本文整理汇总了Python中privacyidea.lib.config.get_from_config函数的典型用法代码示例。如果您正苦于以下问题:Python get_from_config函数的具体用法?Python get_from_config怎么用?Python get_from_config使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了get_from_config函数的20个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于我们的系统推荐出更棒的Python代码示例。
示例1: update
def update(self, param, reset_failcount=True):
"""
This is called during initialzaton of the token
to add additional attributes to the token object.
:param param: dict of initialization parameters
:type param: dict
:return: nothing
"""
HotpTokenClass.update(self, param, reset_failcount=reset_failcount)
timeStep = param.get("timeStep",
get_from_config("totp.timeStep") or 30)
timeWindow = param.get("timeWindow",
get_from_config("totp.timeWindow") or 180)
timeShift = param.get("timeShift",
get_from_config("totp.timeShift") or 0)
# we support various hashlib methods, but only on create
# which is effectively set in the update
hashlibStr = param.get("totp.hashlib",
get_from_config("totp.hashlib",
u'sha1'))
self.add_tokeninfo("timeWindow", timeWindow)
self.add_tokeninfo("timeShift", timeShift)
self.add_tokeninfo("timeStep", timeStep)
self.add_tokeninfo("hashlib", hashlibStr)
开发者ID:R00tAK,项目名称:privacyidea,代码行数:30,代码来源:totptoken.py
示例2: create_challenge
def create_challenge(self, transactionid=None, options=None):
"""
This method creates a challenge, which is submitted to the user.
The submitted challenge will be preserved in the challenge
database.
If no transaction id is given, the system will create a transaction
id and return it, so that the response can refer to this transaction.
:param transactionid: the id of this challenge
:param options: the request context parameters / data
:type options: dict
:return: tuple of (bool, message, transactionid, attributes)
:rtype: tuple
The return tuple builds up like this:
``bool`` if submit was successful;
``message`` which is displayed in the JSON response;
additional ``attributes``, which are displayed in the JSON response.
"""
options = options or {}
message = 'Please scan the QR Code'
# Get ValidityTime=120s. Maybe there is a TIQRChallengeValidityTime...
validity = int(get_from_config('DefaultChallengeValidityTime', 120))
tokentype = self.get_tokentype().lower()
lookup_for = tokentype.capitalize() + 'ChallengeValidityTime'
validity = int(get_from_config(lookup_for, validity))
# We need to set the user ID
user_identifier, user_displayname = self.get_user_displayname()
service_identifier = get_from_config("tiqr.serviceIdentifier") or \
"org.privacyidea"
# Get the OCRASUITE from the token information
ocrasuite = self.get_tokeninfo("ocrasuite") or OCRA_DEFAULT_SUITE
# Depending on the OCRA-SUITE we create the challenge
os = OCRASuite(ocrasuite)
challenge = os.create_challenge()
# Create the challenge in the database
db_challenge = Challenge(self.token.serial,
transaction_id=None,
challenge=challenge,
data=None,
session=options.get("session"),
validitytime=validity)
db_challenge.save()
authurl = "tiqrauth://%[email protected]%s/%s/%s" % (user_identifier,
service_identifier,
db_challenge.transaction_id,
challenge)
attributes = {"img": create_img(authurl, width=250),
"value": authurl,
"poll": True,
"hideResponseInput": True}
return True, message, db_challenge.transaction_id, attributes
开发者ID:R00tAK,项目名称:privacyidea,代码行数:60,代码来源:tiqrtoken.py
示例3: create_challenge
def create_challenge(self, transactionid=None, options=None):
"""
This method creates a challenge, which is submitted to the user.
The submitted challenge will be preserved in the challenge
database.
If no transaction id is given, the system will create a transaction
id and return it, so that the response can refer to this transaction.
:param transactionid: the id of this challenge
:param options: the request context parameters / data
:type options: dict
:return: tuple of (bool, message, transactionid, attributes)
:rtype: tuple
The return tuple builds up like this:
``bool`` if submit was successful;
``message`` which is displayed in the JSON response;
additional ``attributes``, which are displayed in the JSON response.
