diff --git a/doc/faq/ha-setups.rst b/doc/faq/ha-setups.rst index e5b4065d8e..6d6174cc43 100644 --- a/doc/faq/ha-setups.rst +++ b/doc/faq/ha-setups.rst @@ -22,7 +22,8 @@ Using one central DBMS .. figure:: images/ha-one-dbms.png :width: 500 -If you already have a high available, redundant DBMS which might even be +If you already have a high available, redundant DBMS - +like MariaDB Galera Cluster - which might even be addressable via one cluster IP address the configuration is fairly simple. In such a case you can configure the same ``SQLALCHEMY_DATABASE_URI`` on all instances. diff --git a/doc/policies/admin.rst b/doc/policies/admin.rst index 19596ed34c..65c4663df6 100644 --- a/doc/policies/admin.rst +++ b/doc/policies/admin.rst @@ -69,6 +69,17 @@ Tokens can be enabled and disabled. Disabled tokens can not be used to authenticate. The ``disable`` action allows the administrator to disable tokens. +revoke +~~~~~~ + +type: bool + +Tokens can be revoked. Usually this means the token is disabled and locked. +A locked token can not be modified anymore. It can only be deleted. + +Certain token types like *certificate* may define special actions when +revoking a token. + set ~~~ diff --git a/doc/policies/user.rst b/doc/policies/user.rst index 2aa8e3e11a..3e36147d6c 100644 --- a/doc/policies/user.rst +++ b/doc/policies/user.rst @@ -263,3 +263,15 @@ attributes in the user store. .. note:: To be able to edit the attributes, the resolver must be defined as editable. + + +revoke +~~~~~~ + +type: bool + +Tokens can be revoked. Usually this means the token is disabled and locked. +A locked token can not be modified anymore. It can only be deleted. + +Certain token types like *certificate* may define special actions when +revoking a token. diff --git a/doc/requirements.txt b/doc/requirements.txt index 60eb7372f4..e36dabd32b 100644 --- a/doc/requirements.txt +++ b/doc/requirements.txt @@ -22,7 +22,7 @@ gunicorn==19.3.0 itsdangerous==0.24 Jinja2==2.7.3 ldap3==0.9.8.4 -Mako==1.0.0 +Mako>=0.9.1 MarkupSafe==0.23 mock==1.0.1 MySQL-python==1.2.5 diff --git a/migrations/versions/20969b4cbf06_.py b/migrations/versions/20969b4cbf06_.py new file mode 100644 index 0000000000..cf73b0fdc2 --- /dev/null +++ b/migrations/versions/20969b4cbf06_.py @@ -0,0 +1,37 @@ +"""Add column revoked to Token table + +Revision ID: 20969b4cbf06 +Revises: 4d9178fa8336 +Create Date: 2015-08-27 12:19:57.272525 + +""" + +# revision identifiers, used by Alembic. +revision = '20969b4cbf06' +down_revision = '4d9178fa8336' + +from alembic import op +import sqlalchemy as sa + + +def upgrade(): + try: + op.add_column('token', sa.Column('revoked', sa.Boolean(), + nullable=False, + default=False)) + except Exception as exx: + print "Could not add column 'revoked' to table 'token'" + print (exx) + + try: + op.add_column('token', sa.Column('locked', sa.Boolean(), + nullable=False, + default=False)) + except Exception as exx: + print "Could not add column 'locked' to table 'token'" + print (exx) + + +def downgrade(): + op.drop_column('token', 'revoked') + op.drop_column('token', 'locked') diff --git a/po/de.po b/po/de.po index 57ba8be1e3..6d5b81f4e2 100644 --- a/po/de.po +++ b/po/de.po @@ -110,12 +110,12 @@ msgstr "Ein Attribut, das die IP-Adresse der Maschine enthält" #: privacyidea/static/components/machine/views/machine.details.html:126 #: privacyidea/static/components/machine/views/machine.details.html:51 -#: privacyidea/static/components/token/views/token.details.html:389 -#: privacyidea/static/components/token/views/token.details.html:471 +#: privacyidea/static/components/token/views/token.details.html:398 +#: privacyidea/static/components/token/views/token.details.html:480 msgid "Application" msgstr "Applikationen" -#: privacyidea/static/components/token/views/token.details.html:310 +#: privacyidea/static/components/token/views/token.details.html:319 msgid "Assgined User" msgstr "Benutzer zuweisen" @@ -123,8 +123,8 @@ msgstr "Benutzer zuweisen" msgid "Assign Token" msgstr "Token zuweisen" -#: privacyidea/static/components/token/views/token.details.html:353 -#: privacyidea/static/components/token/views/token.details.html:361 +#: privacyidea/static/components/token/views/token.details.html:362 +#: privacyidea/static/components/token/views/token.details.html:370 msgid "Assign User" msgstr "Benutzer zuweisen" @@ -140,7 +140,7 @@ msgstr "Token einem Benutzer zuweisen" msgid "Assignment State" msgstr "Zuweisung" -#: privacyidea/static/components/token/views/token.details.html:499 +#: privacyidea/static/components/token/views/token.details.html:508 msgid "Attach Machine" msgstr "Maschine anhängen" @@ -148,7 +148,7 @@ msgstr "Maschine anhängen" msgid "Attach Token" msgstr "Token anhängen" -#: privacyidea/static/components/token/views/token.details.html:465 +#: privacyidea/static/components/token/views/token.details.html:474 msgid "Attach to a new Machine" msgstr "An eine neue Maschine anhängen" @@ -232,9 +232,9 @@ msgstr "Zertifizierungsstellen" #: privacyidea/static/components/config/views/config.realms.list.html:75 #: privacyidea/static/components/directives/views/directive.tokendata.html:21 #: privacyidea/static/components/machine/views/machine.details.html:110 -#: privacyidea/static/components/token/views/token.details.html:187 -#: privacyidea/static/components/token/views/token.details.html:226 -#: privacyidea/static/components/token/views/token.details.html:455 +#: privacyidea/static/components/token/views/token.details.html:196 +#: privacyidea/static/components/token/views/token.details.html:235 +#: privacyidea/static/components/token/views/token.details.html:464 #: privacyidea/static/components/user/views/user.details.html:93 msgid "Cancel" msgstr "Abbrechen" @@ -309,11 +309,11 @@ msgstr "Verbindungsparameter" msgid "Connector name" msgstr "Konnektor-Name" -#: privacyidea/static/components/token/views/token.details.html:72 +#: privacyidea/static/components/token/views/token.details.html:81 msgid "Count" msgstr "Zähler" -#: privacyidea/static/components/token/views/token.details.html:77 +#: privacyidea/static/components/token/views/token.details.html:86 #: privacyidea/static/components/token/views/token.getserial.html:48 msgid "Count Window" msgstr "Zählerfenster" @@ -434,7 +434,7 @@ msgstr "Benutzer löschen" msgid "Delete user" msgstr "Benutzer löschen" -#: privacyidea/static/components/token/views/token.details.html:96 +#: privacyidea/static/components/token/views/token.details.html:105 #: privacyidea/static/components/token/views/token.enroll.email.html:15 #: privacyidea/static/components/token/views/token.enroll.sms.html:14 #: privacyidea/static/components/token/views/token.enroll.sshkey.html:17 @@ -444,7 +444,7 @@ msgid "Description" msgstr "Beschreibung" #: privacyidea/static/components/machine/views/machine.details.html:98 -#: privacyidea/static/components/token/views/token.details.html:441 +#: privacyidea/static/components/token/views/token.details.html:450 msgid "Detach" msgstr "abhängen" @@ -461,7 +461,7 @@ msgid "Details for user {{ username }} in realm" msgstr "Details zum Benutzer {{ username }} in Realm" #: privacyidea/static/components/config/views/config.policies.details.html:4 -#: