本文整理汇总了Python中privacyidea.lib.policy.PolicyClass类的典型用法代码示例。如果您正苦于以下问题:Python PolicyClass类的具体用法?Python PolicyClass怎么用?Python PolicyClass使用的例子?那么恭喜您, 这里精选的类代码示例或许可以为您提供帮助。
在下文中一共展示了PolicyClass类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: split_pin_otp
def split_pin_otp(token, passw, user=None, options=None):
'''
split the pin and the otp fron the given password
:param passw: the to be splitted password
:param options: currently not used, but might be forwarded to the
token.splitPinPass
:return: tuple of (split status, pin and otpval)
'''
Policy = PolicyClass(request, config, c,
get_privacyIDEA_config())
pin_policies = Policy.get_pin_policies(user)
policy = 0
if 1 in pin_policies:
LOG.debug("pin policy=1: checking the users password as pin")
# split the passw into password and otp value
(res, pin, otp) = token.splitPinPass(passw)
policy = 1
elif 2 in pin_policies:
# NO PIN should be entered atall
LOG.debug("pin policy=2: checking no pin")
(res, pin, otp) = (0, "", passw)
policy = 2
else:
# old stuff: We check The fixed OTP PIN
LOG.debug("pin policy=0: checkin the PIN")
(res, pin, otp) = token.splitPinPass(passw)
if res != -1:
res = policy
return (res, pin, otp)示例2: test_01_create_simple_policy
def test_01_create_simple_policy(self):
p = set_policy(name="pol1", action="read", scope="system")
self.assertTrue(p > 0)
p = set_policy(name="pol2", action="tokentype=HOTP", scope=SCOPE.AUTHZ)
self.assertTrue(p > 0)
p = set_policy(name="pol3", action="serial=OATH", scope=SCOPE.AUTHZ)
self.assertTrue(p > 0)
p = set_policy(name="pol4", action="enroll, init, disable , enable", scope="admin")
self.assertTrue(p > 0)
P = PolicyClass()
policies = P.get_policies(name="pol3")
# only one policy found
self.assertTrue(len(policies) == 1, len(policies))
policies = P.get_policies(scope=SCOPE.AUTHZ)
self.assertTrue(len(policies) == 2, len(policies))
policies = P.get_policies(scope=SCOPE.AUTHZ, action="tokentype")
self.assertTrue(len(policies) == 1, len(policies))
policies = P.get_policies(scope="admin", action="disable")
self.assertTrue(len(policies) == 1, len(policies))
self.assertTrue(policies[0].get("name") == "pol4")示例3: test_07_client_policies
def test_07_client_policies(self):
delete_policy(name="pol2a")
set_policy(name="pol1", scope="s", client="172.16.0.3, 172.16.0.4/24")
set_policy(name="pol2", scope="s", client="192.168.0.0/16, "
"-192.168.1.1")
set_policy(name="pol3", scope="s", client="10.0.0.1, 10.0.0.2, "
"10.0.0.3")
set_policy(name="pol4", scope="s")
# One policy with matching client, one without any clients
P = PolicyClass()
p = P.get_policies(client="10.0.0.1")
self.assertTrue(_check_policy_name("pol3", p), p)
self.assertTrue(_check_policy_name("pol4", p), p)
self.assertTrue(len(p) == 2, p)
# client matches pol4 and pol2
p = P.get_policies(client="192.168.2.3")
self.assertTrue(_check_policy_name("pol2", p), p)
self.assertTrue(_check_policy_name("pol4", p), p)
self.assertTrue(len(p) == 2, p)
# client only matches pol4, since it is excluded in pol2
p = P.get_policies(client="192.168.1.1")
self.assertTrue(_check_policy_name("pol4", p), p)
self.assertTrue(len(p) == 1, p)示例4: get_config_documentation
def get_config_documentation():
"""
returns an restructured text document, that describes the complete
configuration.
"""
P = PolicyClass()
config = get_from_config()
resolvers = get_resolver_list()
realms = get_realms()
policies = P.get_policies()
admins = get_db_admins()
context = {"system": socket.getfqdn(socket.gethostname()),
"date": datetime.datetime.now().strftime("%Y-%m-%d %H:%M"),
"systemconfig": config,
"appconfig": current_app.config,
"resolverconfig": resolvers,
"realmconfig": realms,
"policyconfig": policies,
"admins": admins}
g.audit_object.log({"success": True})
