hsm_ready = True
    except HSMException:
        hsm_ready = False

    return render_template("index.html", instance=instance,
                           backendUrl=backend_url,
                           browser_lang=browser_lang,
                           remote_user=remote_user,
                           theme=theme,
                           password_reset=password_reset,
                           hsm_ready=hsm_ready,
                           customization=customization,
                           realms=realms)
Exemplo n.º 6
0
def single_page_application():
    instance = request.script_root
    if instance == "/":
        instance = ""
    # The backend URL should come from the configuration of the system.
    backend_url = ""

    # The default theme. We can change this later
    theme = current_app.config.get("PI_CSS", DEFAULT_THEME)
    # Get further customizations
    customization = current_app.config.get("PI_CUSTOMIZATION",
                                           "/static/customize/")
    customization = customization.strip('/')
    # TODO: we should add the CSS into PI_CUSTOMZATION/css
    # Enrollment-Wizard:
    #    PI_CUSTOMIZATION/views/includes/token.enroll.pre.top.html
    #    PI_CUSTOMIZATION/views/includes/token.enroll.pre.bottom.html
    #    PI_CUSTOMIZATION/views/includes/token.enroll.post.top.html
    #    PI_CUSTOMIZATION/views/includes/token.enroll.post.bottom.html
    browser_lang = request.accept_languages.best_match(["en", "de"])
    # check if login with REMOTE_USER is allowed.
    remote_user = ""
    password_reset = False
    try:
        if is_remote_user_allowed(request):
            remote_user = request.remote_user
        password_reset = is_password_reset()
        hsm_ready = True
    except HSMException:
        hsm_ready = False

    return render_template("index.html", instance=instance,
                           backendUrl=backend_url,
                           browser_lang=browser_lang,
                           remote_user=remote_user,
                           theme=theme,
                           password_reset=password_reset,
                           hsm_ready=hsm_ready,
                           customization=customization)
Exemplo n.º 7
0
def single_page_application():
    instance = request.script_root
    if instance == "/":
        instance = ""
    # The backend URL should come from the configuration of the system.
    backend_url = ""

    if current_app.config.get("PI_UI_DEACTIVATED"):
        # Do not provide the UI
        return render_template("deactivated.html")

    # The default theme. We can change this later
    theme = current_app.config.get("PI_CSS", DEFAULT_THEME)
    # Get further customizations
    customization = current_app.config.get("PI_CUSTOMIZATION",
                                           "/static/customize/")
    customization = customization.strip('/')
    # TODO: we should add the CSS into PI_CUSTOMZATION/css
    # Enrollment-Wizard:
    #    PI_CUSTOMIZATION/views/includes/token.enroll.pre.top.html
    #    PI_CUSTOMIZATION/views/includes/token.enroll.pre.bottom.html
    #    PI_CUSTOMIZATION/views/includes/token.enroll.post.top.html
    #    PI_CUSTOMIZATION/views/includes/token.enroll.post.bottom.html
    # Get the hidden external links
    external_links = current_app.config.get("PI_EXTERNAL_LINKS", True)
    # Get the logo file
    logo = current_app.config.get("PI_LOGO", "privacyIDEA1.png")
    browser_lang = request.accept_languages.best_match(
        ["en", "de", "de-DE"], default="en").split("-")[0]
    # The page title can be configured in pi.cfg
    page_title = current_app.config.get("PI_PAGE_TITLE",
                                        "privacyIDEA Authentication System")
    # check if login with REMOTE_USER is allowed.
    remote_user = ""
    password_reset = False
    if not hasattr(request, "all_data"):
        request.all_data = {}
    # Depending on displaying the realm dropdown, we fill realms or not.
    policy_object = PolicyClass()
    realms = ""
    client_ip = get_client_ip(request, get_from_config(SYSCONF.OVERRIDECLIENT))
    realm_dropdown = policy_object.get_policies(action=ACTION.REALMDROPDOWN,
                                                scope=SCOPE.WEBUI,
                                                client=client_ip,
                                                active=True)
    if realm_dropdown:
        try:
            realm_dropdown_values = policy_object.get_action_values(
                action=ACTION.REALMDROPDOWN,
                scope=SCOPE.WEBUI,
                client=client_ip)
            # Use the realms from the policy.
            realms = ",".join(realm_dropdown_values)
        except AttributeError as ex:
            # The policy is still a boolean realm_dropdown action
            # Thus we display ALL realms
            realms = ",".join(get_realms())

    try:
        if is_remote_user_allowed(request):
            remote_user = request.remote_user
        password_reset = is_password_reset()
        hsm_ready = True
    except HSMException:
        hsm_ready = False

