def test_14_create_delete_user(self):
realm = "sqlrealm"
resolver = "SQL1"
parameters = self.parameters
parameters["resolver"] = resolver
parameters["type"] = "sqlresolver"
rid = save_resolver(parameters)
self.assertTrue(rid > 0, rid)
(added, failed) = set_realm(realm, [resolver])
self.assertEqual(len(failed), 0)
self.assertEqual(len(added), 1)
# Create the user
uid = create_user(resolver, {"username": "******",
"givenname": "achmed"},
password="******")
self.assertTrue(uid > 6)
user = User("achmed3", realm=realm)
r = user.check_password("secret")
# delete user
r = user.delete()
self.assertTrue(r)
def test_14_create_delete_user(self):
realm = "sqlrealm"
resolver = "SQL1"
parameters = self.parameters
parameters["resolver"] = resolver
parameters["type"] = "sqlresolver"
rid = save_resolver(parameters)
self.assertTrue(rid > 0, rid)
(added, failed) = set_realm(realm, [resolver])
self.assertEqual(len(failed), 0)
self.assertEqual(len(added), 1)
# Create the user
uid = create_user(resolver, {
"username": "******",
"givenname": "achmed",
"password": "******"
})
self.assertTrue(uid > 6)
user = User("achmed3", realm=realm)
r = user.check_password("secret")
# delete user
r = user.delete()
self.assertTrue(r)
def auth_otppin(wrapped_function, *args, **kwds):
"""
Decorator to decorate the tokenclass.check_pin function.
Depending on the ACTION.OTPPIN it
* either simply accepts an empty pin
* checks the pin against the userstore
* or passes the request to the wrapped_function
:param wrapped_function: In this case the wrapped function should be
tokenclass.check_ping
:param *args: args[1] is the pin
:param **kwds: kwds["options"] contains the flask g
:return: True or False
"""
# if tokenclass.check_pin is called in any other way, options may be None
# or it might have no element "g".
options = kwds.get("options") or {}
g = options.get("g")
if g:
token = args[0]
pin = args[1]
clientip = options.get("clientip")
user_object = kwds.get("user")
if not user_object:
# No user in the parameters, so we need to determine the owner of
# the token
user_object = token.user
realms = token.get_realms()
if not user_object and len(realms):
# if the token has not owner, we take a realm.
user_object = User("", realm=realms[0])
if not user_object:
# If we still have no user and no tokenrealm, we create an empty
# user object.
user_object = User("", realm="")
# get the policy
policy_object = g.policy_object
otppin_dict = policy_object.get_action_values(
ACTION.OTPPIN,
scope=SCOPE.AUTH,
realm=user_object.realm,
resolver=user_object.resolver,
user=user_object.login,
client=clientip,
unique=True,
audit_data=g.audit_object.audit_data)
if otppin_dict:
if list(otppin_dict)[0] == ACTIONVALUE.NONE:
if pin == "":
# No PIN checking, we expect an empty PIN!
return True
else:
return False
if list(otppin_dict)[0] == ACTIONVALUE.USERSTORE:
rv = user_object.check_password(pin)
return rv is not None
# call and return the original check_pin function
return wrapped_function(*args, **kwds)
def auth_otppin(wrapped_function, *args, **kwds):
"""
Decorator to decorate the tokenclass.check_pin function.
Depending on the ACTION.OTPPIN it
* either simply accepts an empty pin
* checks the pin against the userstore
* or passes the request to the wrapped_function
:param wrapped_function: In this case the wrapped function should be
tokenclass.check_ping
:param *args: args[1] is the pin
:param **kwds: kwds["options"] contains the flask g
:return: True or False
"""
# if tokenclass.check_pin is called in any other way, options may be None
# or it might have no element "g".
options = kwds.get("options") or {}
g = options.get("g")
if g:
token = args[0]
pin = args[1]
clientip = options.get("clientip")
user_object = kwds.get("user")
if not user_object:
# No user in the parameters, so we need to determine the owner of
# the token
user_object = token.user
realms = token.get_realms()
if not user_object and len(realms):
# if the token has not owner, we take a realm.
user_object = User("", realm=realms[0])
if not user_object:
# If we still have no user and no tokenrealm, we create an empty
# user object.
user_object=User("", realm="")
# get the policy
policy_object = g.policy_object
otppin_dict = policy_object.get_action_values(ACTION.OTPPIN,
scope=SCOPE.AUTH,
realm=user_object.realm,
resolver=user_object.resolver,
user=user_object.login,
client=clientip,
unique=True,
audit_data=g.audit_object.audit_data)
if otppin_dict:
if list(otppin_dict)[0] == ACTIONVALUE.NONE:
if pin == "":
# No PIN checking, we expect an empty PIN!
return True
else:
return False
if list(otppin_dict)[0] == ACTIONVALUE.USERSTORE:
rv = user_object.check_password(pin)
return rv is not None
# call and return the original check_pin function
return wrapped_function(*args, **kwds)
def auth_otppin(wrapped_function, *args, **kwds):
"""
Decorator to decorate the tokenclass.check_pin function.
Depending on the ACTION.OTPPIN it
* either simply accepts an empty pin
* checks the pin against the userstore
* or passes the request to the wrapped_function
:param wrapped_function: In this case the wrapped function should be
tokenclass.check_ping
:param *args: args[1] is the pin
:param **kwds: kwds["options"] contains the flask g
:return: True or False
"""
ERROR = "There are contradicting policies for the action %s!" % \
ACTION.OTPPIN
# if tokenclass.check_pin is called in any other way, options may be None
# or it might have no element "g".
options = kwds.get("options") or {}
g = options.get("g")
if g:
token = args[0]
pin = args[1]
clientip = options.get("clientip")
user_object = kwds.get("user")
if not user_object:
# No user in the parameters, so we need to determine the owner of
# the token
user_object = token.get_user()
realms = token.get_realms()
if not user_object and len(realms):
# if the token has not owner, we take a realm.
user_object = User("", realm=realms[0])
if not user_object:
# If we still have no user and no tokenrealm, we create an empty
# user object.
user_object=User("", realm="")
# get the policy
policy_object = g.policy_object
otppin_list = policy_object.get_action_values(ACTION.OTPPIN,
scope=SCOPE.AUTH,
realm=user_object.realm,
user=user_object.login,
client=clientip)
if len(otppin_list) > 0:
# There is an otppin policy
# reduce the list:
otppin_list = list(set(otppin_list))
if len(otppin_list) > 1:
# We can not decide how to handle the request, so we raise an
# exception
raise PolicyError(ERROR)
if otppin_list[0] == ACTIONVALUE.NONE:
if pin == "":
# No PIN checking, we expect an empty PIN!
return True
else:
return False
if otppin_list[0] == ACTIONVALUE.USERSTORE:
rv = user_object.check_password(pin)
return rv is not None
# call and return the original check_pin function
return wrapped_function(*args, **kwds)