"""
options = options or {}
message = get_action_values_from_options(SCOPE.AUTH,
"{0!s}_{1!s}".format(self.get_class_type(),
ACTION.CHALLENGETEXT),
options)or _(u'Please confirm with your U2F token ({0!s})').format(
self.token.description)
validity = int(get_from_config('DefaultChallengeValidityTime', 120))
tokentype = self.get_tokentype().lower()
lookup_for = tokentype.capitalize() + 'ChallengeValidityTime'
validity = int(get_from_config(lookup_for, validity))
challenge = geturandom(32)
# Create the challenge in the database
db_challenge = Challenge(self.token.serial,
transaction_id=transactionid,
challenge=hexlify_and_unicode(challenge),
data=None,
session=options.get("session"),
validitytime=validity)
db_challenge.save()
sec_object = self.token.get_otpkey()
key_handle_hex = sec_object.getKey()
key_handle_bin = binascii.unhexlify(key_handle_hex)
key_handle_url = url_encode(key_handle_bin)
challenge_url = url_encode(challenge)
u2f_sign_request = {"appId": self.get_tokeninfo("appId"),
"version": U2F_Version,
"challenge": challenge_url,
"keyHandle": key_handle_url}
image_url = IMAGES.get(self.token.description.lower().split()[0], "")
response_details = {"u2fSignRequest": u2f_sign_request,
"hideResponseInput": True,
"img": image_url}
return True, message, db_challenge.transaction_id, response_details
开发者ID:privacyidea,项目名称:privacyidea,代码行数:57,代码来源:u2ftoken.py
示例4: test_04_store_encrypted_values
def test_04_store_encrypted_values(self):
r = set_privacyidea_config("mySecretData", "soho",
typ="password", desc="Very important")
self.assertTrue(r == "insert", r)
r = get_from_config("mySecretData")
self.assertTrue(r == "soho", r)
r = get_from_config()
self.assertTrue(r.get("mySecretData") == "soho",
r.get("mySecretData"))
开发者ID:Andrew8305,项目名称:privacyidea,代码行数:11,代码来源:test_lib_config.py
示例5: create_challenge
def create_challenge(self, transactionid=None, options=None):
"""
This method creates a challenge, which is submitted to the user.
The submitted challenge will be preserved in the challenge
database.
The challenge is a randomly selected question of the available
questions for this token.
If no transaction id is given, the system will create a transaction
id and return it, so that the response can refer to this transaction.
:param transactionid: the id of this challenge
:param options: the request context parameters / data
:type options: dict
:return: tuple of (bool, message, transactionid, attributes)
:rtype: tuple
The return tuple builds up like this:
``bool`` if submit was successful;
``message`` which is displayed in the JSON response;
additional ``attributes``, which are displayed in the JSON response.
"""
options = options or {}
# Get a random question
questions = []
tinfo = self.get_tokeninfo()
for question, answer in tinfo.iteritems():
if question.endswith(".type") and answer == "password":
# This is "Question1?.type" of type "password"
# So this is actually a question and we add the question to
# the list
questions.append(question.strip(".type"))
message = random.choice(questions)
attributes = None
validity = int(get_from_config('DefaultChallengeValidityTime', 120))
tokentype = self.get_tokentype().lower()
# Maybe there is a QUESTIONChallengeValidityTime...
lookup_for = tokentype.capitalize() + 'ChallengeValidityTime'
validity = int(get_from_config(lookup_for, validity))
# Create the challenge in the database
db_challenge = Challenge(self.token.serial,
transaction_id=transactionid,
challenge=message,
validitytime=validity)
db_challenge.save()
self.challenge_janitor()
return True, message, db_challenge.transaction_id, attributes
开发者ID:minhchuduc,项目名称:privacyidea,代码行数:51,代码来源:questionnairetoken.py
示例6: request
def request(config, user, password):
"""
Perform a RADIUS request to a RADIUS server.
The RADIUS configuration contains the IP address, the port and the
secret of the RADIUS server.
* config.server
* config.port
* config.secret
:param config: The RADIUS configuration
:type config: RADIUSServer Database Model
:param user: the radius username
:param password: the radius password
:return: True or False. If any error occurs, an exception is raised.