privacyidea/static/components/token/views/token.details.html:32 +#: privacyidea/static/components/token/views/token.details.html:36 msgid "Disable" msgstr "Deaktivieren" @@ -490,8 +490,8 @@ msgstr "Email Token Einstellungen" #: privacyidea/static/components/config/views/config.realms.list.html:58 #: privacyidea/static/components/config/views/config.resolvers.list.html:19 #: privacyidea/static/components/directives/views/directive.tokendata.html:26 -#: privacyidea/static/components/token/views/token.details.html:177 -#: privacyidea/static/components/token/views/token.details.html:216 +#: privacyidea/static/components/token/views/token.details.html:186 +#: privacyidea/static/components/token/views/token.details.html:225 msgid "Edit" msgstr "Bearbeiten" @@ -520,7 +520,7 @@ msgid "Edit Machine Resolvers" msgstr "Maschinen-Resolver bearbeiten" #: privacyidea/static/components/machine/views/machine.details.html:94 -#: privacyidea/static/components/token/views/token.details.html:437 +#: privacyidea/static/components/token/views/token.details.html:446 msgid "Edit Options" msgstr "Optionen bearbeiten" @@ -573,7 +573,7 @@ msgid "Email Address" msgstr "EMail-Adresse" #: privacyidea/static/components/config/views/config.policies.details.html:9 -#: privacyidea/static/components/token/views/token.details.html:37 +#: privacyidea/static/components/token/views/token.details.html:41 msgid "Enable" msgstr "Aktivieren" @@ -596,23 +596,23 @@ msgstr "Neuen Token ausrollen " msgid "Enter OTP key..." msgstr "OTP Schlüssel eingeben..." -#: privacyidea/static/components/token/views/token.details.html:268 +#: privacyidea/static/components/token/views/token.details.html:277 msgid "Enter PIN again" msgstr "PIN wiederholen" -#: privacyidea/static/components/token/views/token.details.html:287 +#: privacyidea/static/components/token/views/token.details.html:296 msgid "Enter PIN and OTP to check the token." msgstr "PIN und OTP eingeben um den Token zu prüfen." -#: privacyidea/static/components/token/views/token.details.html:263 +#: privacyidea/static/components/token/views/token.details.html:272 msgid "Enter PIN for token" msgstr "Token-PIN eingeben" -#: privacyidea/static/components/token/views/token.details.html:241 +#: privacyidea/static/components/token/views/token.details.html:250 msgid "Enter first OTP value" msgstr "Ersten OTP-Wert eingeben" -#: privacyidea/static/components/token/views/token.details.html:246 +#: privacyidea/static/components/token/views/token.details.html:255 msgid "Enter second OTP value" msgstr "Zweiten OTP-Wert eingeben" @@ -621,7 +621,7 @@ msgid "Enter your username and password and click Log In to authenticate." msgstr "" "Bitte geben Sie Ihren Benutzernamen und Ihr Passwort ein, um sich anzumelden." -#: privacyidea/static/components/token/views/token.details.html:51 +#: privacyidea/static/components/token/views/token.details.html:60 msgid "Fail counter" msgstr "Fehlerzähler" @@ -643,7 +643,7 @@ msgstr "Dateiname" #: privacyidea/static/components/audit/views/audit.log.html:15 #: privacyidea/static/components/machine/views/machine.details.html:43 #: privacyidea/static/components/machine/views/machine.list.html:5 -#: privacyidea/static/components/token/views/token.details.html:377 +#: privacyidea/static/components/token/views/token.details.html:386 #: privacyidea/static/components/token/views/token.list.html:6 msgid "First" msgstr "Anfang" @@ -801,14 +801,14 @@ msgstr "SAML Attribute in die Authentisierungsantwort mit einbinden." msgid "Increase the failcounter if the wrong PIN was entered." msgstr "Den Fehlerzähler erhöhen, wenn eine falsche