def do(self, action, options=None):
"""
This method executes the defined action in the given event.
:param action:
:param options: Contains the flask parameters g, request, response
and the handler_def configuration
:type options: dict
:return:
"""
ret = True
g = options.get("g")
request = options.get("request")
response = options.get("response")
content = json.loads(response.data)
handler_def = options.get("handler_def")
handler_options = handler_def.get("options", {})
serial = request.all_data.get("serial") or \
content.get("detail", {}).get("serial") or \
g.audit_object.audit_data.get("serial")
if action.lower() in [ACTION_TYPE.SET_TOKENREALM,
ACTION_TYPE.DELETE,
ACTION_TYPE.DISABLE,
ACTION_TYPE.ENABLE,
ACTION_TYPE.UNASSIGN]:
if serial:
if action.lower() == ACTION_TYPE.SET_TOKENREALM:
realm = handler_options.get("realm")
only_realm = handler_options.get("only_realm")
# Set the realm..
log.info("Setting realm of token {0!s} to {1!s}".format(
serial, realm))
# Add the token realm
set_realms(serial, [realm], add=True)
elif action.lower() == ACTION_TYPE.DELETE:
log.info("Delete token {0!s}".format(serial))
remove_token(serial=serial)
elif action.lower() == ACTION_TYPE.DISABLE:
log.info("Disable token {0!s}".format(serial))
enable_token(serial, enable=False)
elif action.lower() == ACTION_TYPE.ENABLE:
log.info("Enable token {0!s}".format(serial))
enable_token(serial, enable=True)
elif action.lower() == ACTION_TYPE.UNASSIGN:
log.info("Unassign token {0!s}".format(serial))
unassign_token(serial)
else:
log.info("Action {0!s} requires serial number. But no serial "
"number could be found in request.")
if action.lower() == ACTION_TYPE.INIT:
log.info("Initializing new token")
t = init_token({"type": handler_options.get("tokentype"),
"genkey": 1,
"realm": handler_options.get("realm", "")})
log.info("New token {0!s} enrolled.".format(t.token.serial))
return ret
def main():
from privacyidea.app import create_app
from privacyidea.lib.token import get_tokens, unassign_token, assign_token
from privacyidea.lib.user import User
app = create_app(config_name="production",
config_file=PI_CONFIG,
silent=True)
with app.app_context():
tokens = get_tokens(resolver=FROM_RESOLVER)
for token in tokens:
user = token.user
# find user in other resolver
if user.exist():
other_user = User(user.login,
resolver=TO_RESOLVER,
realm=MIGRATE_REALM)
if other_user.exist():
print('{0!s}: {1!s} -> {2!s}'.format(
token.get_serial(), user, other_user))
unassign_token(token.get_serial())
token.add_user(other_user)
else:
print(
'{0!s}: {1!s} -> Could not find user with login {2!s} '
'in resolver {3!s}'.format(token.get_serial(), user,
user.login, TO_RESOLVER))
else:
print('{0!s}: Could not find user for token in resolver '
'{1!s}'.format(token.get_serial(), FROM_RESOLVER))
def test_10_check_conditions_token_has_owner(self):
uhandler = UserNotificationEventHandler()
# check if tokenrealm is contained
builder = EnvironBuilder(method='POST',
data={'user': "******"},
headers={})
tok = init_token({
"serial": "oath1234",
"type": "spass"
},
user=User("cornelius", "realm1"))
env = builder.get_environ()
req = Request(env)
req.all_data = {"user": "******", "serial": "oath1234"}
req.User = User("cornelius", "realm1")
resp = Response()
resp.data = """{"result": {"value": true}}"""
r = uhandler.check_condition({
"g": {},
"handler_def": {
"conditions": {
CONDITION.TOKEN_HAS_OWNER: "True"
}
},
"request": req,
"response": resp
})
# Token has an owner
self.assertEqual(r, True)
r = uhandler.check_condition({
"g": {},
"handler_def": {
"conditions": {
CONDITION.TOKEN_HAS_OWNER: "False"
}
},
"request": req,
"response": resp
})
# Token has an owner, but the condition is wrong
self.assertEqual(r, False)
# unassign token, no owner
unassign_token("oath1234")
r = uhandler.check_condition({
"g": {},
"handler_def": {
"conditions": {
CONDITION.TOKEN_HAS_OWNER: "False"
}
},
"request": req,
"response": resp
})
# The condition was, token-not-assigned and the token has no user
self.assertEqual(r, True)
def test_05_autoassign_any_pin(self):
# init a token, that does has no uwser
self.setUp_user_realms()
tokenobject = init_token({"serial": "UASSIGN1", "type": "hotp",
