On Fri, 2014-10-17 at 10:59 +0200, Martin Kosek wrote:
> On 10/16/2014 11:37 PM, Nathaniel McCallum wrote:
> > On Thu, 2014-10-16 at 17:35 +0200, Martin Kosek wrote:
> >> On 10/15/2014 06:32 PM, Nathaniel McCallum wrote:
> >>> When viewing a token from the CLI or UI, the type of the token
> >>> should be displayed.
> >>>
> >>> https://fedorahosted.org/freeipa/ticket/4563
> >>
> >> Adding objectclass to default_attributes is unprecedented and something we
> >> should not do before release. It would also put objectclass attribute in
> >> default otptoken-* operations.
> >>
> >> What I would do in this case is to
> >> - keep default_attributes as is
> >> - add 'objectclass' to attrs_list in pre_callback
> >> - do whatever you already do with it in post_callback
> >> - remove the objectclass if it was not called for explicitly, e.g.:
> >>
> >> if not options.get('all', False) or options.get('pkey_only',
> >> False):
> >> entry_attrs.pop('objectclass', None)
> >>
> >> This approach is used for example in idrange.py so I would stick with it
> >> (I am
> >> not saying it is pretty, I am just saying our API should give consistent
> >> output).
> >
> > Fixed and tested.
> >
>
> Works fine in CLI, though I found couple more issues:
>
> 1) In type you return "HOTP" or "TOTP" while on the input you accept
> lowercased
> versions - is that OK?
>
> # ipa otptoken-add --type=TOTP --owner=fbar barbar
> ipa: ERROR: invalid 'type': must be one of 'totp', 'hotp'
>
> It just did not seem consistent to me.
It was an oversight. In an ideal world, we'd have a case-insensitive
StrEnum type. For now, this patch accepts either fully lowercase or
fully uppercase. Display is always uppercase.
> 2) You are suddenly adding camelcased attribute, compared to other places:
>
> + attrs_list.append("objectClass")
Argh. Fixed.
> 3) I do not see the OTP token type in Web UI OTP token view - is it just me or
> is it really missing?
I think it is just you. The token type shows on the token details page,
not in the overview list of all tokens.
Nathaniel
From fa0abf660628f6df0dcdc89641b592fb0f3fe18f Mon Sep 17 00:00:00 2001
From: Nathaniel McCallum <npmccal...@redhat.com>
Date: Wed, 15 Oct 2014 12:24:56 -0400
Subject: [PATCH] Display token type when viewing token
When viewing a token from the CLI or UI, the type of the token
should be displayed.
https://fedorahosted.org/freeipa/ticket/4563
---
install/ui/src/freeipa/otptoken.js | 1 +
ipalib/plugins/otptoken.py | 28 +++++++++++++++++++++++++---
2 files changed, 26 insertions(+), 3 deletions(-)
diff --git a/install/ui/src/freeipa/otptoken.js b/install/ui/src/freeipa/otptoken.js
index 6c877533cf47e924b71f7d6b66d8f74b7d530445..9ba6821a59e2818b60731d1ac91c6ee298b6b713 100644
--- a/install/ui/src/freeipa/otptoken.js
+++ b/install/ui/src/freeipa/otptoken.js
@@ -180,6 +180,7 @@ return {
label: '@i18n:objects.otptoken.details',
fields: [
'ipatokenuniqueid',
+ 'type',
{
$type: 'textarea',
name: 'description'
diff --git a/ipalib/plugins/otptoken.py b/ipalib/plugins/otptoken.py
index e4dd6a02edb66ef054f94c55b60d91daa5c74112..2b5f1c5fb83341d392e165a3507f5076820f1d3a 100644
--- a/ipalib/plugins/otptoken.py
+++ b/ipalib/plugins/otptoken.py
@@ -108,6 +108,15 @@ def _check_interval(not_before, not_after):
return not_before <= not_after
return True
+def _set_token_type(entry_attrs, **options):
+ klasses = [x.lower() for x in entry_attrs.get('objectclass', [])]
+ for ttype in TOKEN_TYPES.keys():
+ cls = 'ipatoken' + ttype
+ if cls.lower() in klasses:
+ entry_attrs['type'] = ttype.upper()
+
+ if not options.get('all', False) or options.get('pkey_only', False):
