Re: [Freeipa-devel] [PATCH] 0003 Validate key in otptoken-add

2016-08-24 Thread Martin Basti 



On 24.08.2016 13:32, Tomas Krizek wrote:

Fixed the typo in error message.

On 08/23/2016 12:15 PM, Tomas Krizek wrote:

In that case, the first version of the patch solves the issue.

I'm attaching the patch once again, but it's the same as the one in 
the original message.



On 08/23/2016 11:53 AM, Jan Cholasta wrote:

On 22.8.2016 19:08, Tomas Krizek wrote:
I've attached the updated patch. Hopefully I didn't forget anything 
else

this time.


On 08/22/2016 05:48 PM, Martin Basti wrote:


On 22.08.2016 10:22, Tomas Krizek wrote:


Seems like a good idea, I'm attaching the updated patch. Autofill
does work when the param is required.


On 08/19/2016 04:19 PM, Martin Basti wrote:




On 16.08.2016 17:35, Tomas Krizek wrote:

Hi,

the attached patch fixes an error message when user provides an
empty key while adding otp token.

https://fedorahosted.org/freeipa/ticket/6200





I'm curious why we don't fix it here:

OTPTokenKey('ipatokenotpkey?',
cli_name='key',
label=_('Key'),
doc=_('Token secret (Base32; default: random)'),
default_from=lambda: os.urandom(KEY_LENGTH),
autofill=True,
flags=('no_display', 'no_update', 'no_search'),
),


If OTPTokenKey is mandratory, it should be required param (autofill
should work in this case too)

Martin^2


--
Tomas Krizek


You changed API, you must regenerate API.txt (./makeapi) and 
increment

minor version in VERSION file

Option 'ipatokenotpkey?' in command 'otptoken_add/1' in API file 
not found

Options count in otptoken_add of 22 doesn't match expected: 23
Option ipatokenotpkey of command otptoken_add in ipalib, not in 
API file:

OTPTokenKey('ipatokenotpkey', autofill=True, cli_name='key')


NACK, this is a backward incompatible change.

AFAICT the option should remain optional, see the doc string:

Token secret (Base32; default: random)
  ^^^







--
Tomas Krizek


ACK

Pushed to master: 6f9a029bf5d33e6c8267cb330bd48033c5517188


http://www.freeipa.org/page/Pull_request_on_Github
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH] 0003 Validate key in otptoken-add

2016-08-24 Thread Martin Basti 



On 24.08.2016 13:32, Tomas Krizek wrote:

Fixed the typo in error message.

On 08/23/2016 12:15 PM, Tomas Krizek wrote:

In that case, the first version of the patch solves the issue.

I'm attaching the patch once again, but it's the same as the one in 
the original message.



On 08/23/2016 11:53 AM, Jan Cholasta wrote:

On 22.8.2016 19:08, Tomas Krizek wrote:
I've attached the updated patch. Hopefully I didn't forget anything 
else

this time.


On 08/22/2016 05:48 PM, Martin Basti wrote:


On 22.08.2016 10:22, Tomas Krizek wrote:


Seems like a good idea, I'm attaching the updated patch. Autofill
does work when the param is required.


On 08/19/2016 04:19 PM, Martin Basti wrote:




On 16.08.2016 17:35, Tomas Krizek wrote:

Hi,

the attached patch fixes an error message when user provides an
empty key while adding otp token.

https://fedorahosted.org/freeipa/ticket/6200





I'm curious why we don't fix it here:

OTPTokenKey('ipatokenotpkey?',
cli_name='key',
label=_('Key'),
doc=_('Token secret (Base32; default: random)'),
default_from=lambda: os.urandom(KEY_LENGTH),
autofill=True,
flags=('no_display', 'no_update', 'no_search'),
),


If OTPTokenKey is mandratory, it should be required param (autofill
should work in this case too)

Martin^2


--
Tomas Krizek


You changed API, you must regenerate API.txt (./makeapi) and 
increment

minor version in VERSION file

Option 'ipatokenotpkey?' in command 'otptoken_add/1' in API file 
not found

Options count in otptoken_add of 22 doesn't match expected: 23
Option ipatokenotpkey of command otptoken_add in ipalib, not in 
API file:

OTPTokenKey('ipatokenotpkey', autofill=True, cli_name='key')


NACK, this is a backward incompatible change.