    # Use policies to determine the customization of menu
    # and baseline. get_action_values returns an array!
    sub_state = subscription_status()
    customization_menu_file = policy_object.get_action_values(
        allow_white_space_in_action=True,
        action=ACTION.CUSTOM_MENU,
        scope=SCOPE.WEBUI,
        client=client_ip,
        unique=True)
    if len(customization_menu_file) and list(customization_menu_file)[0] \
            and sub_state not in [1, 2]:
        customization_menu_file = list(customization_menu_file)[0]
    else:
        customization_menu_file = "templates/menu.html"
    customization_baseline_file = policy_object.get_action_values(
        allow_white_space_in_action=True,
        action=ACTION.CUSTOM_BASELINE,
        scope=SCOPE.WEBUI,
        client=client_ip,
        unique=True)
    if len(customization_baseline_file) and list(customization_baseline_file)[0] \
            and sub_state not in [1, 2]:
        customization_baseline_file = list(customization_baseline_file)[0]
    else:
        customization_baseline_file = "templates/baseline.html"

    login_text = policy_object.get_action_values(
        allow_white_space_in_action=True,
        action=ACTION.LOGIN_TEXT,
        scope=SCOPE.WEBUI,
        client=client_ip,
        unique=True)
    if len(login_text) and list(login_text)[0] and sub_state not in [1, 2]:
        login_text = list(login_text)[0]
    else:
        login_text = ""

    return render_template(
        "index.html",
        instance=instance,
        backendUrl=backend_url,
        browser_lang=browser_lang,
        remote_user=remote_user,
        theme=theme,
        password_reset=password_reset,
        hsm_ready=hsm_ready,
        has_job_queue=str(has_job_queue()),
        customization=customization,
        customization_menu_file=customization_menu_file,
        customization_baseline_file=customization_baseline_file,
        realms=realms,
        external_links=external_links,
        login_text=login_text,
        logo=logo,
        page_title=page_title)
Exemplo n.º 8
0
def single_page_application():
    instance = request.script_root
    if instance == "/":
        instance = ""
    # The backend URL should come from the configuration of the system.
    backend_url = ""

    if current_app.config.get("PI_UI_DEACTIVATED"):
        # Do not provide the UI
        return render_template("deactivated.html")

    # The default theme. We can change this later
    theme = current_app.config.get("PI_CSS", DEFAULT_THEME)
    # Get further customizations
    customization = current_app.config.get("PI_CUSTOMIZATION",
                                           "/static/customize/")
    customization = customization.strip('/')
    # TODO: we should add the CSS into PI_CUSTOMZATION/css
    # Enrollment-Wizard:
    #    PI_CUSTOMIZATION/views/includes/token.enroll.pre.top.html
    #    PI_CUSTOMIZATION/views/includes/token.enroll.pre.bottom.html
    #    PI_CUSTOMIZATION/views/includes/token.enroll.post.top.html
    #    PI_CUSTOMIZATION/views/includes/token.enroll.post.bottom.html
    # Get the hidden external links
    external_links = current_app.config.get("PI_EXTERNAL_LINKS", True)
    # Get the logo file
    logo = current_app.config.get("PI_LOGO", "privacyIDEA1.png")
    browser_lang = request.accept_languages.best_match(["en", "de"])
    # check if login with REMOTE_USER is allowed.
    remote_user = ""
    password_reset = False
    if not hasattr(request, "all_data"):
        request.all_data = {}
    # Depending on displaying the realm dropdown, we fill realms or not.
    policy_object = PolicyClass()
    realms = ""
    client_ip = request.access_route[0] if request.access_route else \
        request.remote_addr
    realm_dropdown = policy_object.get_policies(action=ACTION.REALMDROPDOWN,
                                                scope=SCOPE.WEBUI,
                                                client=client_ip,
                                                active=True)
    if realm_dropdown:
        try:
            realm_dropdown_values = policy_object.get_action_values(
                action=ACTION.REALMDROPDOWN,
                scope=SCOPE.WEBUI,
                client=client_ip)
            # Use the realms from the policy.
            realms = ",".join(realm_dropdown_values)
        except AttributeError as ex:
            # The policy is still a boolean realm_dropdown action
            # Thus we display ALL realms
            realms = ",".join(get_realms().keys())
        if realms:
            realms = "," + realms

    try:
        if is_remote_user_allowed(request):
            remote_user = request.remote_user
        password_reset = is_password_reset()
        hsm_ready = True
    except HSMException:
        hsm_ready = False