PIN eingegeben wurde." -#: privacyidea/static/components/token/views/token.details.html:104 +#: privacyidea/static/components/token/views/token.details.html:113 msgid "Info" msgstr "Info" #: privacyidea/static/components/audit/views/audit.log.html:14 #: privacyidea/static/components/machine/views/machine.details.html:42 #: privacyidea/static/components/machine/views/machine.list.html:4 -#: privacyidea/static/components/token/views/token.details.html:376 +#: privacyidea/static/components/token/views/token.details.html:385 #: privacyidea/static/components/token/views/token.list.html:5 msgid "Last" msgstr "Ende" @@ -871,7 +871,7 @@ msgid "Machine" msgstr "Maschine" #: privacyidea/static/components/machine/views/machine.details.html:14 -#: privacyidea/static/components/token/views/token.details.html:387 +#: privacyidea/static/components/token/views/token.details.html:396 msgid "Machine ID" msgstr "Maschinen-ID" @@ -889,7 +889,7 @@ msgstr "Maschinen-Resolver" msgid "Machines" msgstr "Maschinen" -#: privacyidea/static/components/token/views/token.details.html:370 +#: privacyidea/static/components/token/views/token.details.html:379 msgid "Machines this token is attached to" msgstr "Maschinen, an die dieser Token angehängt ist" @@ -923,15 +923,15 @@ msgid "" " newly enrolled tokens" msgstr "Maximale Fehlerzähler für neu ausgerollte Token" -#: privacyidea/static/components/token/views/token.details.html:42 +#: privacyidea/static/components/token/views/token.details.html:51 msgid "Maxfail" msgstr "Max. Fehlerzähler " -#: privacyidea/static/components/token/views/token.details.html:111 +#: privacyidea/static/components/token/views/token.details.html:120 msgid "Maximum Authentication Count" msgstr "Maximale Authentisierungen" -#: privacyidea/static/components/token/views/token.details.html:121 +#: privacyidea/static/components/token/views/token.details.html:130 msgid "Maximum Success Auth Count" msgstr "Maximale erfolgreiche Authentisierungen" @@ -968,7 +968,7 @@ msgstr "Neuer {{ resolvertype }}" #: privacyidea/static/components/audit/views/audit.log.html:13 #: privacyidea/static/components/machine/views/machine.details.html:41 #: privacyidea/static/components/machine/views/machine.list.html:3 -#: privacyidea/static/components/token/views/token.details.html:375 +#: privacyidea/static/components/token/views/token.details.html:384 #: privacyidea/static/components/token/views/token.list.html:4 msgid "Next" msgstr "Weiter" @@ -1001,7 +1001,7 @@ msgstr "Anzahl der Maschinen: {{ $sope.machinecount }}" msgid "OTP Key" msgstr "OTP Schlüssel" -#: privacyidea/static/components/token/views/token.details.html:67 +#: privacyidea/static/components/token/views/token.details.html:76 msgid "OTP Length" msgstr "OTP-Länge" @@ -1057,7 +1057,7 @@ msgid "OpenSSL config file" msgstr "OpenSSL Konfigurationsdatei" #: privacyidea/static/components/machine/views/machine.details.html:52 -#: privacyidea/static/components/token/views/token.details.html:390 +#: privacyidea/static/components/token/views/token.details.html:399 msgid "Options" msgstr "Optionen" @@ -1150,7 +1150,7 @@ msgstr "OpenLDAP vorbelegen" #: privacyidea/static/components/audit/views/audit.log.html:12 #: privacyidea/static/components/machine/views/machine.details.html:40 #: privacyidea/static/components/machine/views/machine.list.html:2 -#: privacyidea/static/components/token/views/token.details.html:374 +#: privacyidea/static/components/token/views/token.details.html:383 #: privacyidea/static/components/token/views/token.list.html:3 msgid "Previous" msgstr "Zurück" @@ -1194,7 +1194,7 @@ msgstr "RADIUS