# Three or more line breaks will be changed to two.
return re.sub("\n{3,}", "\n\n", render_template("documentation.rst",
context=context))示例5: test_05_export_policies
def test_05_export_policies(self):
P = PolicyClass()
policies = P.get_policies()
file = export_policies(policies)
self.assertTrue("[pol1]" in file, file)
self.assertTrue("[pol2]" in file, file)
self.assertTrue("[pol3]" in file, file)示例6: test_08_user_policies
def test_08_user_policies(self):
set_policy(name="pol1", scope="s", user="*")
set_policy(name="pol2", scope="s", user="admin, root, user1")
set_policy(name="pol3", scope="s", user="*, !user1")
set_policy(name="pol4", scope="s", user="*, -root")
# get policies for user1
P = PolicyClass()
p = P.get_policies(user="user1")
self.assertTrue(len(p) == 3, (len(p), p))
self.assertTrue(_check_policy_name("pol1", p), p)
self.assertTrue(_check_policy_name("pol2", p), p)
self.assertFalse(_check_policy_name("pol3", p), p)
self.assertTrue(_check_policy_name("pol4", p), p)
# get policies for root
p = P.get_policies(user="root")
self.assertTrue(len(p) == 3, p)
self.assertTrue(_check_policy_name("pol1", p), p)
self.assertTrue(_check_policy_name("pol2", p), p)
self.assertTrue(_check_policy_name("pol3", p), p)
self.assertFalse(_check_policy_name("pol4", p), p)
# get policies for admin
p = P.get_policies(user="admin")
self.assertTrue(len(p) == 4, p)
self.assertTrue(_check_policy_name("pol1", p), p)
self.assertTrue(_check_policy_name("pol2", p), p)
self.assertTrue(_check_policy_name("pol3", p), p)
self.assertTrue(_check_policy_name("pol4", p), p)示例7: test_09_realm_resolver_policy
def test_09_realm_resolver_policy(self):
set_policy(name="pol1", scope="s", realm="r1")
set_policy(name="pol2", scope="s", realm="r1", resolver="reso1")
set_policy(name="pol3", scope="s", realm="", resolver="reso2")
set_policy(name="pol4", scope="s", realm="r2", active="true")
P = PolicyClass()
p = P.get_policies(realm="r1")
self.assertTrue(len(p) == 3, p)
self.assertTrue(_check_policy_name("pol1", p), p)
self.assertTrue(_check_policy_name("pol2", p), p)
self.assertTrue(_check_policy_name("pol3", p), p)
self.assertFalse(_check_policy_name("pol4", p), p)
p = P.get_policies(realm="r2")
self.assertTrue(len(p) == 2, p)
self.assertFalse(_check_policy_name("pol1", p), p)
self.assertFalse(_check_policy_name("pol2", p), p)
self.assertTrue(_check_policy_name("pol3", p), p)
self.assertTrue(_check_policy_name("pol4", p), p)
p = P.get_policies(resolver="reso1")
self.assertTrue(len(p) == 3, p)
self.assertTrue(_check_policy_name("pol1", p), p)
self.assertTrue(_check_policy_name("pol2", p), p)
self.assertFalse(_check_policy_name("pol3", p), p)
self.assertTrue(_check_policy_name("pol4", p), p)
p = P.get_policies(resolver="reso2")
self.assertTrue(len(p) == 3, p)
self.assertTrue(_check_policy_name("pol1", p), p)
self.assertFalse(_check_policy_name("pol2", p), p)
self.assertTrue(_check_policy_name("pol3", p), p)
self.assertTrue(_check_policy_name("pol4", p), p)示例8: create_google_authenticator_url
def create_google_authenticator_url(user, realm, key, type="hmac", serial=""):
'''
This creates the google authenticator URL.
This url may only be 119 characters long.
Otherwise we qrcode.js can not create the qrcode.
If the URL would be longer, we shorten the username
We expect the key to be hexlified!
'''
# policy depends on some lib.util
if "hmac" == type.lower():
type = "hotp"
key_bin = binascii.unhexlify(key)