AFAICT the option should remain optional, see the doc string:

Token secret (Base32; default: random)
  ^^^







--
Tomas Krizek

Pushed to master: 6f9a029bf5d33e6c8267cb330bd48033c5517188

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH] 0003 Validate key in otptoken-add

2016-08-24 Thread Tomas Krizek 

Fixed the typo in error message.

On 08/23/2016 12:15 PM, Tomas Krizek wrote:

In that case, the first version of the patch solves the issue.

I'm attaching the patch once again, but it's the same as the one in 
the original message.



On 08/23/2016 11:53 AM, Jan Cholasta wrote:

On 22.8.2016 19:08, Tomas Krizek wrote:
I've attached the updated patch. Hopefully I didn't forget anything 
else

this time.


On 08/22/2016 05:48 PM, Martin Basti wrote:


On 22.08.2016 10:22, Tomas Krizek wrote:


Seems like a good idea, I'm attaching the updated patch. Autofill
does work when the param is required.


On 08/19/2016 04:19 PM, Martin Basti wrote:




On 16.08.2016 17:35, Tomas Krizek wrote:

Hi,

the attached patch fixes an error message when user provides an
empty key while adding otp token.

https://fedorahosted.org/freeipa/ticket/6200





I'm curious why we don't fix it here:

OTPTokenKey('ipatokenotpkey?',
cli_name='key',
label=_('Key'),
doc=_('Token secret (Base32; default: random)'),
default_from=lambda: os.urandom(KEY_LENGTH),
autofill=True,
flags=('no_display', 'no_update', 'no_search'),
),


If OTPTokenKey is mandratory, it should be required param (autofill
should work in this case too)

Martin^2


--
Tomas Krizek


You changed API, you must regenerate API.txt (./makeapi) and increment
minor version in VERSION file

Option 'ipatokenotpkey?' in command 'otptoken_add/1' in API file 
not found

Options count in otptoken_add of 22 doesn't match expected: 23
Option ipatokenotpkey of command otptoken_add in ipalib, not in API 
file:

OTPTokenKey('ipatokenotpkey', autofill=True, cli_name='key')


NACK, this is a backward incompatible change.

AFAICT the option should remain optional, see the doc string:

Token secret (Base32; default: random)
  ^^^







--
Tomas Krizek

From 14ecfa5f5730af5f8d1d54f8524d546d42f5ce2e Mon Sep 17 00:00:00 2001
From: Tomas Krizek 
Date: Wed, 24 Aug 2016 13:29:37 +0200
Subject: [PATCH] Validate key in otptoken-add

Verify that key is not empty when adding otp token. If it is empty, raise an
appropriate error.

https://fedorahosted.org/freeipa/ticket/6200
---
 ipaserver/plugins/otptoken.py | 4 
 1 file changed, 4 insertions(+)

diff --git a/ipaserver/plugins/otptoken.py b/ipaserver/plugins/otptoken.py
index 15b25e07a905257f016de68a3d9e182447699d0e..a7b436aa5690c42b56d7937e608b9d574b22e10b 100644
--- a/ipaserver/plugins/otptoken.py
+++ b/ipaserver/plugins/otptoken.py
@@ -323,6 +323,10 @@ class otptoken_add(LDAPCreate):
 except (NotFound, IndexError):
 pass
 
+# Check if key is not empty
+if entry_attrs['ipatokenotpkey'] is None:
+raise ValidationError(name='key', error=_(u'cannot be empty'))
+
 # Build the URI parameters
 args = {}
 args['issuer'] = issuer
-- 
2.7.4

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH] 0003 Validate key in otptoken-add

2016-08-23 Thread Jan Cholasta 

On 22.8.2016 19:08, Tomas Krizek wrote:

I've attached the updated patch. Hopefully I didn't forget anything else
this time.


On 08/22/2016 05:48 PM, Martin Basti wrote:


On 22.08.2016 10:22, Tomas Krizek wrote:


Seems like a good idea, I'm attaching the updated patch. Autofill
does work when the param is required.


