def deleteToken(self): # some DBs (eg. DB2) run in deadlock, if the TokenRealm entry # is deleteted via foreign key relation # so we delete it explicit Session.query(TokenRealm).filter(TokenRealm.token_id == self.privacyIDEATokenId).delete() Session.delete(self) return True
def _removeConfigDB(key): if (not key.startswith("privacyidea.")): if not key.startswith('encprivacyidea.'): key = u"privacyidea." + key confEntries = Session.query(Config).filter(Config.Key == unicode(key)) num = confEntries.count() if num == 1: theConf = confEntries[0] try: #Session.add(theConf) Session.delete(theConf) except Exception as e: log.error('failed') raise ConfigAdminError("remove Config failed for %r: %r" % (key, e), id=1133) return num
def delete_challenges(self, challenges): ''' delete challenges, which match those listed ones :param challenges: list of (dict|int|str) challenges :return: result of the delete operation ''' challenge_ids = [] for challenge in challenges: if type(challenge) == dict: if challenge.has_key('id'): challenge_id = challenge.get('id') elif type(challenge) == Challenge: challenge_id = challenge.get('id') elif type(challenge) in (unicode , str , int): challenge_id = challenge try: challenge_ids.append(int(challenge_id)) except ValueError: ## ignore LOG.warning("failed to concert the challengeId %r to int()" % challenge_id) res = 1 # 1. get all challeges which are to be deleted # 2. self.token.select_challenges() if len(challenge_ids) > 0: del_challes = Session.query(Challenge).\ filter(Challenge.tokenserial == u'' + self.token.getSerial()).\ filter(Challenge.id.in_(challenge_ids)).all() for dell in del_challes: Session.delete(dell) #pass return res
def create_challenge(token, options=None): """ dedicated method to create a challenge to support the implementation of challenge policies in future :param options: optional parameters for token specific tokens eg. request a signed challenge :return: a tuple of (boolean, and a dict, which contains the {'challenge' : challenge} description) """ ## response dict, describing the challenge reply challenge = {} ## the allocated db challenge object challenge_obj = None retry_counter = 0 reason = None id_length = int(getFromConfig('TransactionIdLength', 12)) while True: try: transactionid = Challenge.createTransactionId(length=id_length) num_challenges = Session.query(Challenge).\ filter(Challenge.transid == transactionid).count() if num_challenges == 0: challenge_obj = Challenge(transid=transactionid, tokenserial=token.getSerial()) if challenge_obj is not None: break except Exception as exce: LOG.info("Failed to create Challenge: %r", exce) reason = exce ## prevent an unlimited loop retry_counter = retry_counter + 1 if retry_counter > 100: LOG.info("Failed to create Challenge for %d times: %r -quiting!", retry_counter, reason) raise Exception('Failed to create challenge %r' % reason) challenges = get_challenges(serial=token.getSerial()) ## carefully create a new challenge try: ## we got a challenge object allocated and initialize the challenge (res, open_transactionid, message, attributes) = \ token.initChallenge(transactionid, challenges=challenges, options=options) if res == False: ## if a different transid is returned, this indicates, that there ## is already an outstanding challenge we can refere to if open_transactionid != transactionid: transactionid = open_transactionid else: ## in case the init was successfull, we preserve no the challenge data ## to support the implementation of a blocking based on the previous ## stored data challenge_obj.setChallenge(message) challenge_obj.save() (res, message, data, attributes) = \ token.createChallenge(transactionid, options=options) if res == True: ## persist the final challenge data + message challenge_obj.setChallenge(message) challenge_obj.setData(data) challenge_obj.save() else: transactionid = '' except Exception as exce: reason = exce res = False ## if something goes wrong with the challenge, remove it if res == False and challenge_obj is not None: try: LOG.debug("deleting session") Session.delete(challenge_obj) Session.commit() except Exception as exx: LOG.debug("deleting session failed: %r" % exx) try: Session.expunge(challenge_obj) Session.commit() except Exception as exx: LOG.debug("expunge session failed: %r" % exx) ## in case that create challenge fails, we must raise this reason if reason is not None: message = "%r" % reason LOG.error("Failed to create or init challenge %r " % reason) raise reason ## prepare the response for the user if transactionid is not None: challenge['transactionid'] = transactionid if message is not None: challenge['message'] = message if attributes is not None and type(attributes) == dict: challenge.update(attributes) return (res, challenge)