    # Use policies to determine the customization of menu
    # and baseline. get_action_values returns an array!
    sub_state  = subscription_status()
    customization_menu_file = policy_object.get_action_values(
        allow_white_space_in_action=True,
        action=ACTION.CUSTOM_MENU,
        scope=SCOPE.WEBUI,
        client=client_ip, unique=True)
    if len(customization_menu_file) and customization_menu_file[0] \
            and sub_state not in [1, 2]:
        customization_menu_file = customization_menu_file[0]
    else:
        customization_menu_file = "templates/menu.html"
    customization_baseline_file = policy_object.get_action_values(
        allow_white_space_in_action=True,
        action=ACTION.CUSTOM_BASELINE,
        scope=SCOPE.WEBUI,
        client=client_ip, unique=True)
    if len(customization_baseline_file) and customization_baseline_file[0] \
            and sub_state not in [1, 2]:
        customization_baseline_file = customization_baseline_file[0]
    else:
        customization_baseline_file = "templates/baseline.html"

    return render_template("index.html", instance=instance,
                           backendUrl=backend_url,
                           browser_lang=browser_lang,
                           remote_user=remote_user,
                           theme=theme,
                           password_reset=password_reset,
                           hsm_ready=hsm_ready,
                           customization=customization,
                           customization_menu_file=customization_menu_file,
                           customization_baseline_file=customization_baseline_file,
                           realms=realms,
                           external_links=external_links,
                           logo=logo)
Exemplo n.º 9
0
def single_page_application():
    instance = request.script_root
    if instance == "/":
        instance = ""
    # The backend URL should come from the configuration of the system.
    backend_url = ""

    if current_app.config.get("PI_UI_DEACTIVATED"):
        # Do not provide the UI
        return send_html(render_template("deactivated.html"))

    # The default theme. We can change this later
    theme = current_app.config.get("PI_CSS", DEFAULT_THEME)
    theme = theme.strip('/')
    # Get further customizations
    customization = current_app.config.get("PI_CUSTOMIZATION",
                                           "/static/customize/")
    customization = customization.strip('/')
    custom_css = customization + "/css/custom.css" if current_app.config.get("PI_CUSTOM_CSS") else ""
    # Enrollment-Wizard:
    #    PI_CUSTOMIZATION/views/includes/token.enroll.pre.top.html
    #    PI_CUSTOMIZATION/views/includes/token.enroll.pre.bottom.html
    #    PI_CUSTOMIZATION/views/includes/token.enroll.post.top.html
    #    PI_CUSTOMIZATION/views/includes/token.enroll.post.bottom.html
    # Get the hidden external links
    external_links = current_app.config.get("PI_EXTERNAL_LINKS", True)
    # Read the UI translation warning
    translation_warning = current_app.config.get("PI_TRANSLATION_WARNING", False)
    # Get the logo file
    logo = current_app.config.get("PI_LOGO", "privacyIDEA1.png")
    browser_lang = request.accept_languages.best_match(["en", "de", "de-DE", "nl"], default="en").split("-")[0]
    # The page title can be configured in pi.cfg
    page_title = current_app.config.get("PI_PAGE_TITLE", "privacyIDEA Authentication System")
    # check if login with REMOTE_USER is allowed.
    remote_user = ""
    password_reset = False
    if not hasattr(request, "all_data"):
        request.all_data = {}
    # Depending on displaying the realm dropdown, we fill realms or not.
    realms = ""
    realm_dropdown = Match.action_only(g, scope=SCOPE.WEBUI, action=ACTION.REALMDROPDOWN)\
        .policies(write_to_audit_log=False)
    if realm_dropdown:
        try:
            realm_dropdown_values = Match.action_only(g, scope=SCOPE.WEBUI, action=ACTION.REALMDROPDOWN) \
                .action_values(unique=False, write_to_audit_log=False)
            # Use the realms from the policy.
            realms = ",".join(realm_dropdown_values)
        except AttributeError as _e:
            # The policy is still a boolean realm_dropdown action
            # Thus we display ALL realms
            realms = ",".join(get_realms())

    try:
        if is_remote_user_allowed(request):
            remote_user = request.remote_user
        password_reset = is_password_reset(g)
        hsm_ready = True
    except HSMException:
        hsm_ready = False

