Fixed the typo in error message.

On 08/23/2016 12:15 PM, Tomas Krizek wrote:
In that case, the first version of the patch solves the issue.

I'm attaching the patch once again, but it's the same as the one in the original message.

On 08/23/2016 11:53 AM, Jan Cholasta wrote:
On 22.8.2016 19:08, Tomas Krizek wrote:
I've attached the updated patch. Hopefully I didn't forget anything else
this time.

On 08/22/2016 05:48 PM, Martin Basti wrote:

On 22.08.2016 10:22, Tomas Krizek wrote:

Seems like a good idea, I'm attaching the updated patch. Autofill
does work when the param is required.

On 08/19/2016 04:19 PM, Martin Basti wrote:

On 16.08.2016 17:35, Tomas Krizek wrote:

the attached patch fixes an error message when user provides an
empty key while adding otp token.

I'm curious why we don't fix it here:

            doc=_('Token secret (Base32; default: random)'),
            default_from=lambda: os.urandom(KEY_LENGTH),
            flags=('no_display', 'no_update', 'no_search'),

If OTPTokenKey is mandratory, it should be required param (autofill
should work in this case too)


Tomas Krizek

You changed API, you must regenerate API.txt (./makeapi) and increment
minor version in VERSION file

Option 'ipatokenotpkey?' in command 'otptoken_add/1' in API file not found
Options count in otptoken_add of 22 doesn't match expected: 23
Option ipatokenotpkey of command otptoken_add in ipalib, not in API file:
OTPTokenKey('ipatokenotpkey', autofill=True, cli_name='key')

NACK, this is a backward incompatible change.

AFAICT the option should remain optional, see the doc string:

    Token secret (Base32; default: random)

Tomas Krizek

From 14ecfa5f5730af5f8d1d54f8524d546d42f5ce2e Mon Sep 17 00:00:00 2001
From: Tomas Krizek <>
Date: Wed, 24 Aug 2016 13:29:37 +0200
Subject: [PATCH] Validate key in otptoken-add

Verify that key is not empty when adding otp token. If it is empty, raise an
appropriate error.
 ipaserver/plugins/ | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/ipaserver/plugins/ b/ipaserver/plugins/
index 15b25e07a905257f016de68a3d9e182447699d0e..a7b436aa5690c42b56d7937e608b9d574b22e10b 100644
--- a/ipaserver/plugins/
+++ b/ipaserver/plugins/
@@ -323,6 +323,10 @@ class otptoken_add(LDAPCreate):
             except (NotFound, IndexError):
+        # Check if key is not empty
+        if entry_attrs['ipatokenotpkey'] is None:
+            raise ValidationError(name='key', error=_(u'cannot be empty'))
         # Build the URI parameters
         args = {}
         args['issuer'] = issuer

Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA:

Reply via email to