"otpkey": "3132333435363738393031"
"323334353637383930"},
tokenrealms=[self.realm1])
user_obj = User("autoassignuser", self.realm1)
# unassign all tokens from the user autoassignuser
try:
unassign_token(None, user=user_obj)
except Exception:
print("no need to unassign token")
# The request with an OTP value and a PIN of a user, who has not
# token assigned
builder = EnvironBuilder(method='POST',
data={},
headers={})
env = builder.get_environ()
env["REMOTE_ADDR"] = "10.0.0.1"
g.client_ip = env["REMOTE_ADDR"]
req = Request(env)
req.all_data = {"user": "******", "realm": self.realm1,
"pass": "******"}
# The response with a failed request
res = {"jsonrpc": "2.0",
"result": {"status": True,
"value": False},
"version": "privacyIDEA test",
"id": 1}
resp = Response(json.dumps(res))
# Set the autoassign policy
# to "any_pin"
set_policy(name="pol2",
scope=SCOPE.ENROLL,
action="{0!s}={1!s}".format(ACTION.AUTOASSIGN, AUTOASSIGNVALUE.NONE),
client="10.0.0.0/8")
g.policy_object = PolicyClass()
new_response = autoassign(req, resp)
jresult = json.loads(new_response.data)
self.assertTrue(jresult.get("result").get("value"), jresult)
self.assertEqual(jresult.get("detail").get("serial"), "UASSIGN1")
# test the token with test287082 will fail
res, dict = check_user_pass(User("autoassignuser", self.realm1),
"test287082")
self.assertFalse(res)
# test the token with test359152 will succeed
res, dict = check_user_pass(User("autoassignuser", self.realm1),
"test359152")
self.assertTrue(res)
delete_policy("pol2")
def reassign_token(serial, username):
app = Flask(__name__, static_folder="static",
template_folder="static/templates")
app.config.from_pyfile("/etc/privacyidea/pi.cfg", silent=True)
db = SQLAlchemy()
db.init_app(app)
with app.app_context():
# Set global values
unassign_token(serial)
assign_token(serial, User(username, NEW_REALM))
def test_18_assign_token(self):
serial = "ASSTOKEN"
user = User("cornelius", resolver=self.resolvername1,
realm=self.realm1)
tokenobject = init_token({"serial": serial,
"otpkey": "1234567890123456"})
r = assign_token(serial, user, pin="1234")
self.assertTrue(r)
self.assertTrue(tokenobject.token.user_id == "1000",
tokenobject.token.user_id)
# token already assigned...
self.assertRaises(TokenAdminError, assign_token, serial,
User("shadow", realm=self.realm1))
# unassign token
r = unassign_token(serial)
self.assertTrue(r)
self.assertTrue(tokenobject.token.user_id == "",
tokenobject.token.user_id)
remove_token(serial)
# assign or unassign a token, that does not exist
self.assertRaises(TokenAdminError, assign_token, serial, user)
self.assertRaises(TokenAdminError, unassign_token, serial)
def test_18_assign_token(self):
serial = "ASSTOKEN"
user = User("cornelius",
resolver=self.resolvername1,
realm=self.realm1)
tokenobject = init_token({
"serial": serial,
"otpkey": "1234567890123456"
})
r = assign_token(serial, user, pin="1234")
self.assertTrue(r)
self.assertTrue(tokenobject.token.user_id == "1000",
tokenobject.token.user_id)
# token already assigned...
self.assertRaises(TokenAdminError, assign_token, serial,
User("shadow", realm=self.realm1))
# unassign token
r = unassign_token(serial)
self.assertTrue(r)
self.assertTrue(tokenobject.token.user_id == "",
tokenobject.token.user_id)
remove_token(serial)
# assign or unassign a token, that does not exist
self.assertRaises(TokenAdminError, assign_token, serial, user)
self.assertRaises(TokenAdminError, unassign_token, serial)
def test_39_auto_assign_token_2(self):
user = User("autoassignuser", realm=self.realm1)
# be sure, that the user has no tokens assigned!
try:
unassign_token(None, user=user)
except TokenAdminError:
pass
tokenobject = init_token({"serial": "AUTO003", "type": "hotp",
"otpkey": self.otpkey,
"realm": self.realm1})
tokenobject = init_token({"serial": "AUTO004", "type": "hotp",
"otpkey": self.otpkey,
"realm": self.realm1})
# autoassigment fails, if multiple tokens return the same result.
r, reply_dict = auto_assign_token(user, "test254676")
self.assertFalse(r)
self.assertTrue("tokens with the given OTP" in reply_dict.get(
"message"), reply_dict)
def do(self, action, options=None):
"""
This method executes the defined action in the given event.