    # Use policies to determine the customization of menu
    # and baseline. get_action_values returns an array!
    sub_state = subscription_status()
    customization_menu_file = Match.action_only(g, action=ACTION.CUSTOM_MENU,
                                                scope=SCOPE.WEBUI)\
        .action_values(unique=True, allow_white_space_in_action=True, write_to_audit_log=False)
    if len(customization_menu_file) and list(customization_menu_file)[0] \
            and sub_state not in [1, 2]:
        customization_menu_file = list(customization_menu_file)[0]
    else:
        customization_menu_file = "templates/menu.html"
    customization_baseline_file = Match.action_only(g, action=ACTION.CUSTOM_BASELINE,
                                                    scope=SCOPE.WEBUI) \
        .action_values(unique=True, allow_white_space_in_action=True, write_to_audit_log=False)
    if len(customization_baseline_file) and list(customization_baseline_file)[0] \
            and sub_state not in [1, 2]:
        customization_baseline_file = list(customization_baseline_file)[0]
    else:
        customization_baseline_file = "templates/baseline.html"

    login_text = Match.action_only(g, action=ACTION.LOGIN_TEXT, scope=SCOPE.WEBUI) \
        .action_values(unique=True, allow_white_space_in_action=True, write_to_audit_log=False)
    if len(login_text) and list(login_text)[0] and sub_state not in [1, 2]:
        login_text = list(login_text)[0]
    else:
        login_text = ""

    render_context = {
        'instance': instance,
        'backendUrl': backend_url,
        'browser_lang': browser_lang,
        'remote_user': remote_user,
        'theme': theme,
        'translation_warning': translation_warning,
        'password_reset': password_reset,
        'hsm_ready': hsm_ready,
        'has_job_queue': str(has_job_queue()),
        'customization': customization,
        'custom_css': custom_css,
        'customization_menu_file': customization_menu_file,
        'customization_baseline_file': customization_baseline_file,
        'realms': realms,
        'external_links': external_links,
        'login_text': login_text,
        'logo': logo,
        'page_title': page_title
    }

    return send_html(render_template("index.html", **render_context))
Exemplo n.º 10
0
def single_page_application():
    instance = request.script_root
    if instance == "/":
        instance = ""
    # The backend URL should come from the configuration of the system.
    backend_url = ""

    if current_app.config.get("PI_UI_DEACTIVATED"):
        # Do not provide the UI
        return render_template("deactivated.html")

    # The default theme. We can change this later
    theme = current_app.config.get("PI_CSS", DEFAULT_THEME)
    # Get further customizations
    customization = current_app.config.get("PI_CUSTOMIZATION",
                                           "/static/customize/")
    customization = customization.strip('/')
    # TODO: we should add the CSS into PI_CUSTOMZATION/css
    # Enrollment-Wizard:
    #    PI_CUSTOMIZATION/views/includes/token.enroll.pre.top.html
    #    PI_CUSTOMIZATION/views/includes/token.enroll.pre.bottom.html
    #    PI_CUSTOMIZATION/views/includes/token.enroll.post.top.html
    #    PI_CUSTOMIZATION/views/includes/token.enroll.post.bottom.html
    # Get the hidden external links
    external_links = current_app.config.get("PI_EXTERNAL_LINKS", True)
    # Get the logo file
    logo = current_app.config.get("PI_LOGO", "privacyIDEA1.png")
    browser_lang = request.accept_languages.best_match(["en", "de"])
    # check if login with REMOTE_USER is allowed.
    remote_user = ""
    password_reset = False
    if not hasattr(request, "all_data"):
        request.all_data = {}
    # Depending on displaying the realm dropdown, we fill realms or not.
    policy_object = PolicyClass()
    realms = ""
    client_ip = request.access_route[0] if request.access_route else \
        request.remote_addr
    realm_dropdown = policy_object.get_policies(action=ACTION.REALMDROPDOWN,
                                                scope=SCOPE.WEBUI,
                                                client=client_ip,
                                                active=True)
    if realm_dropdown:
        try:
            realm_dropdown_values = policy_object.get_action_values(
                action=ACTION.REALMDROPDOWN,
                scope=SCOPE.WEBUI,
                client=client_ip)
            # Use the realms from the policy.
            realms = ",".join(realm_dropdown_values)
        except AttributeError as ex:
            # The policy is still a boolean realm_dropdown action
            # Thus we display ALL realms
            realms = ",".join(get_realms().keys())
        if realms:
            realms = "," + realms

    try:
        if is_remote_user_allowed(request):
            remote_user = request.remote_user
        password_reset = is_password_reset()
        hsm_ready = True
    except HSMException:
        hsm_ready = False

    return render_template("index.html", instance=instance,
                           backendUrl=backend_url,
                           browser_lang=browser_lang,
                           remote_user=remote_user,
                           theme=theme,
                           password_reset=password_reset,
                           hsm_ready=hsm_ready,
                           customization=customization,
                           realms=realms,
                           external_links=external_links,
                           logo=logo)