# also strip the padding =, as it will get problems with the google app.
otpkey = base64.b32encode(key_bin).strip('=')
#'url' : "otpauth://hotp/%s?secret=%s&counter=0" % ( [email protected], otpkey )
base_len = len("otpauth://%s/?secret=%s&counter=0" % (type, otpkey))
max_len = 119
allowed_label_len = max_len - base_len
log.debug("we have got %s characters left for the token label" % str(allowed_label_len))
Policy = PolicyClass(request, config, c,
get_privacyIDEA_config())
label = Policy.get_tokenlabel(user, realm, serial)
label = label[0:allowed_label_len]
url_label = quote(label)
return "otpauth://%s/%s?secret=%s&counter=0" % (type, url_label, otpkey)示例9: test_11_import_policy
def test_11_import_policy(self):
with self.app.test_request_context('/policy/import/policy.cfg',
method='POST',
data=dict(file=(POLICYFILE,
'policy.cfg')),
headers={'Authorization': self.at}):
res = self.app.full_dispatch_request()
self.assertTrue(res.status_code == 200, res)
result = json.loads(res.data).get("result")
self.assertTrue(result["status"] is True, result)
self.assertTrue(result["value"] == 2, result)
# check if policies are there
P = PolicyClass()
p1 = P.get_policies(name="importpol1")
self.assertTrue(len(p1) == 1, p1)
p2 = P.get_policies(name="importpol2")
self.assertTrue(len(p2) == 1, p2)
# import empty file
with self.app.test_request_context("/policy/import/"
"policy_empty_file.cfg",
method='POST',
data=dict(file=(POLICYEMPTY,
"policy_empty_file.cfg")),
headers={'Authorization': self.at}):
res = self.app.full_dispatch_request()
self.assertTrue(res.status_code == 400, res)示例10: test_19_ui_get_menus
def test_19_ui_get_menus(self):
delete_all_policies()
luser = {"username": "admin", "role": "admin"}
# Without policies, the admin gets all
P = PolicyClass()
menus = P.ui_get_main_menus(luser)
self.assertTrue(MAIN_MENU.USERS in menus)
self.assertTrue(MAIN_MENU.TOKENS in menus)
self.assertTrue(MAIN_MENU.COMPONENTS in menus)
self.assertTrue(MAIN_MENU.CONFIG in menus)
self.assertTrue(MAIN_MENU.MACHINES in menus)
# Admin has only right to enroll HOTP! :-)
set_policy("pol1", scope=SCOPE.ADMIN, user="admin",
action="enrollHOTP")
P = PolicyClass()
menus = P.ui_get_main_menus(luser)
# Thus he can only see the token menu
self.assertTrue(MAIN_MENU.USERS not in menus)
self.assertTrue(MAIN_MENU.TOKENS in menus)
self.assertTrue(MAIN_MENU.COMPONENTS not in menus)
self.assertTrue(MAIN_MENU.CONFIG not in menus)
self.assertTrue(MAIN_MENU.MACHINES not in menus)
set_policy("pol2", scope=SCOPE.ADMIN, user="admin",
action=ACTION.USERLIST)
P = PolicyClass()
menus = P.ui_get_main_menus(luser)
# Thus he can only see the token menu
self.assertTrue(MAIN_MENU.USERS in menus)
self.assertTrue(MAIN_MENU.TOKENS in menus)
self.assertTrue(MAIN_MENU.COMPONENTS not in menus)
self.assertTrue(MAIN_MENU.CONFIG not in menus)
self.assertTrue(MAIN_MENU.MACHINES not in menus)
set_policy("pol3", scope=SCOPE.ADMIN, user="admin",
action=ACTION.MACHINELIST)
P = PolicyClass()
menus = P.ui_get_main_menus(luser)
# Thus he can only see the token menu
self.assertTrue(MAIN_MENU.USERS in menus)
self.assertTrue(MAIN_MENU.TOKENS in menus)
self.assertTrue(MAIN_MENU.COMPONENTS not in menus)
self.assertTrue(MAIN_MENU.CONFIG not in menus)
self.assertTrue(MAIN_MENU.MACHINES in menus)
set_policy("pol4", scope=SCOPE.ADMIN, user="admin",
action=ACTION.SYSTEMDELETE)
P = PolicyClass()
menus = P.ui_get_main_menus(luser)
# Thus he can only see the token menu
self.assertTrue(MAIN_MENU.USERS in menus)
self.assertTrue(MAIN_MENU.TOKENS in menus)
self.assertTrue(MAIN_MENU.COMPONENTS not in menus)
self.assertTrue(MAIN_MENU.CONFIG in menus)
self.assertTrue(MAIN_MENU.MACHINES in menus)
delete_all_policies()示例11: test_13_get_allowed_serials
def test_13_get_allowed_serials(self):
set_policy(name="st1", scope=SCOPE.AUTHZ, action="serial=OATH")
set_policy(name="st2", scope=SCOPE.AUTHZ, action="serial=mOTP ")
P = PolicyClass()
ttypes = P.get_action_values("serial", scope=SCOPE.AUTHZ)
self.assertTrue("OATH" in ttypes)
self.assertTrue("mOTP" in ttypes)
self.assertFalse("TOTP" in ttypes)示例12: test_12_get_allowed_tokentypes