:param action:
:param options: Contains the flask parameters g, request, response
and the handler_def configuration
:type options: dict
:return:
"""
ret = True
g = options.get("g")
request = options.get("request")
response = options.get("response")
content = json.loads(response.data)
handler_def = options.get("handler_def")
handler_options = handler_def.get("options", {})
serial = request.all_data.get("serial") or \
content.get("detail", {}).get("serial") or \
g.audit_object.audit_data.get("serial")
if action.lower() in [
ACTION_TYPE.SET_TOKENREALM, ACTION_TYPE.SET_DESCRIPTION,
ACTION_TYPE.DELETE, ACTION_TYPE.DISABLE, ACTION_TYPE.ENABLE,
ACTION_TYPE.UNASSIGN, ACTION_TYPE.SET_VALIDITY,
ACTION_TYPE.SET_COUNTWINDOW, ACTION_TYPE.SET_TOKENINFO
]:
if serial:
log.info("{0!s} for token {1!s}".format(action, serial))
if action.lower() == ACTION_TYPE.SET_TOKENREALM:
realm = handler_options.get("realm")
only_realm = handler_options.get("only_realm")
# Set the realm..
log.info("Setting realm of token {0!s} to {1!s}".format(
serial, realm))
# Add the token realm
set_realms(serial, [realm], add=True)
elif action.lower() == ACTION_TYPE.DELETE:
remove_token(serial=serial)
elif action.lower() == ACTION_TYPE.DISABLE:
enable_token(serial, enable=False)
elif action.lower() == ACTION_TYPE.ENABLE:
enable_token(serial, enable=True)
elif action.lower() == ACTION_TYPE.UNASSIGN:
unassign_token(serial)
elif action.lower() == ACTION_TYPE.SET_DESCRIPTION:
s_now = datetime.datetime.now().strftime(AUTH_DATE_FORMAT)
set_description(serial,
(handler_options.get("description")
or "").format(
current_time=s_now,
client_ip=g.client_ip,
ua_browser=request.user_agent.browser,
ua_string=request.user_agent.string))
elif action.lower() == ACTION_TYPE.SET_COUNTWINDOW:
set_count_window(
serial, int(handler_options.get("count window", 50)))
elif action.lower() == ACTION_TYPE.SET_TOKENINFO:
s_now = datetime.datetime.now().strftime(AUTH_DATE_FORMAT)
add_tokeninfo(serial, handler_options.get("key"),
(handler_options.get("value") or "").format(
current_time=s_now,
client_ip=g.client_ip,
ua_browser=request.user_agent.browser,
ua_string=request.user_agent.string))
elif action.lower() == ACTION_TYPE.SET_VALIDITY:
start_date = handler_options.get(VALIDITY.START)
end_date = handler_options.get(VALIDITY.END)
if start_date:
d = parse_date(start_date)
set_validity_period_start(serial, None,
d.strftime(DATE_FORMAT))
if end_date:
d = parse_date(end_date)
set_validity_period_end(serial, None,
d.strftime(DATE_FORMAT))
else:
log.info("Action {0!s} requires serial number. But no serial "
"number could be found in request.")
if action.lower() == ACTION_TYPE.INIT:
log.info("Initializing new token")
init_param = {
"type": handler_options.get("tokentype"),
"genkey": 1,
"realm": handler_options.get("realm", "")
}
user = None
if is_true(handler_options.get("user")):
user = self._get_tokenowner(request)
tokentype = handler_options.get("tokentype")
# Some tokentypes need additional parameters or otherwise
# will fail to enroll.
# TODO: Other tokentypes will require additional parameters
if tokentype == "sms":
init_param['phone'] = user.get_user_phone(
phone_type='mobile')
if not init_param['phone']:
log.warning("Enrolling SMS token. But the user "
"{0!s} has no mobile number!".format(user))
elif tokentype == "email":
init_param['email'] = user.info.get("email", "")
if not init_param['email']:
log.warning("Enrolling EMail token. But the user {0!s}"
"has no email address!".format(user))
elif tokentype == "motp":
init_param['motppin'] = handler_options.get("motppin")
t = init_token(param=init_param, user=user)
log.info("New token {0!s} enrolled.".format(t.token.serial))
return ret
def do(self, action, options=None):
"""
This method executes the defined action in the given event.