+ entry_attrs.pop('objectclass', None)
@register()
class otptoken(LDAPObject):
@@ -146,7 +155,7 @@ class otptoken(LDAPObject):
label=_('Type'),
default=u'totp',
autofill=True,
- values=tuple(TOKEN_TYPES.keys()),
+ values=tuple(TOKEN_TYPES.keys() + [x.upper() for x in TOKEN_TYPES]),
flags=('virtual_attribute', 'no_update'),
),
Str('description?',
@@ -259,6 +268,7 @@ class otptoken_add(LDAPCreate):
error='is before the validity start')
# Set the object class and defaults for specific token types
+ options['type'] = options['type'].lower()
entry_attrs['objectclass'] = otptoken.object_class + ['ipatoken' + options['type']]
for ttype, tattrs in TOKEN_TYPES.items():
if ttype != options['type']:
@@ -305,10 +315,12 @@ class otptoken_add(LDAPCreate):
uri = u'otpauth://%s/%s:%s?%s' % (options['type'], issuer, label, parameters)
setattr(context, 'uri', uri)
+ attrs_list.append("objectclass")
return dn
def post_callback(self, ldap, dn, entry_attrs, *keys, **options):
entry_attrs['uri'] = getattr(context, 'uri')
+ _set_token_type(entry_attrs, **options)
_convert_owner(self.api.Object.user, entry_attrs, options)
return super(otptoken_add, self).post_callback(ldap, dn, entry_attrs, *keys, **options)
@@ -360,9 +372,12 @@ class otptoken_mod(LDAPUpdate):
raise ValidationError(name='not_before',
error='is after the validity end')
_normalize_owner(self.api.Object.user, entry_attrs)
+
+ attrs_list.append("objectclass")
return dn
def post_callback(self, ldap, dn, entry_attrs, *keys, **options):
+ _set_token_type(entry_attrs, **options)
_convert_owner(self.api.Object.user, entry_attrs, options)
return super(otptoken_mod, self).post_callback(ldap, dn, entry_attrs, *keys, **options)
@@ -372,7 +387,7 @@ class otptoken_find(LDAPSearch):
__doc__ = _('Search for OTP token.')
msg_summary = ngettext('%(count)d OTP token matched', '%(count)d OTP tokens matched', 0)
- def pre_callback(self, ldap, filters, *args, **kwargs):
+ def pre_callback(self, ldap, filters, attrs_list, *args, **kwargs):
# This is a hack, but there is no other way to
# replace the objectClass when searching
type = kwargs.get('type', '')
@@ -381,7 +396,8 @@ class otptoken_find(LDAPSearch):
filters = filters.replace("(objectclass=ipatoken)",
"(objectclass=ipatoken%s)" % type)
- return super(otptoken_find, self).pre_callback(ldap, filters, *args, **kwargs)
+ attrs_list.append("objectclass")
+ return super(otptoken_find, self).pre_callback(ldap, filters, attrs_list, *args, **kwargs)
def args_options_2_entry(self, *args, **options):
entry = super(otptoken_find, self).args_options_2_entry(*args, **options)
@@ -390,6 +406,7 @@ class otptoken_find(LDAPSearch):
def post_callback(self, ldap, entries, truncated, *args, **options):
for entry in entries:
+ _set_token_type(entry, **options)
_convert_owner(self.api.Object.user, entry, options)
return super(otptoken_find, self).post_callback(ldap, entries, truncated, *args, **options)
@@ -398,7 +415,12 @@ class otptoken_find(LDAPSearch):
class otptoken_show(LDAPRetrieve):
__doc__ = _('Display information about an OTP token.')
+ def pre_callback(self, ldap, dn, attrs_list, *keys, **options):
+ attrs_list.append("objectclass")
+ return super(otptoken_show, self).pre_callback(ldap, dn, attrs_list, *keys, **options)
+
def post_callback(self, ldap, dn, entry_attrs, *keys, **options):
+ _set_token_type(entry_attrs, **options)
_convert_owner(self.api.Object.user, entry_attrs, options)
return super(otptoken_show, self).post_callback(ldap, dn, entry_attrs, *keys, **options)
--
2.1.0
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
