def create_google_authenticator(param: dict, user=None) -> str: """Create the google url from the parameters :param param: dict containing the parameters :param user: the user to which the token should be assigned :return: the google authenticator url """ serial = param["serial"] login = user and user.login or param.get("user.login", "") realm = user and user.realm or param.get("user.realm", "") description = param.get("description", "") token_label = get_tokenlabel( serial=serial, user=login, realm=realm, description=description ) issuer = get_tokenissuer( serial=serial, user=login, realm=realm, description=description ) # --------------------------------------------------------------------- -- # as the issuer is also used as an url parameter, # we add it to the parameters param["issuer"] = issuer # build the label, which is defined as: # label = accountname / issuer (“:” / “%3A”) *”%20” accountname label = quote(issuer) + ":" + quote(token_label) return google_authenticator_url(label, param)
def test_tokenissuer( self, mocked__get_client, mocked__get_policies, mocked_get_policy_definitions, ): """Verify that the tokenissuer is evaluated from general.""" mocked__get_client.return_value = "127.0.0.1" mocked_get_policy_definitions.return_value = { "enrollment": { "tokenissuer": { "type": "str", "desc": "the issuer label for the google authenticator.", }, } } policy_set = copy.deepcopy(PolicySet) # ----------------------------------------------------------------- -- # verify that general policy is honored policy_set["general"]["action"] = "tokenissuer=<s>:<u>@<r>" mocked__get_policies.return_value = policy_set issuer = get_tokenissuer(user="******", realm="defaultrealm", serial="mySerial") assert issuer == "mySerial:fake_user@defaultrealm" # ----------------------------------------------------------------- -- # verify that if set, user specific policy is honored policy_set["fake_user"]["action"] = "dummy, tokenissuer=<u>@<r>" mocked__get_policies.return_value = policy_set issuer = get_tokenissuer(user="******", realm="defaultrealm", serial="mySerial") assert issuer == "fake_user@defaultrealm"
def test_get_tokenissuer_wo_policy(self, mock__get_client, mock_has_client_policy): mock__get_client.return_value = "localhost" mock_has_client_policy.return_value = {} res = get_tokenissuer(serial="123") assert res == "LinOTP" res = get_tokenissuer(serial="123", user="******") assert res == "LinOTP" res = get_tokenissuer(serial="123", user="******", realm="home") assert res == "LinOTP" res = get_tokenissuer(serial="123", user="******", realm="home", description="nothing") assert res == "LinOTP"
def test_tokenissuer(self, mocked__get_client, mocked__get_policies, mocked_get_policy_definitions): """Verify that the tokenissuer is evaluated from general.""" mocked__get_client.return_value = '127.0.0.1' mocked_get_policy_definitions.return_value = { 'enrollment': { 'tokenissuer': { 'type': 'str', 'desc': 'the issuer label for the google authenticator.' }, } } policy_set = copy.deepcopy(PolicySet) # ----------------------------------------------------------------- -- # verify that general policy is honored policy_set['general']['action'] = 'tokenissuer=<s>:<u>@<r>' mocked__get_policies.return_value = policy_set issuer = get_tokenissuer(user='******', realm='defaultrealm', serial='mySerial') assert issuer == 'mySerial:fake_user@defaultrealm' # ----------------------------------------------------------------- -- # verify that if set, user specific policy is honored policy_set['fake_user']['action'] = 'dummy, tokenissuer=<u>@<r>' mocked__get_policies.return_value = policy_set issuer = get_tokenissuer(user='******', realm='defaultrealm', serial='mySerial') assert issuer == 'fake_user@defaultrealm'
def test_get_tokenissuer_w_policy(self, mock__get_client, mock_has_client_policy, mock_get_action_value): mock__get_client.return_value = "localhost" mock_has_client_policy.return_value = {} mock_get_action_value.return_value = "<d>.<r>.<u>.<s>" res = get_tokenissuer(serial="!") assert res == "...!" res = get_tokenissuer(serial="!", user="******") assert res == "..matters.!" res = get_tokenissuer(serial="!", user="******", realm="else") assert res == ".else.matters.!" res = get_tokenissuer(serial="!", user="******", realm="else", description="nothing") assert res == "nothing.else.matters.!"