:param action:
:param options: Contains the flask parameters g, request, response
and the handler_def configuration
:type options: dict
:return:
"""
ret = True
g = options.get("g")
request = options.get("request")
response = options.get("response")
content = json.loads(response.data)
handler_def = options.get("handler_def")
handler_options = handler_def.get("options", {})
serial = request.all_data.get("serial") or \
content.get("detail", {}).get("serial") or \
g.audit_object.audit_data.get("serial")
if action.lower() in [ACTION_TYPE.SET_TOKENREALM,
ACTION_TYPE.SET_DESCRIPTION,
ACTION_TYPE.DELETE, ACTION_TYPE.DISABLE,
ACTION_TYPE.ENABLE, ACTION_TYPE.UNASSIGN,
ACTION_TYPE.SET_VALIDITY,
ACTION_TYPE.SET_COUNTWINDOW,
ACTION_TYPE.SET_TOKENINFO]:
if serial:
log.info("{0!s} for token {1!s}".format(action, serial))
if action.lower() == ACTION_TYPE.SET_TOKENREALM:
realm = handler_options.get("realm")
only_realm = handler_options.get("only_realm")
# Set the realm..
log.info("Setting realm of token {0!s} to {1!s}".format(
serial, realm))
# Add the token realm
set_realms(serial, [realm], add=True)
elif action.lower() == ACTION_TYPE.DELETE:
remove_token(serial=serial)
elif action.lower() == ACTION_TYPE.DISABLE:
enable_token(serial, enable=False)
elif action.lower() == ACTION_TYPE.ENABLE:
enable_token(serial, enable=True)
elif action.lower() == ACTION_TYPE.UNASSIGN:
unassign_token(serial)
elif action.lower() == ACTION_TYPE.SET_DESCRIPTION:
s_now = datetime.datetime.now(tzlocal()).strftime(AUTH_DATE_FORMAT)
set_description(serial,
(handler_options.get("description") or
"").format(current_time=s_now,
client_ip=g.client_ip,
ua_browser=request.user_agent.browser,
ua_string=request.user_agent.string))
elif action.lower() == ACTION_TYPE.SET_COUNTWINDOW:
set_count_window(serial,
int(handler_options.get("count window",
50)))
elif action.lower() == ACTION_TYPE.SET_TOKENINFO:
s_now = datetime.datetime.now(tzlocal()).strftime(AUTH_DATE_FORMAT)
add_tokeninfo(serial, handler_options.get("key"),
(handler_options.get("value") or "").format(
current_time=s_now,
client_ip=g.client_ip,
ua_browser=request.user_agent.browser,
ua_string=request.user_agent.string))
elif action.lower() == ACTION_TYPE.SET_VALIDITY:
start_date = handler_options.get(VALIDITY.START)
end_date = handler_options.get(VALIDITY.END)
if start_date:
d = parse_date(start_date)
set_validity_period_start(serial, None,
d.strftime(DATE_FORMAT))
if end_date:
d = parse_date(end_date)
set_validity_period_end(serial, None,
d.strftime(DATE_FORMAT))
else:
log.info("Action {0!s} requires serial number. But no serial "
"number could be found in request.")
if action.lower() == ACTION_TYPE.INIT:
log.info("Initializing new token")
init_param = {"type": handler_options.get("tokentype"),
"genkey": 1,
"realm": handler_options.get("realm", "")}
user = None
if is_true(handler_options.get("user")):
user = self._get_tokenowner(request)
tokentype = handler_options.get("tokentype")
# Some tokentypes need additional parameters or otherwise
# will fail to enroll.
# TODO: Other tokentypes will require additional parameters
if tokentype == "sms":
init_param['phone'] = user.get_user_phone(
phone_type='mobile')
if not init_param['phone']:
log.warning("Enrolling SMS token. But the user "
"{0!s} has no mobile number!".format(user))
elif tokentype == "email":
init_param['email'] = user.info.get("email", "")
if not init_param['email']:
log.warning("Enrolling EMail token. But the user {0!s}"
"has no email address!".format(user))
elif tokentype == "motp":
init_param['motppin'] = handler_options.get("motppin")
t = init_token(param=init_param, user=user)
log.info("New token {0!s} enrolled.".format(t.token.serial))
return ret
def do(self, action, options=None):
"""
This method executes the defined action in the given event.