"""
success = False
nas_identifier = get_from_config("radius.nas_identifier",
"privacyIDEA")
r_dict = config.dictionary or get_from_config("radius.dictfile",
"/etc/privacyidea/"
"dictionary")
log.debug("NAS Identifier: %r, "
"Dictionary: %r" % (nas_identifier, r_dict))
log.debug("constructing client object "
"with server: %r, port: %r, secret: %r" %
(config.server, config.port, config.secret))
srv = Client(server=config.server,
authport=config.port,
secret=decryptPassword(config.secret),
dict=Dictionary(r_dict))
req = srv.CreateAuthPacket(code=pyrad.packet.AccessRequest,
User_Name=user.encode('ascii'),
NAS_Identifier=nas_identifier.encode('ascii'))
req["User-Password"] = req.PwCrypt(password)
response = srv.SendPacket(req)
if response.code == pyrad.packet.AccessAccept:
log.info("Radiusserver %s granted "
"access to user %s." % (config.server, user))
success = True
else:
log.warning("Radiusserver %s"
"rejected access to user %s." %
(config.server, user))
return success
开发者ID:DewArmy,项目名称:privacyidea,代码行数:50,代码来源:radiusserver.py
示例7: api_endpoint
def api_endpoint(request, g):
"""
This provides a function to be plugged into the API endpoint
/ttype/u2f
The u2f token can return the facet list at this URL.
:param request: The Flask request
:param g: The Flask global object g
:return: Flask Response or text
"""
app_id = get_from_config("u2f.appId").strip("/")
# Read the facets from the policies
pol_facets = g.policy_object.get_action_values(U2FACTION.FACETS,
scope=SCOPE.AUTH,
client=request.remote_addr)
facet_list = ["https://%s" % x for x in pol_facets]
facet_list.append(app_id)
log.debug("Sending facets lists for appId %s: %s" % (app_id,
facet_list))
res = {"trustedFacets": [{"version": {"major": 1,
"minor": 0},
"ids": facet_list
}
]
}
return "json", res
开发者ID:minhchuduc,项目名称:privacyidea,代码行数:29,代码来源:u2ftoken.py
示例8: check_otp
def check_otp(self, anOtpVal, counter=None, window=None, options=None):
"""
check the otpval of a token against a given counter
and the window
:param passw: the to be verified passw/pin
:type passw: string
:return: counter if found, -1 if not found
:rtype: int
"""
options = options or {}
ret = HotpTokenClass.check_otp(self, anOtpVal, counter, window, options)
if ret < 0 and is_true(get_from_config("email.concurrent_challenges")):
if options.get("data") == anOtpVal:
# We authenticate from the saved challenge
ret = 1
if ret >= 0 and self._get_auto_email(options):
message, mimetype = self._get_email_text_or_subject(options)
subject, _ = self._get_email_text_or_subject(options,
action=EMAILACTION.EMAILSUBJECT,
default="Your OTP")
self.inc_otp_counter(ret, reset=False)
success, message = self._compose_email(message=message,
subject=subject,
mimetype=mimetype)
log.debug("AutoEmail: send new SMS: {0!s}".format(success))
log.debug("AutoEmail: {0!r}".format(message))
return ret
开发者ID:privacyidea,项目名称:privacyidea,代码行数:29,代码来源:emailtoken.py
示例9: __init__
def __init__(self, aToken):
HotpTokenClass.__init__(self, aToken)
self.set_type(u"email")
self.mode = ['challenge']
# we support various hashlib methods, but only on create
# which is effectively set in the update
self.hashlibStr = get_from_config("hotp.hashlib", "sha1")
开发者ID:privacyidea,项目名称:privacyidea,代码行数:7,代码来源:emailtoken.py
示例10: is_remote_user_allowed
def is_remote_user_allowed(req):
"""
Checks if the REMOTE_USER server variable is allowed to be used.
.. note:: This is not used as a decorator!