def test_autoassignment( self, mocked__get_client, mocked__get_policies, mocked_get_policy_definitions, ): """Verify that the autoassignment is evaluated from general.""" mocked__get_client.return_value = "127.0.0.1" policy_set = copy.deepcopy(PolicySet) # ----------------------------------------------------------------- -- # verify that general policy is honored policy_set["general"]["action"] = "autoassignment" mocked__get_policies.return_value = policy_set mocked_get_policy_definitions.return_value = { "enrollment": { "autoassignment": { "type": "bool", "desc": "users can assign a token just by using the " "unassigned token to authenticate.", }, } } fake_user = LinotpUser(login="******", realm="defaultrealm") assert get_autoassignment(fake_user), "autoassigment should be set!" # ----------------------------------------------------------------- -- # verify that if set, user specific policy is honored policy_set["fake_user"]["action"] = "tokenissuer=<u>, autoassignment" mocked__get_policies.return_value = policy_set issuer = get_tokenissuer(user="******", realm="defaultrealm", serial="mySerial") assert issuer == "fake_user"
def test_autoassignment(self, mocked__get_client, mocked__get_policies, mocked_get_policy_definitions): """Verify that the autoassignment is evaluated from general.""" mocked__get_client.return_value = '127.0.0.1' policy_set = copy.deepcopy(PolicySet) # ----------------------------------------------------------------- -- # verify that general policy is honored policy_set['general']['action'] = 'autoassignment' mocked__get_policies.return_value = policy_set mocked_get_policy_definitions.return_value = { 'enrollment': { 'autoassignment': { 'type': 'bool', 'desc': 'users can assign a token just by using the ' 'unassigned token to authenticate.' }, } } fake_user = LinotpUser(login='******', realm='defaultrealm') assert get_autoassignment(fake_user), 'autoassigment should be set!' # ----------------------------------------------------------------- -- # verify that if set, user specific policy is honored policy_set['fake_user']['action'] = 'tokenissuer=<u>, autoassignment' mocked__get_policies.return_value = policy_set issuer = get_tokenissuer(user='******', realm='defaultrealm', serial='mySerial') assert issuer == 'fake_user'
def create_google_authenticator(param, user=None): ''' create url for google authenticator :param param: request dictionary :return: string with google url ''' typ = param.get("type", 'hotp') if typ.lower() == 'hmac': typ = 'hotp' if not typ.lower() in ['totp', 'hotp']: raise NoOtpAuthTokenException('not supported otpauth token type: %r' % typ) serial = param.get("serial", None) digits = param.get("otplen", '6') otpkey = param.get("otpkey", None) login = '' realm = '' if user: login = user.login or '' realm = user.realm or '' login = login or param.get('user.login', '') realm = realm or param.get('user.realm', '') url_param = {} if not otpkey: raise Exception('Failed to create token url due to missing seed!') key = base64.b32encode(binascii.unhexlify(otpkey)) key = key.strip("=") algo = param.get("hashlib", "sha1") or "sha1" algo = algo.upper() if algo not in['SHA1', 'SHA256', 'SHA512', 'MD5']: algo = 'SHA1' if algo != 'SHA1': url_param['algorithm'] = algo url_param['secret'] = key # dont add default if digits != '6': url_param['digits'] = digits if typ not in ['totp']: url_param['counter'] = 0 if 'timeStep' in param: url_param['period'] = param.get('timeStep') issuer = get_tokenissuer(login, realm, serial) if issuer: url_param['issuer'] = quote(issuer) ga = "otpauth://%s/%s" % (typ, serial) qg_param = urllib.urlencode(url_param) base_len = len(ga) + len(qg_param) max_len = 400 allowed_label_len = max_len - base_len log.debug("[create_google_authenticator_url] we got %s characters" " left for the token label" % str(allowed_label_len)) # show the user login in the token prefix if len(login) > 0: label = get_tokenlabel(login, realm, serial) if len(param.get('description', '')) > 0 and '<d>' in label: label = label.replace('<d>', param.get('description')) else: label = serial or '' if len(param.get('description', '')) > 0: label = label + ':' + param.get('description') if issuer: label = issuer + ':' + label label = label[0:allowed_label_len] url_label = quote(label, ':') ga = "otpauth://%s/%s?%s" % (typ, url_label, qg_param) log.debug("google authenticator: %r" % ga[:20]) return ga