:param action:
:param options: Contains the flask parameters g, request, response
and the handler_def configuration
:type options: dict
:return:
"""
ret = True
g = options.get("g")
request = options.get("request")
response = options.get("response")
content = self._get_response_content(response)
handler_def = options.get("handler_def")
handler_options = handler_def.get("options", {})
serial = request.all_data.get("serial") or \
content.get("detail", {}).get("serial") or \
g.audit_object.audit_data.get("serial")
if action.lower() in [ACTION_TYPE.SET_TOKENREALM,
ACTION_TYPE.SET_DESCRIPTION,
ACTION_TYPE.DELETE, ACTION_TYPE.DISABLE,
ACTION_TYPE.ENABLE, ACTION_TYPE.UNASSIGN,
ACTION_TYPE.SET_VALIDITY,
ACTION_TYPE.SET_COUNTWINDOW,
ACTION_TYPE.SET_TOKENINFO,
ACTION_TYPE.SET_FAILCOUNTER,
ACTION_TYPE.CHANGE_FAILCOUNTER,
ACTION_TYPE.SET_RANDOM_PIN,
ACTION_TYPE.DELETE_TOKENINFO]:
if serial:
log.info("{0!s} for token {1!s}".format(action, serial))
if action.lower() == ACTION_TYPE.SET_TOKENREALM:
realm = handler_options.get("realm")
only_realm = is_true(handler_options.get("only_realm"))
# Set the realm..
log.info("Setting realm of token {0!s} to {1!s}".format(
serial, realm))
# Add the token realm
set_realms(serial, [realm], add=not only_realm)
elif action.lower() == ACTION_TYPE.SET_RANDOM_PIN:
# If for any reason we have no value, we default to 6
length = int(handler_options.get("length") or 6)
pin = generate_password(size=length)
if set_pin(serial, pin):
content.setdefault("detail", {})["pin"] = pin
options.get("response").data = json.dumps(content)
elif action.lower() == ACTION_TYPE.DELETE:
remove_token(serial=serial)
elif action.lower() == ACTION_TYPE.DISABLE:
enable_token(serial, enable=False)
elif action.lower() == ACTION_TYPE.ENABLE:
enable_token(serial, enable=True)
elif action.lower() == ACTION_TYPE.UNASSIGN:
unassign_token(serial)
elif action.lower() == ACTION_TYPE.SET_DESCRIPTION:
description = handler_options.get("description") or ""
description, td = parse_time_offset_from_now(description)
s_now = (datetime.datetime.now(tzlocal()) + td).strftime(
AUTH_DATE_FORMAT)
set_description(serial,
description.format(
current_time=s_now,
now=s_now,
client_ip=g.client_ip,
ua_browser=request.user_agent.browser,
ua_string=request.user_agent.string))
elif action.lower() == ACTION_TYPE.SET_COUNTWINDOW:
set_count_window(serial,
int(handler_options.get("count window",
50)))
elif action.lower() == ACTION_TYPE.SET_TOKENINFO:
tokeninfo = handler_options.get("value") or ""
tokeninfo, td = parse_time_offset_from_now(tokeninfo)
s_now = (datetime.datetime.now(tzlocal()) + td).strftime(
AUTH_DATE_FORMAT)
try:
username = request.User.loginname
realm = request.User.realm
except Exception:
username = "******"
realm = "N/A"
add_tokeninfo(serial, handler_options.get("key"),
tokeninfo.format(
current_time=s_now,
now=s_now,
client_ip=g.client_ip,
username=username,
realm=realm,
ua_browser=request.user_agent.browser,
ua_string=request.user_agent.string))
elif action.lower() == ACTION_TYPE.DELETE_TOKENINFO:
delete_tokeninfo(serial, handler_options.get("key"))
elif action.lower() == ACTION_TYPE.SET_VALIDITY:
start_date = handler_options.get(VALIDITY.START)
end_date = handler_options.get(VALIDITY.END)
if start_date:
d = parse_date(start_date)
set_validity_period_start(serial, None,
d.strftime(DATE_FORMAT))
if end_date:
d = parse_date(end_date)
set_validity_period_end(serial, None,
d.strftime(DATE_FORMAT))
elif action.lower() == ACTION_TYPE.SET_FAILCOUNTER:
try:
set_failcounter(serial,
int(handler_options.get("fail counter")))
except Exception as exx:
log.warning("Misconfiguration: Failed to set fail "
"counter!")