:param req: The flask request, containing the remote user and the client IP
:return:
"""
res = False
if req.remote_user:
loginname, realm = split_user(req.remote_user)
realm = realm or get_default_realm()
# Check if the remote user is allowed
if "client_ip" not in g:
g.client_ip = get_client_ip(req,
get_from_config(SYSCONF.OVERRIDECLIENT))
if "policy_object" not in g:
g.policy_object = PolicyClass()
ruser_active = g.policy_object.get_action_values(ACTION.REMOTE_USER,
scope=SCOPE.WEBUI,
user=loginname,
realm=realm,
client=g.client_ip)
res = ruser_active
return res
开发者ID:MWelp,项目名称:privacyidea,代码行数:29,代码来源:prepolicy.py
示例11: get_otp
def get_otp(self, current_time=None):
"""
return the next otp value
:param curTime: Not Used in HOTP
:return: next otp value and PIN if possible
:rtype: tuple
"""
otplen = int(self.token.otplen)
secretHOtp = self.token.get_otpkey()
hmac2Otp = HmacOtp(secretHOtp,
self.token.count,
otplen,
self.get_hashlib(self.hashlib))
otpval = hmac2Otp.generate(inc_counter=False)
pin = self.token.get_pin()
if get_from_config("PrependPin") == "True":
combined = u"{0!s}{1!s}".format(pin, otpval)
else:
combined = u"{0!s}{1!s}".format(otpval, pin)
return 1, pin, otpval, combined
开发者ID:privacyidea,项目名称:privacyidea,代码行数:25,代码来源:hotptoken.py
示例12: get_otp
def get_otp(self, current_time=None, do_truncation=True, time_seconds=None, challenge=None):
"""
get the next OTP value
:param current_time: the current time, for which the OTP value
should be calculated for.
:type current_time: datetime object
:param time_seconds: the current time, for which the OTP value
should be calculated for (date +%s)
:type: time_seconds: int, unix system time seconds
:return: next otp value, and PIN, if possible
:rtype: tuple
"""
otplen = int(self.token.otplen)
secretHOtp = self.token.get_otpkey()
hmac2Otp = HmacOtp(secretHOtp, self.get_otp_count(), otplen, self.get_hashlib(self.hashlib))
if time_seconds is None:
time_seconds = self._time2float(datetime.datetime.now())
if current_time:
time_seconds = self._time2float(current_time)
# we don't need to round here as we have already float
counter = int(((time_seconds - self.timeshift) / self.timestep))
otpval = hmac2Otp.generate(counter=counter, inc_counter=False, do_truncation=do_truncation, challenge=challenge)
pin = self.token.get_pin()
combined = "%s%s" % (otpval, pin)
if get_from_config("PrependPin") == "True":
combined = "%s%s" % (pin, otpval)
return 1, pin, otpval, combined
开发者ID:ask0n,项目名称:privacyidea,代码行数:33,代码来源:totptoken.py
示例13: before_request
def before_request():
"""
This is executed before the request
"""
update_config_object()
request.all_data = get_all_params(request.values, request.data)
request.User = get_user_from_param(request.all_data)
privacyidea_server = current_app.config.get("PI_AUDIT_SERVERNAME") or \
request.host
# Create a policy_object, that reads the database audit settings
# and contains the complete policy definition during the request.
# This audit_object can be used in the postpolicy and prepolicy and it
# can be passed to the innerpolicies.
g.policy_object = PolicyClass()
g.audit_object = getAudit(current_app.config)
g.event_config = EventConfiguration()
# access_route contains the ip addresses of all clients, hops and proxies.
g.client_ip = get_client_ip(request, get_from_config(SYSCONF.OVERRIDECLIENT))
g.audit_object.log({"success": False,
"action_detail": "",
"client": g.client_ip,
"client_user_agent": request.user_agent.browser,
"privacyidea_server": privacyidea_server,
"action": "{0!s} {1!s}".format(request.method, request.url_rule),
"info": ""})
开发者ID:salvorapi,项目名称:privacyidea,代码行数:27,代码来源:validate.py
示例14: before_request
def before_request():
"""
This is executed before the request.
