Dne 29.7.2014 v 15:52 David Kupka napsal(a):
On 07/29/2014 03:28 PM, Jan Cholasta wrote:
Dne 29.7.2014 v 14:11 David Kupka napsal(a):
On 07/29/2014 01:21 PM, Jan Cholasta wrote:
Dne 24.7.2014 v 10:00 David Kupka napsal(a):

On 07/23/2014 05:07 PM, Jan Cholasta wrote:

On 23.7.2014 15:46, David Kupka wrote:

1) Use "isinstance(X, Y)" instead of "type(X) is Y".

Thanks for advice, will try to remember.

2) When is "type(not_before) is str" or "type(not_after) is str"
The values coming from command options or LDAP should always be
datetime, never str.

Actually, it is never true. I don't  know why I thought that there is
such option.

3) There are some misindentations:

+            raise ValidationError(name='not_after',
+                                    error='is before not_before!')

+                raise ValidationError(name='not_after',
+                                    error='is before not_before!')

+                raise ValidationError(name='not_before',
+                                    error='is after not_after!')

4) We don't do exclamation marks in errors messages.

You re right, it's probably better not to shout at customer :)

5) Generally, when you want to validate command options, you should
into "options", not "entry_attrs".

6) This is not right:

+            result =
+                entry_attrs.get('ipatokenuniqueid', None))['result']

This is:

+            result =

Both works, but Martin explained me why is otptoken_show better and
it actually works.


Few more nitpicks:

1) You can make _check_interval a little bit shorter by removing a
redundant if statement:

+def _check_interval(not_before, not_after):
+    if not_before and not_after:
+        return not_before <= not_after
+    return True
Nice :)

2) Please keep the 2 line space between the last global function and
first class in the module.
It's good to know that there is one less rule to discover.

3) Error messages are for users' eyes, please don't use internal
identifiers in them.

4) You don't need to check if the result of otptoken_show is empty, it
never is.

Removed. Although, needless check can't hurt.

One more thing, sorry I didn't notice it earlier: You must check if
'ipatokennotbefore' and 'ipatokennotafter' keys are in opttoken-show
result before using them, otherwise you might end up with:

     ipa: ERROR: non-public: KeyError: 'ipatokennotbefore'
     Traceback (most recent call last):
       File "/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py",
line 348, in wsgi_execute
         result = self.Command[name](*args, **options)
       File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line
439, in __call__
         ret = self.run(*args, **options)
       File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line
754, in run
         return self.execute(*args, **options)
"/usr/lib/python2.7/site-packages/ipalib/plugins/baseldap.py", line
1384, in execute
         *keys, **options)
"/usr/lib/python2.7/site-packages/ipalib/plugins/otptoken.py", line 356,
in pre_callback
         notbefore = result['ipatokennotbefore'][0]
     KeyError: 'ipatokennotbefore'

Sorry for sending fifth wersion of the patch. I must test my patches
more carefully.

No problem. I must review more carefully. ACK.

Jan Cholasta

Freeipa-devel mailing list

Reply via email to