elif action.lower() == ACTION_TYPE.CHANGE_FAILCOUNTER:
try:
token_obj = get_one_token(serial=serial)
token_obj.set_failcount(
token_obj.token.failcount + int(handler_options.get("change fail counter")))
except Exception as exx:
log.warning("Misconfiguration: Failed to increase or decrease fail "
"counter!")
else:
log.info("Action {0!s} requires serial number. But no serial "
"number could be found in request.")
if action.lower() == ACTION_TYPE.INIT:
log.info("Initializing new token")
init_param = {"type": handler_options.get("tokentype"),
"genkey": 1,
"realm": handler_options.get("realm", "")}
user = None
if is_true(handler_options.get("user")):
user = self._get_tokenowner(request)
tokentype = handler_options.get("tokentype")
# Some tokentypes need additional parameters
if handler_options.get("additional_params"):
add_params = yaml.safe_load(handler_options.get("additional_params"))
if type(add_params) == dict:
init_param.update(add_params)
if tokentype == "sms":
if handler_options.get("dynamic_phone"):
init_param["dynamic_phone"] = 1
else:
init_param['phone'] = user.get_user_phone(
phone_type='mobile', index=0)
if not init_param['phone']:
log.warning("Enrolling SMS token. But the user "
"{0!r} has no mobile number!".format(user))
if handler_options.get("sms_identifier"):
init_param["sms.identifier"] = handler_options.get("sms_identifier")
elif tokentype == "email":
if handler_options.get("dynamic_email"):
init_param["dynamic_email"] = 1
else:
init_param['email'] = user.info.get("email", "")
if not init_param['email']:
log.warning("Enrolling EMail token. But the user {0!s}"
"has no email address!".format(user))
if handler_options.get("smtp_identifier"):
init_param["email.identifier"] = handler_options.get("smtp_identifier")
elif tokentype == "motp":
init_param['motppin'] = handler_options.get("motppin")
t = init_token(param=init_param, user=user)
log.info("New token {0!s} enrolled.".format(t.token.serial))
return ret
def test_05_autoassign_userstore(self):
# init a token, that does has no user
self.setUp_user_realms()
tokenobject = init_token(
{
"serial": "UASSIGN2",
"type": "hotp",
"otpkey": "3132333435363738393031"
"323334353637383930"
},
tokenrealms=[self.realm1])
user_obj = User("autoassignuser", self.realm1)
# unassign all tokens from the user autoassignuser
try:
unassign_token(None, user=user_obj)
except Exception:
print("no need to unassign token")
# The request with an OTP value and a PIN of a user, who has not
# token assigned
builder = EnvironBuilder(method='POST', data={}, headers={})
env = builder.get_environ()
env["REMOTE_ADDR"] = "10.0.0.1"
req = Request(env)
req.all_data = {
"user": "******",
"realm": self.realm1,
"pass": "******"
}
# The response with a failed request
res = {
"jsonrpc": "2.0",
"result": {
"status": True,
"value": False
},
"version": "privacyIDEA test",
"id": 1
}
resp = Response(json.dumps(res))
# Set the autoassign policy
# to "userstore"
set_policy(name="pol2",
scope=SCOPE.ENROLL,
action="%s=%s" %
(ACTION.AUTOASSIGN, AUTOASSIGNVALUE.USERSTORE),
client="10.0.0.0/8")
g.policy_object = PolicyClass()
new_response = autoassign(req, resp)
jresult = json.loads(new_response.data)
self.assertEqual(jresult.get("result").get("value"), True)
self.assertEqual(jresult.get("detail").get("serial"), "UASSIGN2")
# authenticate with 287082 a second time will fail
res, dict = check_user_pass(User("autoassignuser", self.realm1),
"password287082")
self.assertFalse(res)
# authenticate with the next OTP 359152 will succeed
res, dict = check_user_pass(User("autoassignuser", self.realm1),
"password359152")
self.assertTrue(res)
delete_policy("pol2")
def do(self, action, options=None):
"""
This method executes the defined action in the given event.