user_required checks if there is a logged in admin or user
The checks for ONLY admin are preformed in api/system.py
"""
# remove session from param and gather all parameters, either
# from the Form data or from JSON in the request body.
request.all_data = get_all_params(request.values, request.data)
g.policy_object = PolicyClass()
g.audit_object = getAudit(current_app.config)
g.event_config = EventConfiguration()
# access_route contains the ip adresses of all clients, hops and proxies.
g.client_ip = get_client_ip(request,
get_from_config(SYSCONF.OVERRIDECLIENT))
privacyidea_server = current_app.config.get("PI_AUDIT_SERVERNAME") or \
request.host
# Already get some typical parameters to log
serial = getParam(request.all_data, "serial")
realm = getParam(request.all_data, "realm")
user_loginname = ""
if "token_blueprint" in request.endpoint:
# In case of token endpoint we evaluate the user in the request.
# Note: In policy-endpoint "user" is part of the policy configuration
# and will cause an exception
user = get_user_from_param(request.all_data)
user_loginname = user.login
realm = user.realm or realm
g.audit_object.log({"success": False,
"serial": serial,
"user": user_loginname,
"realm": realm,
"client": g.client_ip,
"client_user_agent": request.user_agent.browser,
"privacyidea_server": privacyidea_server,
"action": "{0!s} {1!s}".format(request.method, request.url_rule),
"action_detail": "",
"info": ""})
if g.logged_in_user.get("role") == "user":
# A user is calling this API
# In case the token API is called by the user and not by the admin we
# need to restrict the token view.
CurrentUser = get_user_from_param({"user":
g.logged_in_user.get(
"username"),
"realm": g.logged_in_user.get(
"realm")})
request.all_data["user"] = CurrentUser.login
request.all_data["resolver"] = CurrentUser.resolver
request.all_data["realm"] = CurrentUser.realm
g.audit_object.log({"user": CurrentUser.login,
"realm": CurrentUser.realm})
else:
# An administrator is calling this API
g.audit_object.log({"administrator": g.logged_in_user.get("username")})
开发者ID:DINKIN,项目名称:privacyidea,代码行数:60,代码来源:before_after.py
示例15: check_otp_exist
def check_otp_exist(self, otp, window=None, options=None, symetric=True,
inc_counter=True):
"""
checks if the given OTP value is/are values of this very token at all.
This is used to autoassign and to determine the serial number of
a token.
In fact it is a check_otp with an enhanced window.
:param otp: the to be verified otp value
:type otp: string
:param window: the lookahead window for the counter in seconds!!!
:type window: int
:return: counter or -1 if otp does not exist
:rtype: int
"""
options = options or {}
timeStepping = int(self.get_tokeninfo("timeStep") or
get_from_config("totp.timeStep") or 30)
window = window or (self.get_sync_window() * timeStepping)
res = self.check_otp(otp, window=window, options=options)
if inc_counter and res >= 0:
# As usually the counter is increased in lib.token.checkUserPass,
# we need to do this manually here:
self.inc_otp_counter(res)
return res
开发者ID:R00tAK,项目名称:privacyidea,代码行数:26,代码来源:totptoken.py
示例16: get_init_detail
def get_init_detail(self, params=None, user=None):
"""
At the end of the initialization we ask the user to press the button
"""
response_detail = {}
if self.init_step == 1:
# This is the first step of the init request
app_id = get_from_config("u2f.appId", "").strip("/")
from privacyidea.lib.error import TokenAdminError
if not app_id:
raise TokenAdminError(_("You need to define the appId in the "
"token config!"))
nonce = urlsafe_b64encode_and_unicode(geturandom(32))
response_detail = TokenClass.get_init_detail(self, params, user)
register_request = {"version": U2F_Version,
"challenge": nonce,
"appId": app_id}
response_detail["u2fRegisterRequest"] = register_request
self.add_tokeninfo("appId", app_id)
elif self.init_step == 2:
# This is the second step of the init request
response_detail["u2fRegisterResponse"] = {"subject":
self.token.description}
return response_detail
开发者ID:privacyidea,项目名称:privacyidea,代码行数:26,代码来源:u2ftoken.py
示例17: api_endpoint
def api_endpoint(cls, request, g):
"""
This provides a function to be plugged into the API endpoint
/ttype/u2f
The u2f token can return the facet list at this URL.
