def load_form(self):
'''
This shows the enrollment form for a requested token type.
implicit parameters are:
:param type: token type
:param scope: defines the rendering scope
:return: rendered html of the requested token
'''
res = ''
tok = None
section = None
scope = None
try:
try:
act = self.request_params["type"]
except KeyError:
raise ParameterError("Missing parameter: 'type'", id=905)
try:
(tok, section, scope) = act.split('.')
except Exception:
return res
if section != 'selfservice':
return res
if tok in tokenclass_registry:
tclt = tokenclass_registry.get(tok)
if hasattr(tclt, 'getClassInfo'):
sections = tclt.getClassInfo(section, {})
if scope in list(sections.keys()):
section = sections.get(scope)
page = section.get('page')
c.scope = page.get('scope')
c.authUser = self.authUser
html = page.get('html')
res = render(os.path.sep + html).decode()
res = remove_empty_lines(res)
db.session.commit()
return res
except CompileException as exx:
log.exception("[load_form] compile error while processing %r.%r:"
"Exeption was %r" % (tok, scope, exx))
db.session.rollback()
raise exx
except Exception as exx:
db.session.rollback()
error = ('error (%r) accessing form data for: tok:%r, scope:%r'
', section:%r' % (exx, tok, scope, section))
log.exception(error)
return "<h1>{}</h1><pre>{} {}</pre>".format(
_("Failed to load form"), _("Error"), exx)
def tokentype(self):
""""""
c.title = "TokenTypeInfo"
ttinfo = []
ttinfo.extend(list(tokenclass_registry.keys()))
for tok in tokenclass_registry:
tclass_object = tokenclass_registry.get(tok)
if hasattr(tclass_object, "getClassType"):
ii = tclass_object.getClassType()
ttinfo.append(ii)
log.debug("[index] importers: %s", IMPORT_TEXT)
c.tokeninfo = ttinfo
return render("/manage/tokentypeinfo.mako").decode("utf-8")
def tokentype(self):
'''
'''
c.title = 'TokenTypeInfo'
ttinfo = []
ttinfo.extend(list(tokenclass_registry.keys()))
for tok in tokenclass_registry:
tclass_object = tokenclass_registry.get(tok)
if hasattr(tclass_object, 'getClassType'):
ii = tclass_object.getClassType()
ttinfo.append(ii)
log.debug("[index] importers: %s" % IMPORT_TEXT)
c.tokeninfo = ttinfo
return render('/manage/tokentypeinfo.mako').decode('utf-8')
def tokentype(self):
'''
'''
c.title = 'TokenTypeInfo'
ttinfo = []
ttinfo.extend(tokenclass_registry.keys())
for tok in tokenclass_registry:
tclass_object = tokenclass_registry.get(tok)
if hasattr(tclass_object, 'getClassType'):
ii = tclass_object.getClassType()
ttinfo.append(ii)
log.debug("[index] importers: %s" % IMPORT_TEXT)
c.tokeninfo = ttinfo
return render('/manage/tokentypeinfo.mako')
def add_dynamic_selfservice_policies(config, actions):
"""
add_dynamic_actions - load the html of the dynamic tokens
according to the policy definition
:param actions: the allowd policy actions for the current scope
:type actions: array of actions names
:return: hash of {tokentype : html for tab}
"""
dynamic_policies = []
defined_policies = []
for tok in tokenclass_registry:
tclt = tokenclass_registry.get(tok)
if hasattr(tclt, "getClassInfo"):
# # check if we have a policy in the token definition
try:
policy = tclt.getClassInfo("policy", ret=None)
if policy is not None and "selfservice" in policy:
scope_policies = list(policy.get("selfservice").keys())
""" initialize the policies """
if len(defined_policies) == 0:
for pol in actions:
if "=" in pol:
(name, val) = pol.split("=")
defined_policies.append(name)
for local_policy in scope_policies:
if local_policy not in defined_policies:
dynamic_policies.append(local_policy)
except Exception as exx:
log.info(
"[_add_dynamic_actions] no policy for tokentype "
"%r found (%r)",
tok,
exx,
)
return dynamic_policies
def add_dynamic_selfservice_policies(config, actions):
'''
add_dynamic_actions - load the html of the dynamic tokens
according to the policy definition
:param actions: the allowd policy actions for the current scope
:type actions: array of actions names
:return: hash of {tokentype : html for tab}
'''
dynamic_policies = []
defined_policies = []
for tok in tokenclass_registry:
tclt = tokenclass_registry.get(tok)
if hasattr(tclt, 'getClassInfo'):
# # check if we have a policy in the token definition
try:
policy = tclt.getClassInfo('policy', ret=None)
if policy is not None and policy.has_key('selfservice'):
scope_policies = policy.get('selfservice').keys()
''' initialize the policies '''
if len(defined_policies) == 0:
for pol in actions:
if '=' in pol:
(name, val) = pol.split('=')
defined_policies.append(name)
for local_policy in scope_policies:
if local_policy not in defined_policies:
dynamic_policies.append(local_policy)
except Exception as e:
log.info('[_add_dynamic_actions] no policy for tokentype '
'%s found (%r)' % (unicode(tok), e))
return dynamic_policies
def add_dynamic_selfservice_policies(config, actions):
'''
add_dynamic_actions - load the html of the dynamic tokens
according to the policy definition
:param actions: the allowd policy actions for the current scope
:type actions: array of actions names
:return: hash of {tokentype : html for tab}
'''
dynamic_policies = []
defined_policies = []
for tok in tokenclass_registry:
tclt = tokenclass_registry.get(tok)
if hasattr(tclt, 'getClassInfo'):
# # check if we have a policy in the token definition
try:
policy = tclt.getClassInfo('policy', ret=None)
if policy is not None and policy.has_key('selfservice'):
scope_policies = policy.get('selfservice').keys()
''' initialize the policies '''
if len(defined_policies) == 0:
for pol in actions:
if '=' in pol:
(name, val) = pol.split('=')
defined_policies.append(name)
for local_policy in scope_policies:
if local_policy not in defined_policies:
dynamic_policies.append(local_policy)
except Exception as e:
log.info('[_add_dynamic_actions] no policy for tokentype '
'%s found (%r)' % (unicode(tok), e))
return dynamic_policies
def load_form(self):
'''
This shows the enrollment form for a requested token type.