:param action:
:param options: Contains the flask parameters g, request, response
and the handler_def configuration
:type options: dict
:return:
"""
ret = True
g = options.get("g")
request = options.get("request")
response = options.get("response")
content = json.loads(response.data)
handler_def = options.get("handler_def")
handler_options = handler_def.get("options", {})
serial = request.all_data.get("serial") or \
content.get("detail", {}).get("serial") or \
g.audit_object.audit_data.get("serial")
if action.lower() in [ACTION_TYPE.SET_TOKENREALM,
ACTION_TYPE.SET_DESCRIPTION,
ACTION_TYPE.DELETE, ACTION_TYPE.DISABLE,
ACTION_TYPE.ENABLE, ACTION_TYPE.UNASSIGN,
ACTION_TYPE.SET_VALIDITY]:
if serial:
if action.lower() == ACTION_TYPE.SET_TOKENREALM:
realm = handler_options.get("realm")
only_realm = handler_options.get("only_realm")
# Set the realm..
log.info("Setting realm of token {0!s} to {1!s}".format(
serial, realm))
# Add the token realm
set_realms(serial, [realm], add=True)
elif action.lower() == ACTION_TYPE.DELETE:
log.info("Delete token {0!s}".format(serial))
remove_token(serial=serial)
elif action.lower() == ACTION_TYPE.DISABLE:
log.info("Disable token {0!s}".format(serial))
enable_token(serial, enable=False)
elif action.lower() == ACTION_TYPE.ENABLE:
log.info("Enable token {0!s}".format(serial))
enable_token(serial, enable=True)
elif action.lower() == ACTION_TYPE.UNASSIGN:
log.info("Unassign token {0!s}".format(serial))
unassign_token(serial)
elif action.lower() == ACTION_TYPE.SET_DESCRIPTION:
log.info("Set description of token {0!s}".format(serial))
set_description(serial, handler_options.get(
"description", ""))
elif action.lower() == ACTION_TYPE.SET_VALIDITY:
log.info("Set validity period for token {0!s}".format(
serial))
start_date = handler_options.get(VALIDITY.START)
end_date = handler_options.get(VALIDITY.END)
if start_date:
d = parse_date(start_date)
set_validity_period_start(serial, None,
d.strftime(DATE_FORMAT))
if end_date:
d = parse_date(end_date)
set_validity_period_end(serial, None,
d.strftime(DATE_FORMAT))
else:
log.info("Action {0!s} requires serial number. But no serial "
"number could be found in request.")
if action.lower() == ACTION_TYPE.INIT:
log.info("Initializing new token")
if handler_options.get("user") in ["1", 1, True]:
user = self._get_tokenowner(request)
else:
user = None
t = init_token({"type": handler_options.get("tokentype"),
"genkey": 1,
"realm": handler_options.get("realm", "")},
user=user)
log.info("New token {0!s} enrolled.".format(t.token.serial))
return ret
def do(self, action, options=None):
"""
This method executes the defined action in the given event.
:param action:
:param options: Contains the flask parameters g, request, response
and the handler_def configuration
:type options: dict
:return:
"""
ret = True
g = options.get("g")
request = options.get("request")
response = options.get("response")
content = self._get_response_content(response)
handler_def = options.get("handler_def")
handler_options = handler_def.get("options", {})
serial = request.all_data.get("serial") or \
content.get("detail", {}).get("serial") or \
g.audit_object.audit_data.get("serial")
if action.lower() in [ACTION_TYPE.SET_TOKENREALM,
ACTION_TYPE.SET_DESCRIPTION,
ACTION_TYPE.DELETE, ACTION_TYPE.DISABLE,
ACTION_TYPE.ENABLE, ACTION_TYPE.UNASSIGN,
ACTION_TYPE.SET_VALIDITY,
ACTION_TYPE.SET_COUNTWINDOW,
ACTION_TYPE.SET_TOKENINFO,
ACTION_TYPE.SET_FAILCOUNTER,
ACTION_TYPE.DELETE_TOKENINFO]:
if serial:
log.info("{0!s} for token {1!s}".format(action, serial))
if action.lower() == ACTION_TYPE.SET_TOKENREALM:
realm = handler_options.get("realm")
only_realm = is_true(handler_options.get("only_realm"))