On 08/19/2016 04:19 PM, Martin Basti wrote:




On 16.08.2016 17:35, Tomas Krizek wrote:

Hi,

the attached patch fixes an error message when user provides an
empty key while adding otp token.

https://fedorahosted.org/freeipa/ticket/6200





I'm curious why we don't fix it here:

OTPTokenKey('ipatokenotpkey?',
cli_name='key',
label=_('Key'),
doc=_('Token secret (Base32; default: random)'),
default_from=lambda: os.urandom(KEY_LENGTH),
autofill=True,
flags=('no_display', 'no_update', 'no_search'),
),


If OTPTokenKey is mandratory, it should be required param (autofill
should work in this case too)

Martin^2


--
Tomas Krizek


You changed API, you must regenerate API.txt (./makeapi) and increment
minor version in VERSION file

Option 'ipatokenotpkey?' in command 'otptoken_add/1' in API file not found
Options count in otptoken_add of 22 doesn't match expected: 23
Option ipatokenotpkey of command otptoken_add in ipalib, not in API file:
OTPTokenKey('ipatokenotpkey', autofill=True, cli_name='key')


NACK, this is a backward incompatible change.

AFAICT the option should remain optional, see the doc string:

Token secret (Base32; default: random)
  ^^^

--
Jan Cholasta

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH] 0003 Validate key in otptoken-add

2016-08-23 Thread Martin Basti 



On 22.08.2016 19:05, Martin Basti wrote:




On 22.08.2016 17:48, Martin Basti wrote:




On 22.08.2016 10:22, Tomas Krizek wrote:


Seems like a good idea, I'm attaching the updated patch. Autofill 
does work when the param is required.



On 08/19/2016 04:19 PM, Martin Basti wrote:




On 16.08.2016 17:35, Tomas Krizek wrote:

Hi,

the attached patch fixes an error message when user provides an 
empty key while adding otp token.


https://fedorahosted.org/freeipa/ticket/6200





I'm curious why we don't fix it here:

OTPTokenKey('ipatokenotpkey?',
cli_name='key',
label=_('Key'),
doc=_('Token secret (Base32; default: random)'),
default_from=lambda: os.urandom(KEY_LENGTH),
autofill=True,
flags=('no_display', 'no_update', 'no_search'),
),


If OTPTokenKey is mandratory, it should be required param (autofill 
should work in this case too)


Martin^2


--
Tomas Krizek


You changed API, you must regenerate API.txt (./makeapi) and 
increment minor version in VERSION file


Option 'ipatokenotpkey?' in command 'otptoken_add/1' in API file not 
found

Options count in otptoken_add of 22 doesn't match expected: 23
Option ipatokenotpkey of command otptoken_add in ipalib, not in API file:
OTPTokenKey('ipatokenotpkey', autofill=True, cli_name='key')

Martin^2




[root@vm-058-107 ~]# ipa otptoken-add --key='ORSXG5DFON2AU==='
Usage: ipa [global-options] otptoken-add [ID] [options]

ipa: error: --key option does not take a value


Well patch doesnt work for me, Honza may know if this is expected 
behavior of framework or just params bug


Martin62




My, bad this is expected.

Martin^2
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH] 0003 Validate key in otptoken-add

2016-08-22 Thread Tomas Krizek 
I've attached the updated patch. Hopefully I didn't forget anything else 
this time.



On 08/22/2016 05:48 PM, Martin Basti wrote:


On 22.08.2016 10:22, Tomas Krizek wrote:


Seems like a good idea, I'm attaching the updated patch. Autofill 
does work when the param is required.