def test_12_get_allowed_tokentypes(self):
set_policy(name="tt1", scope=SCOPE.AUTHZ, action="tokentype=hotp " "totp, enroll")
set_policy(name="tt2", scope=SCOPE.AUTHZ, action="tokentype=motp")
P = PolicyClass()
ttypes = P.get_action_values("tokentype", scope=SCOPE.AUTHZ)
self.assertTrue("motp" in ttypes)
self.assertTrue("totp" in ttypes)
self.assertTrue("hotp" in ttypes)
self.assertFalse("spass" in ttypes)示例13: test_16_admin_realm
def test_16_admin_realm(self):
P = PolicyClass()
logged_in_user = {"username": "admin",
"role": "admin",
"realm": "realm1"}
# Without policies, the admin gets all
tt = P.ui_get_enroll_tokentypes("127.0.0.1", logged_in_user)
self.assertTrue("hotp" in tt)
self.assertTrue("totp" in tt)
self.assertTrue("motp" in tt)
self.assertTrue("sms" in tt)
self.assertTrue("spass" in tt)
self.assertTrue("sshkey" in tt)
self.assertTrue("email" in tt)
self.assertTrue("certificate" in tt)
self.assertTrue("yubico" in tt)
self.assertTrue("yubikey" in tt)
self.assertTrue("radius" in tt)
# An admin in realm1 may only enroll Yubikeys
set_policy(name="tokenEnroll", scope=SCOPE.ADMIN,
adminrealm="realm1",
action="enrollYUBIKEY")
P = PolicyClass()
tt = P.ui_get_enroll_tokentypes("127.0.0.1", logged_in_user)
self.assertFalse("hotp" in tt)
self.assertFalse("totp" in tt)
self.assertFalse("motp" in tt)
self.assertFalse("sms" in tt)
self.assertFalse("spass" in tt)
self.assertFalse("sshkey" in tt)
self.assertFalse("email" in tt)
self.assertFalse("certificate" in tt)
self.assertFalse("yubico" in tt)
self.assertTrue("yubikey" in tt)
self.assertFalse("radius" in tt)
# An admin in another admin realm may enroll nothing.
logged_in_user = {"username": "admin",
"role": "admin",
"realm": "OtherRealm"}
tt = P.ui_get_enroll_tokentypes("127.0.0.1", logged_in_user)
self.assertFalse("hotp" in tt)
self.assertFalse("totp" in tt)
self.assertFalse("motp" in tt)
self.assertFalse("sms" in tt)
self.assertFalse("spass" in tt)
self.assertFalse("sshkey" in tt)
self.assertFalse("email" in tt)
self.assertFalse("certificate" in tt)
self.assertFalse("yubico" in tt)
self.assertFalse("yubikey" in tt)
self.assertFalse("radius" in tt)
delete_policy("tokenEnroll")示例14: authenticate
def authenticate(self, environ, identity):
username = None
realm = None
success = None
try:
if isSelfTest():
if identity.has_key('login') == False and identity.has_key('repoze.who.plugins.auth_tkt.userid') == True:
u = identity.get('repoze.who.plugins.auth_tkt.userid')
identity['login'] = u
identity['password'] = u
if getRealmBox():
username = identity['login']
realm = identity['realm']
else:
log.debug("no realmbox, so we are trying to split the loginname")
m = re.match("(.*)\@(.*)", identity['login'])
if m:
if 2 == len(m.groups()):
username = m.groups()[0]
realm = m.groups()[1]
log.debug("found @: username: %r, realm: %r" % (username, realm))
else:
username = identity['login']
realm = getDefaultRealm()
log.debug("using default Realm: username: %r, realm: %r" % (username, realm))
password = identity['password']
except KeyError as e:
log.error("Keyerror in identity: %r." % e)
log.error("%s" % traceback.format_exc())
return None
# check username/realm, password
if isSelfTest():
success = "%[email protected]%s" % (unicode(username), unicode(realm))
else:
Policy = PolicyClass(request, config, c,
get_privacyIDEA_config())
if Policy.is_auth_selfservice_otp(username, realm):
# check the OTP
success = authenticate_privacyidea_user(username, realm, password)
else:
# We do authentication against the user store
success = check_user_password(username, realm, password)
if not success and is_admin_identity("%[email protected]%s" % (username, realm), exception=False):
# user not found or authenticated in resolver.
# So let's see, if this is an administrative user.
success = check_admin_password(username, password, realm)
if success:
log.info("User %r authenticated" % success)
return success示例15: list
def list():
"""
list the policies
"""
P = PolicyClass()
policies = P.get_policies()
print "Active \t Name \t Scope"
print 40*"="
for policy in policies:
print("%s \t %s \t %s" % (policy.get("active"), policy.get("name"),
policy.get("scope")))