def test_33_determine_logged_in_user(self): (role, user, realm, adminuser, adminrealm) = determine_logged_in_userparams({"role": "user", "username": "******", "realm": "realm1"}, {}) self.assertEqual(role, "user") self.assertEqual(user, "hans") self.assertEqual(realm, "realm1") self.assertEqual(adminuser, None) self.assertEqual(adminrealm, None) (role, user, realm, adminuser, adminrealm) = determine_logged_in_userparams({"role": "admin", "username": "******", "realm": "realm1"}, {"user": "******", "realm": "domain"}) self.assertEqual(role, "admin") self.assertEqual(user, "peter") self.assertEqual(realm, "domain") self.assertEqual(adminuser, "hans") self.assertEqual(adminrealm, "realm1") self.assertRaises(PolicyError, determine_logged_in_userparams, {"role": "marshal", "username": "******", "realm": "Wild West"}, {"user": "******", "realm": "Dodge City"})
def get_default_settings(cls, g, params): """ This method returns a dictionary with additional settings for token enrollment. The settings that are evaluated are SCOPE.ADMIN|SCOPE.USER, action=trusted_Assertion_CA_path It sets a list of configured paths. The returned dictionary is added to the parameters of the API call. :param g: context object, see documentation of ``Match`` :param params: The call parameters :type params: dict :return: default parameters """ ret = {ACTION.TRUSTED_CA_PATH: DEFAULT_CA_PATH} (role, username, userrealm, adminuser, adminrealm) = determine_logged_in_userparams(g.logged_in_user, params) # Now we fetch CA-pathes from the policies paths = Match.generic(g, scope=role, action=ACTION.TRUSTED_CA_PATH, user=username, realm=userrealm, adminuser=adminuser, adminrealm=adminrealm).action_values( unique=False, allow_white_space_in_action=True) if paths: ret[ACTION.TRUSTED_CA_PATH] = list(paths) return ret
def get_default_settings(cls, g, params): """ This method returns a dictionary with default settings for token enrollment. These default settings are defined in SCOPE.USER or SCOPE.ADMIN and are totp_hashlib, totp_timestep and totp_otplen. If these are set, the user or admin will only be able to enroll tokens with these values. The returned dictionary is added to the parameters of the API call. :param g: context object, see documentation of ``Match`` :param params: The call parameters :type params: dict :return: default parameters """ ret = {} if not g.logged_in_user: return ret (role, username, userrealm, adminuser, adminrealm) = determine_logged_in_userparams(g.logged_in_user, params) hashlib_pol = Match.generic( g, scope=role, action="totp_hashlib", user=username, realm=userrealm, adminuser=adminuser, adminrealm=adminrealm).action_values(unique=True) if hashlib_pol: ret["hashlib"] = list(hashlib_pol)[0] timestep_pol = Match.generic( g, scope=role, action="totp_timestep", user=username, realm=userrealm, adminuser=adminuser, adminrealm=adminrealm).action_values(unique=True) if timestep_pol: ret["timeStep"] = list(timestep_pol)[0] otplen_pol = Match.generic( g, scope=role, action="totp_otplen", user=username, realm=userrealm, adminuser=adminuser, adminrealm=adminrealm).action_values(unique=True) if otplen_pol: ret["otplen"] = list(otplen_pol)[0] return ret