On 08/19/2016 04:19 PM, Martin Basti wrote:




On 16.08.2016 17:35, Tomas Krizek wrote:

Hi,

the attached patch fixes an error message when user provides an 
empty key while adding otp token.


https://fedorahosted.org/freeipa/ticket/6200





I'm curious why we don't fix it here:

OTPTokenKey('ipatokenotpkey?',
cli_name='key',
label=_('Key'),
doc=_('Token secret (Base32; default: random)'),
default_from=lambda: os.urandom(KEY_LENGTH),
autofill=True,
flags=('no_display', 'no_update', 'no_search'),
),


If OTPTokenKey is mandratory, it should be required param (autofill 
should work in this case too)


Martin^2


--
Tomas Krizek


You changed API, you must regenerate API.txt (./makeapi) and increment 
minor version in VERSION file


Option 'ipatokenotpkey?' in command 'otptoken_add/1' in API file not found
Options count in otptoken_add of 22 doesn't match expected: 23
Option ipatokenotpkey of command otptoken_add in ipalib, not in API file:
OTPTokenKey('ipatokenotpkey', autofill=True, cli_name='key')

Martin^2


--
Tomas Krizek

From 5a0e3586a8fd3b31ad8fa2ce092e01e9b36154fc Mon Sep 17 00:00:00 2001
From: Tomas Krizek 
Date: Mon, 22 Aug 2016 19:04:21 +0200
Subject: [PATCH] Validate key in otptoken-add

Make the OTP token key mandatory and show an appropriate error message if the user
enters an empty key.

https://fedorahosted.org/freeipa/ticket/6200
---
 API.txt   | 2 +-
 VERSION   | 4 ++--
 ipaserver/plugins/otptoken.py | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/API.txt b/API.txt
index 5b83bfbd0b457b77e0522ab7d83abfae4df3ebe9..3039832d3b250b5e29b8b932763ef17a479cbd5a 100644
--- a/API.txt
+++ b/API.txt
@@ -3271,7 +3271,7 @@ option: DateTime('ipatokennotafter?', cli_name='not_after')
 option: DateTime('ipatokennotbefore?', cli_name='not_before')
 option: StrEnum('ipatokenotpalgorithm?', autofill=True, cli_name='algo', default=u'sha1', values=[u'sha1', u'sha256', u'sha384', u'sha512'])
 option: IntEnum('ipatokenotpdigits?', autofill=True, cli_name='digits', default=6, values=[6, 8])
-option: OTPTokenKey('ipatokenotpkey?', autofill=True, cli_name='key')
+option: OTPTokenKey('ipatokenotpkey', autofill=True, cli_name='key')
 option: Str('ipatokenowner?', cli_name='owner')
 option: Str('ipatokenserial?', cli_name='serial')
 option: Int('ipatokentotpclockoffset?', autofill=True, cli_name='offset', default=0)
diff --git a/VERSION b/VERSION
index a8b89ed305bcfdf2990a7400d005a68d734fa7e8..9473c820ed7b776a3fda1378f160d2e27f31c3ee 100644
--- a/VERSION
+++ b/VERSION
@@ -90,5 +90,5 @@ IPA_DATA_VERSION=2010061412
 #  #
 
 IPA_API_VERSION_MAJOR=2
-IPA_API_VERSION_MINOR=212
-# Last change: ab: service: add flag to allow S4U2Self
+IPA_API_VERSION_MINOR=213
+# Last change: tkrizek: ipatokenotpkey: set as required
diff --git a/ipaserver/plugins/otptoken.py b/ipaserver/plugins/otptoken.py
index 39012e2f9106c33c520e19f14331fc440333015a..15b25e07a905257f016de68a3d9e182447699d0e 100644
--- a/ipaserver/plugins/otptoken.py
+++ b/ipaserver/plugins/otptoken.py
@@ -208,7 +208,7 @@ class otptoken(LDAPObject):
 label=_('Serial'),
 doc=_('Token serial (informational only)'),
 ),
-OTPTokenKey('ipatokenotpkey?',
+OTPTokenKey('ipatokenotpkey',
 cli_name='key',
 label=_('Key'),
 doc=_('Token secret (Base32; default: random)'),
-- 
2.7.4

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH] 0003 Validate key in otptoken-add

2016-08-22 Thread Martin Basti 



On 22.08.2016 17:48, Martin Basti wrote:




On 22.08.2016 10:22, Tomas Krizek wrote:


Seems like a good idea, I'm attaching the updated patch. Autofill 
does work when the param is required.