implicit parameters are:
:param type: token type
:param scope: defines the rendering scope
:return: rendered html of the requested token
'''
res = ''
param = {}
try:
param.update(request.params)
try:
act = param["type"]
except KeyError:
raise ParameterError("Missing parameter: 'type'", id=905)
try:
(tok, section, scope) = act.split('.')
except Exception:
return res
if section != 'selfservice':
return res
if tok in tokenclass_registry:
tclt = tokenclass_registry.get(tok)
if hasattr(tclt, 'getClassInfo'):
sections = tclt.getClassInfo(section, {})
if scope in sections.keys():
section = sections.get(scope)
page = section.get('page')
c.scope = page.get('scope')
c.authUser = self.authUser
html = page.get('html')
res = render(os.path.sep + html)
res = remove_empty_lines(res)
Session.commit()
return res
except CompileException as exx:
log.exception("[load_form] compile error while processing %r.%r:"
"Exeption was %r" % (tok, scope, exx))
Session.rollback()
raise exx
except Exception as exx:
Session.rollback()
error = ('error (%r) accessing form data for: tok:%r, scope:%r'
', section:%r' % (exx, tok, scope, section))
log.exception(error)
return '<pre>%s</pre>' % error
finally:
Session.close()
def enroll(self):
"""
method:
api/helpdesk/enroll
description:
method to enroll a token as helpdesk
arguments:
* type: the token type, currently only 'email'
* user: the new token owner
* realm: (optional) the realm the user belongs to - used to identify the user
returns:
success as boolean
"""
ret = False
response_detail = {}
params = self.request_params
try:
if 'user' not in params:
raise ParameterError('missing parameter: user!')
if 'type' not in params:
raise ParameterError('missing parameter: type!')
# --------------------------------------------------------------- --
# determine token class
token_cls_alias = params.get("type")
lower_alias = token_cls_alias.lower()
if lower_alias not in tokenclass_registry:
raise TokenAdminError('admin/init failed: unknown token '
'type %r' % token_cls_alias, id=1610)
token_cls = tokenclass_registry.get(lower_alias)
# --------------------------------------------------------------- --
# call the token class hook in order to enrich/overwrite the
# parameters
helper_params = token_cls.get_helper_params_pre(params)
params.update(helper_params)
# --------------------------------------------------------------- --
# fetch user from parameters.
user = getUserFromParam(params)
# --------------------------------------------------------------- --
# create a new pin according to the policies
if 'pin' not in params:
params['pin'] = createRandomPin(user, min_pin_length=6)
# --------------------------------------------------------------- --
if 'otpkey' not in params:
params['genkey'] = '1'
# --------------------------------------------------------------- --
# check admin authorization
res = checkPolicyPre('admin', 'init', params, user=user)
# --------------------------------------------------------------- --
helper_params = token_cls.get_helper_params_post(params, user=user)
params.update(helper_params)
# --------------------------------------------------------------- --
# create new serial
th = TokenHandler()
serial = th.genSerial(token_cls_alias)
params['serial'] = serial
log.info("[init] initialize token. user: %s, serial: %s"
% (user.login, serial))
# --------------------------------------------------------------- --
# scope_extension: we are in scope helpdesk
# this is eg required to notify the emailtoken to use the
# email from user if none is given as param
params['::scope::'] = {
'helpdesk': True,
'user': user
}
(ret, token) = th.initToken(params, user)
# --------------------------------------------------------------- --
# different token types return different information on
# initialization (e.g. otpkey, pairing_url, etc)
initDetail = token.getInitDetail(params, user)
response_detail.update(initDetail)
# --------------------------------------------------------------- --
# prepare data for audit
if token is not None and ret is True:
c.audit['serial'] = token.getSerial()
c.audit['token_type'] = token.type
c.audit['success'] = ret
c.audit['user'] = user.login
c.audit['realm'] = user.realm
c.audit['action_detail'] += get_token_num_info()
res = checkPolicyPost('admin', 'init', params, user=user)
pin = res.get('new_pin', params['pin'])
message = ("A new ${tokentype} token (${serial}) "
"with pin '${Pin}' "
"for ${givenname} ${surname} has been enrolled.")
info = {
'message': message,
'Subject': 'New %s token enrolled' % token.type,
'Pin': pin,
'tokentype': token.type
}
info.update(response_detail)
notify_user(user, 'enrollment', info, required=True)
c.audit['action_detail'] += get_token_num_info()
c.audit['success'] = ret
return sendResult(response, ret)
except PolicyException as pex:
log.exception("Policy Exception while enrolling token")
Session.rollback()
return sendError(response, pex, 1)
except Exception as exx:
log.exception("Exception while enrolling token")
Session.rollback()
return sendError(response, exx, 1)
