def deleteToken(self):
# some DBs (eg. DB2) run in deadlock, if the TokenRealm entry
# is deleteted via foreign key relation
# so we delete it explicit
Session.query(TokenRealm).filter(TokenRealm.token_id == self.privacyIDEATokenId).delete()
Session.delete(self)
return True
def _removeConfigDB(key):
if (not key.startswith("privacyidea.")):
if not key.startswith('encprivacyidea.'):
key = u"privacyidea." + key
confEntries = Session.query(Config).filter(Config.Key == unicode(key))
num = confEntries.count()
if num == 1:
theConf = confEntries[0]
try:
#Session.add(theConf)
Session.delete(theConf)
except Exception as e:
log.error('failed')
raise ConfigAdminError("remove Config failed for %r: %r"
% (key, e), id=1133)
return num
def delete_challenges(self, challenges):
'''
delete challenges, which match those listed ones
:param challenges: list of (dict|int|str) challenges
:return: result of the delete operation
'''
challenge_ids = []
for challenge in challenges:
if type(challenge) == dict:
if challenge.has_key('id'):
challenge_id = challenge.get('id')
elif type(challenge) == Challenge:
challenge_id = challenge.get('id')
elif type(challenge) in (unicode , str , int):
challenge_id = challenge
try:
challenge_ids.append(int(challenge_id))
except ValueError:
## ignore
LOG.warning("failed to concert the challengeId %r to int()" %
challenge_id)
res = 1
# 1. get all challeges which are to be deleted
# 2. self.token.select_challenges()
if len(challenge_ids) > 0:
del_challes = Session.query(Challenge).\
filter(Challenge.tokenserial == u'' + self.token.getSerial()).\
filter(Challenge.id.in_(challenge_ids)).all()
for dell in del_challes:
Session.delete(dell)
#pass
return res
def create_challenge(token, options=None):
"""
dedicated method to create a challenge to support the implementation
of challenge policies in future
:param options: optional parameters for token specific tokens
eg. request a signed challenge
:return: a tuple of (boolean, and a dict, which contains the
{'challenge' : challenge} description)
"""
## response dict, describing the challenge reply
challenge = {}
## the allocated db challenge object
challenge_obj = None
retry_counter = 0
reason = None
id_length = int(getFromConfig('TransactionIdLength', 12))
while True:
try:
transactionid = Challenge.createTransactionId(length=id_length)
num_challenges = Session.query(Challenge).\
filter(Challenge.transid == transactionid).count()
if num_challenges == 0:
challenge_obj = Challenge(transid=transactionid,
tokenserial=token.getSerial())
if challenge_obj is not None:
break
except Exception as exce:
LOG.info("Failed to create Challenge: %r", exce)
reason = exce
## prevent an unlimited loop
retry_counter = retry_counter + 1
if retry_counter > 100:
LOG.info("Failed to create Challenge for %d times: %r -quiting!",
retry_counter, reason)
raise Exception('Failed to create challenge %r' % reason)
challenges = get_challenges(serial=token.getSerial())
## carefully create a new challenge
try:
## we got a challenge object allocated and initialize the challenge
(res, open_transactionid, message, attributes) = \
token.initChallenge(transactionid,
challenges=challenges,
options=options)
if res == False:
## if a different transid is returned, this indicates, that there
## is already an outstanding challenge we can refere to
if open_transactionid != transactionid:
transactionid = open_transactionid
else:
## in case the init was successfull, we preserve no the challenge data
## to support the implementation of a blocking based on the previous
## stored data
challenge_obj.setChallenge(message)
challenge_obj.save()
(res, message, data, attributes) = \
token.createChallenge(transactionid, options=options)
if res == True:
## persist the final challenge data + message
challenge_obj.setChallenge(message)
challenge_obj.setData(data)
challenge_obj.save()
else:
transactionid = ''
except Exception as exce:
reason = exce
res = False
## if something goes wrong with the challenge, remove it
if res == False and challenge_obj is not None:
try:
LOG.debug("deleting session")
Session.delete(challenge_obj)
Session.commit()
except Exception as exx:
LOG.debug("deleting session failed: %r" % exx)
try:
Session.expunge(challenge_obj)
Session.commit()
except Exception as exx:
LOG.debug("expunge session failed: %r" % exx)
## in case that create challenge fails, we must raise this reason
if reason is not None:
message = "%r" % reason
LOG.error("Failed to create or init challenge %r " % reason)
raise reason
## prepare the response for the user
if transactionid is not None:
challenge['transactionid'] = transactionid
if message is not None:
challenge['message'] = message
if attributes is not None and type(attributes) == dict:
challenge.update(attributes)
return (res, challenge)