On 08/19/2016 04:19 PM, Martin Basti wrote:




On 16.08.2016 17:35, Tomas Krizek wrote:

Hi,

the attached patch fixes an error message when user provides an 
empty key while adding otp token.


https://fedorahosted.org/freeipa/ticket/6200





I'm curious why we don't fix it here:

OTPTokenKey('ipatokenotpkey?',
cli_name='key',
label=_('Key'),
doc=_('Token secret (Base32; default: random)'),
default_from=lambda: os.urandom(KEY_LENGTH),
autofill=True,
flags=('no_display', 'no_update', 'no_search'),
),


If OTPTokenKey is mandratory, it should be required param (autofill 
should work in this case too)


Martin^2


--
Tomas Krizek


You changed API, you must regenerate API.txt (./makeapi) and increment 
minor version in VERSION file


Option 'ipatokenotpkey?' in command 'otptoken_add/1' in API file not found
Options count in otptoken_add of 22 doesn't match expected: 23
Option ipatokenotpkey of command otptoken_add in ipalib, not in API file:
OTPTokenKey('ipatokenotpkey', autofill=True, cli_name='key')

Martin^2




[root@vm-058-107 ~]# ipa otptoken-add --key='ORSXG5DFON2AU==='
Usage: ipa [global-options] otptoken-add [ID] [options]

ipa: error: --key option does not take a value


Well patch doesnt work for me, Honza may know if this is expected 
behavior of framework or just params bug


Martin62
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH] 0003 Validate key in otptoken-add

2016-08-22 Thread Martin Basti 



On 22.08.2016 10:22, Tomas Krizek wrote:


Seems like a good idea, I'm attaching the updated patch. Autofill does 
work when the param is required.



On 08/19/2016 04:19 PM, Martin Basti wrote:




On 16.08.2016 17:35, Tomas Krizek wrote:

Hi,

the attached patch fixes an error message when user provides an 
empty key while adding otp token.


https://fedorahosted.org/freeipa/ticket/6200





I'm curious why we don't fix it here:

OTPTokenKey('ipatokenotpkey?',
cli_name='key',
label=_('Key'),
doc=_('Token secret (Base32; default: random)'),
default_from=lambda: os.urandom(KEY_LENGTH),
autofill=True,
flags=('no_display', 'no_update', 'no_search'),
),


If OTPTokenKey is mandratory, it should be required param (autofill 
should work in this case too)


Martin^2


--
Tomas Krizek


You changed API, you must regenerate API.txt (./makeapi) and increment 
minor version in VERSION file


Option 'ipatokenotpkey?' in command 'otptoken_add/1' in API file not found
Options count in otptoken_add of 22 doesn't match expected: 23
Option ipatokenotpkey of command otptoken_add in ipalib, not in API file:
OTPTokenKey('ipatokenotpkey', autofill=True, cli_name='key')

Martin^2
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [PATCH] 0003 Validate key in otptoken-add

2016-08-16 Thread Tomas Krizek 

Hi,

the attached patch fixes an error message when user provides an empty 
key while adding otp token.


https://fedorahosted.org/freeipa/ticket/6200

--
Tomas Krizek

From 806e0cf73dcc3ccbfd620b7865561682ea2e37f5 Mon Sep 17 00:00:00 2001
From: Tomas Krizek 
Date: Tue, 16 Aug 2016 14:10:49 +0200
Subject: [PATCH] Validate key in otptoken-add

Verify that key is not empty when adding otp token. If it is empty, raise an
appropriate error.

https://fedorahosted.org/freeipa/ticket/6200
---
 ipaserver/plugins/otptoken.py | 4 
 1 file changed, 4 insertions(+)

diff --git a/ipaserver/plugins/otptoken.py b/ipaserver/plugins/otptoken.py
index 39012e2f9106c33c520e19f14331fc440333015a..4429edc2f08a18e973773239d7b1db0a01aafb99 100644
--- a/ipaserver/plugins/otptoken.py
+++ b/ipaserver/plugins/otptoken.py
@@ -323,6 +323,10 @@ class otptoken_add(LDAPCreate):
 except (NotFound, IndexError):
 pass
 
+# Check if key is not empty
+if entry_attrs['ipatokenotpkey'] is None:
+raise ValidationError(name='key', error=_(u'can not be empty'))
+
 # Build the URI parameters
 args = {}
 args['issuer'] = issuer
-- 
2.7.4

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code