# Set the realm..
log.info("Setting realm of token {0!s} to {1!s}".format(
serial, realm))
# Add the token realm
set_realms(serial, [realm], add=not only_realm)
elif action.lower() == ACTION_TYPE.DELETE:
remove_token(serial=serial)
elif action.lower() == ACTION_TYPE.DISABLE:
enable_token(serial, enable=False)
elif action.lower() == ACTION_TYPE.ENABLE:
enable_token(serial, enable=True)
elif action.lower() == ACTION_TYPE.UNASSIGN:
unassign_token(serial)
elif action.lower() == ACTION_TYPE.SET_DESCRIPTION:
description = handler_options.get("description") or ""
description, td = parse_time_offset_from_now(description)
s_now = (datetime.datetime.now(tzlocal()) + td).strftime(
AUTH_DATE_FORMAT)
set_description(serial,
description.format(
current_time=s_now,
now=s_now,
client_ip=g.client_ip,
ua_browser=request.user_agent.browser,
ua_string=request.user_agent.string))
elif action.lower() == ACTION_TYPE.SET_COUNTWINDOW:
set_count_window(serial,
int(handler_options.get("count window",
50)))
elif action.lower() == ACTION_TYPE.SET_TOKENINFO:
tokeninfo = handler_options.get("value") or ""
tokeninfo, td = parse_time_offset_from_now(tokeninfo)
s_now = (datetime.datetime.now(tzlocal()) + td).strftime(
AUTH_DATE_FORMAT)
try:
username = request.User.loginname
realm = request.User.realm
except Exception:
username = "******"
realm = "N/A"
add_tokeninfo(serial, handler_options.get("key"),
tokeninfo.format(
current_time=s_now,
now=s_now,
client_ip=g.client_ip,
username=username,
realm=realm,
ua_browser=request.user_agent.browser,
ua_string=request.user_agent.string))
elif action.lower() == ACTION_TYPE.DELETE_TOKENINFO:
delete_tokeninfo(serial, handler_options.get("key"))
elif action.lower() == ACTION_TYPE.SET_VALIDITY:
start_date = handler_options.get(VALIDITY.START)
end_date = handler_options.get(VALIDITY.END)
if start_date:
d = parse_date(start_date)
set_validity_period_start(serial, None,
d.strftime(DATE_FORMAT))
if end_date:
d = parse_date(end_date)
set_validity_period_end(serial, None,
d.strftime(DATE_FORMAT))
elif action.lower() == ACTION_TYPE.SET_FAILCOUNTER:
try:
set_failcounter(serial,
int(handler_options.get("fail counter")))
except Exception as exx:
log.warning("Misconfiguration: Failed to set fail "
"counter!")
else:
log.info("Action {0!s} requires serial number. But no serial "
"number could be found in request.")
if action.lower() == ACTION_TYPE.INIT:
log.info("Initializing new token")
init_param = {"type": handler_options.get("tokentype"),
"genkey": 1,
"realm": handler_options.get("realm", "")}
user = None
if is_true(handler_options.get("user")):
user = self._get_tokenowner(request)
tokentype = handler_options.get("tokentype")
# Some tokentypes need additional parameters
if handler_options.get("additional_params"):
add_params = yaml.safe_load(handler_options.get("additional_params"))
if type(add_params) == dict:
init_param.update(add_params)
if tokentype == "sms":
if handler_options.get("dynamic_phone"):
init_param["dynamic_phone"] = 1
else:
init_param['phone'] = user.get_user_phone(
phone_type='mobile', index=0)
if not init_param['phone']:
log.warning("Enrolling SMS token. But the user "
"{0!r} has no mobile number!".format(user))
elif tokentype == "email":
if handler_options.get("dynamic_email"):
init_param["dynamic_email"] = 1
else:
init_param['email'] = user.info.get("email", "")
if not init_param['email']:
log.warning("Enrolling EMail token. But the user {0!s}"
"has no email address!".format(user))
elif tokentype == "motp":
init_param['motppin'] = handler_options.get("motppin")
t = init_token(param=init_param, user=user)
log.info("New token {0!s} enrolled.".format(t.token.serial))
return ret
