def authenticate(self):
"""
Ask VCCS credential backend to authenticate a credential.
:rtype: bool
"""
self._status = False
self._logger.debug("Authenticating token of type {!r}".format(
self._request.token_type))
client = vccs_client.VCCSClient(base_url=self._config.vccs_base_url)
user_code = self._request.token.user_code
if self._request.token_type == 'OATH':
assert isinstance(self._user.factors,
eduid_api.authfactor.EduIDAuthFactorList)
oath_factors = []
for factor in self._user.factors.to_list():
assert isinstance(factor, eduid_api.authfactor.EduIDAuthFactor
) # for pycharm type inference
if factor.type in ['oath-hotp', 'oath-totp']:
this = vccs_client.VCCSOathFactor(factor.type,
credential_id=factor.id,
user_code=user_code)
oath_factors.append(this)
self._logger.debug(
"Calling VCCS client at {!r} to authenticate factor(s) {!r}".
format(self._config.vccs_base_url, oath_factors))
if client.authenticate(self._user.user_id, oath_factors):
self._status = True
return True
else:
raise NotImplemented()
return False
def add_to_authbackend(self):
"""
Ask VCCS credential backend to store a new credential.
"""
self._logger.debug("Adding token of type {!r} to authbackend".format(
self._request.token_type))
if self._request.token_type == 'OATH':
self._get_oath_aead()
# dump all attributes on self to logger
#for attr in dir(self):
# self._logger.debug("ATTR {!r}: {!r}".format(attr, getattr(self, attr)))
token_type = 'oath-{!s}'.format(self._request.token.type)
self._factor = vccs_client.VCCSOathFactor(
token_type,
self._token_id,
nonce=self.aead.nonce,
aead=self.aead.aead,
key_handle=self.aead.key_handle,
digits=self._request.token.digits,
oath_counter=self._request.token.initial_counter,
)
else:
raise NotImplemented()
client = vccs_client.VCCSClient(base_url=self._config.vccs_base_url)
self._logger.debug("Extra debug: Adding credential {!r}".format(
self._factor.credential_id))
client.add_credentials(str(self._user_id), [self._factor])
self._status = True
def test_missing_parts_of_OATH_factor(self):
"""
Test creating a VCCSOathFactor instance with missing parts.
"""
aead = 'aa' * 20
o = vccs_client.VCCSOathFactor('oath-hotp', 4712, user_code='123456')
# missing AEAD
with self.assertRaises(ValueError):
o.to_dict('add_creds')
o = vccs_client.VCCSOathFactor('oath-hotp',
4712,
nonce='010203040506',
aead=aead,
key_handle=0x1234,
user_code='123456')
# with AEAD o should be OK
self.assertEqual(type(o.to_dict('add_creds')), dict)
# unknown to_dict 'action' should raise
with self.assertRaises(ValueError):
o.to_dict('bad_action')
def test_OATH_factor_auth(self):
"""
Test creating a VCCSOathFactor instance.
"""
aead = 'aa' * 20
o = vccs_client.VCCSOathFactor('oath-hotp',
4712,
nonce='010203040506',
aead=aead,
user_code='123456')
self.assertEqual(o.to_dict('auth'), {
'type': 'oath-hotp',
'credential_id': 4712,
'user_code': '123456',
})
def test_OATH_factor_add(self):
"""
Test creating a VCCSOathFactor instance for an add_creds request.
"""
aead = 'aa' * 20
o = vccs_client.VCCSOathFactor('oath-hotp',
4712,
nonce='010203040506',
aead=aead,
key_handle=0x1234)
self.assertEqual(
o.to_dict('add_creds'), {
'aead': aead,
'credential_id': 4712,
'digits': 6,
'nonce': '010203040506',
'oath_counter': 0,
'type': 'oath-hotp',
'key_handle': 0x1234,
})