Re: [Freeipa-devel] [PATCH] 0003 Validate key in otptoken-add

Tue, 23 Aug 2016 03:16:55 -0700 

In that case, the first version of the patch solves the issue.
I'm attaching the patch once again, but it's the same as the one in the original message. 


On 08/23/2016 11:53 AM, Jan Cholasta wrote:

On 22.8.2016 19:08, Tomas Krizek wrote:

I've attached the updated patch. Hopefully I didn't forget anything else
this time.


On 08/22/2016 05:48 PM, Martin Basti wrote:


On 22.08.2016 10:22, Tomas Krizek wrote:


Seems like a good idea, I'm attaching the updated patch. Autofill
does work when the param is required.


On 08/19/2016 04:19 PM, Martin Basti wrote:




On 16.08.2016 17:35, Tomas Krizek wrote:

Hi,

the attached patch fixes an error message when user provides an
empty key while adding otp token.

https://fedorahosted.org/freeipa/ticket/6200





I'm curious why we don't fix it here:

        OTPTokenKey('ipatokenotpkey?',
            cli_name='key',
            label=_('Key'),
            doc=_('Token secret (Base32; default: random)'),
            default_from=lambda: os.urandom(KEY_LENGTH),
            autofill=True,
            flags=('no_display', 'no_update', 'no_search'),
        ),


If OTPTokenKey is mandratory, it should be required param (autofill
should work in this case too)

Martin^2


--
Tomas Krizek


You changed API, you must regenerate API.txt (./makeapi) and increment
minor version in VERSION file
Option 'ipatokenotpkey?' in command 'otptoken_add/1' in API file not found 
Options count in otptoken_add of 22 doesn't match expected: 23
Option ipatokenotpkey of command otptoken_add in ipalib, not in API file: 
OTPTokenKey('ipatokenotpkey', autofill=True, cli_name='key')


NACK, this is a backward incompatible change.

AFAICT the option should remain optional, see the doc string:

    Token secret (Base32; default: random)
                          ^^^^^^^^^^^^^^^



--
Tomas Krizek


From 806e0cf73dcc3ccbfd620b7865561682ea2e37f5 Mon Sep 17 00:00:00 2001
From: Tomas Krizek <tkri...@redhat.com>
Date: Tue, 16 Aug 2016 14:10:49 +0200
Subject: [PATCH] Validate key in otptoken-add

Verify that key is not empty when adding otp token. If it is empty, raise an
appropriate error.

https://fedorahosted.org/freeipa/ticket/6200
---
 ipaserver/plugins/otptoken.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/ipaserver/plugins/otptoken.py b/ipaserver/plugins/otptoken.py
index 39012e2f9106c33c520e19f14331fc440333015a..4429edc2f08a18e973773239d7b1db0a01aafb99 100644
--- a/ipaserver/plugins/otptoken.py
+++ b/ipaserver/plugins/otptoken.py
@@ -323,6 +323,10 @@ class otptoken_add(LDAPCreate):
             except (NotFound, IndexError):
                 pass
 
+        # Check if key is not empty
+        if entry_attrs['ipatokenotpkey'] is None:
+            raise ValidationError(name='key', error=_(u'can not be empty'))
+
         # Build the URI parameters
         args = {}
         args['issuer'] = issuer
-- 
2.7.4


-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to