:param request: The Flask request
:param g: The Flask global object g
:return: Flask Response or text
"""
configured_app_id = get_from_config("u2f.appId")
if configured_app_id is None:
raise ParameterError("u2f is not configured")
app_id = configured_app_id.strip("/")
# Read the facets from the policies
pol_facets = g.policy_object.get_action_values(U2FACTION.FACETS,
scope=SCOPE.AUTH,
client=g.client_ip,
audit_data=g.audit_object.audit_data)
facet_list = ["https://{0!s}".format(x) for x in pol_facets]
facet_list.append(app_id)
log.debug("Sending facets lists for appId {0!s}: {1!s}".format(app_id,
facet_list))
res = {"trustedFacets": [{"version": {"major": 1,
"minor": 0},
"ids": facet_list
}
]
}
return "fido.trusted-apps+json", res
开发者ID:privacyidea,项目名称:privacyidea,代码行数:33,代码来源:u2ftoken.py
示例18: _autosync
def _autosync(self, hmac2Otp, anOtpVal):
"""
synchronize the token based on two otp values automatically.
If the OTP is invalid, that OTP counter is stored.
If an old OTP counter is stored, it is checked, if the new
OTP value is the next value after this counter.
internal method to realize the _autosync within the
checkOtp method
:param hmac2Otp: the hmac object (with reference to the token secret)
:type hmac2Otp: hmac object
:param anOtpVal: the actual otp value
:type anOtpVal: string
:return: counter or -1 if otp does not exist
:rtype: int
"""
res = -1
autosync = get_from_config("AutoResync", False, return_bool=True)
# if _autosync is not enabled: do nothing
if autosync is False:
return res
info = self.get_tokeninfo()
syncWindow = self.get_sync_window()
# check if the otpval is valid in the sync scope
res = hmac2Otp.checkOtp(anOtpVal, syncWindow, symetric=True)
log.debug("found otpval {0!r} in syncwindow ({1!r}): {2!r}".format(anOtpVal, syncWindow, res))
if res != -1:
# if former is defined
if "otp1c" in info:
# check if this is consecutive
otp1c = int(info.get("otp1c"))
otp2c = res
log.debug("otp1c: {0!r}, otp2c: {1!r}".format(otp1c, otp2c))
diff = math.fabs(otp2c - otp1c)
if diff > self.resyncDiffLimit:
res = -1
else:
server_time = time.time()
counter = int((server_time / self.timestep) + 0.5)
shift = otp2c - counter
info["timeShift"] = shift
self.set_tokeninfo(info)
# now clean the resync data
del info["otp1c"]
self.set_tokeninfo(info)
else:
log.debug("setting otp1c: {0!s}".format(res))
info["otp1c"] = res
self.set_tokeninfo(info)
res = -1
return res
开发者ID:hrz-unimr,项目名称:privacyidea,代码行数:59,代码来源:totptoken.py
示例19: test_06_public_and_admin
def test_06_public_and_admin(self):
# This tests the new public available config
set_privacyidea_config("publicInfo1", "info1", typ="public")
set_privacyidea_config("publicInfo2", "info2", typ="public")
set_privacyidea_config("secretInfo1", "info1")
# Get administrators info
a = get_from_config()
self.assertTrue("secretInfo1" in a)
self.assertTrue("publicInfo1" in a)
a = get_from_config("publicInfo1")
self.assertEqual(a, "info1")
a = get_from_config("secretInfo1")
self.assertEqual(a, "info1")
# Get public info as user
a = get_from_config()
self.assertTrue("publicInfo1" in a)
a = get_from_config("publicInfo1")
self.assertEqual(a, "info1")
# Not able to get private info as user
a = get_from_config(role="public")
self.assertTrue("secretInfo1" not in a)
a = get_from_config("secretInfo1", role="public")
self.assertEqual(a, None)
开发者ID:Andrew8305,项目名称:privacyidea,代码行数:26,代码来源:test_lib_config.py
示例20: _get_api_key
def _get_api_key(api_id):
"""
Return the symmetric key for the given apiId.
:param apiId: The base64 encoded API ID
:return: the base64 encoded API Key or None
"""
api_key = get_from_config("yubikey.apiid.%s" % api_id)
return api_key
开发者ID:tongwen-it,项目名称:privacyidea,代码行数:9,代码来源:yubikeytoken.py
注:本文中的privacyidea.lib.config.get_from_config函数示例由纯净天空整理自Github/MSDocs等源码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。 |
客服电话
APP下载
官方微信
请发表评论