dictionary Datei" #: privacyidea/static/components/config/views/config.policies.list.html:9 #: privacyidea/static/components/directives/views/directive.assignuser.html:5 -#: privacyidea/static/components/token/views/token.details.html:328 +#: privacyidea/static/components/token/views/token.details.html:337 msgid "Realm" msgstr "Realm " @@ -1250,13 +1250,13 @@ msgstr "Remote Benutzer" msgid "Repeat password" msgstr "Passwort wiederholen" -#: privacyidea/static/components/token/views/token.details.html:59 +#: privacyidea/static/components/token/views/token.details.html:68 msgid "Reset fail counter" msgstr "Fehlerzähler zurücksetzen" #: privacyidea/static/components/config/views/config.policies.list.html:11 -#: privacyidea/static/components/token/views/token.details.html:333 -#: privacyidea/static/components/token/views/token.details.html:388 +#: privacyidea/static/components/token/views/token.details.html:342 +#: privacyidea/static/components/token/views/token.details.html:397 #: privacyidea/static/components/user/views/user.add.html:9 msgid "Resolver" msgstr "Resolver" @@ -1276,10 +1276,14 @@ msgstr "Resolvername" msgid "Resource Server URI" msgstr "URI des Resource Servers" -#: privacyidea/static/components/token/views/token.details.html:252 +#: privacyidea/static/components/token/views/token.details.html:261 msgid "Resync Token" msgstr " Token resynchronisieren" +#: privacyidea/static/components/token/views/token.details.html:46 +msgid "Revoke" +msgstr "Widerrufen" + #: privacyidea/static/templates/menu.html:62 msgid "Role" msgstr "Rolle" @@ -1302,7 +1306,7 @@ msgid "Save" msgstr "Speichern" #: privacyidea/static/components/machine/views/machine.details.html:104 -#: privacyidea/static/components/token/views/token.details.html:448 +#: privacyidea/static/components/token/views/token.details.html:457 msgid "Save Options" msgstr "Optionen speichern" @@ -1314,11 +1318,11 @@ msgstr "Resolver speichern" msgid "Save System Config" msgstr "Systemkonfiguration speichern" -#: privacyidea/static/components/token/views/token.details.html:182 +#: privacyidea/static/components/token/views/token.details.html:191 msgid "Save Token Info" msgstr "Tokeninfo speichern" -#: privacyidea/static/components/token/views/token.details.html:221 +#: privacyidea/static/components/token/views/token.details.html:230 msgid "Save realms" msgstr "Realms speichern" @@ -1376,23 +1380,23 @@ msgstr "Server" msgid "Server URI" msgstr "Server-URI" -#: privacyidea/static/components/token/views/token.details.html:274 +#: privacyidea/static/components/token/views/token.details.html:283 msgid "Set PIN" msgstr " PIN setzen" -#: privacyidea/static/components/token/views/token.details.html:78 +#: privacyidea/static/components/token/views/token.details.html:87 msgid "Set count window" msgstr "Zählerfenster setzen" -#: privacyidea/static/components/token/views/token.details.html:97 +#: privacyidea/static/components/token/views/token.details.html:106 msgid "Set description" msgstr "Beschreibung setzen" -#: privacyidea/static/components/token/views/token.details.html:43 +#: privacyidea/static/components/token/views/token.details.html:52 msgid "Set max fail" msgstr "Max. Fehlerzähler setzen" -#: privacyidea/static/components/token/views/token.details.html:87 +#: privacyidea/static/components/token/views/token.details.html:96 msgid "Set sync window" msgstr "Sync-Fenster setzen" @@ -1423,7 +1427,7 @@ msgstr "Support" msgid "Surname" msgstr "Nachname" -#: privacyidea/static/components/token/views/token.details.html:86 +#: privacyidea/static/components/token/views/token.details.html:95 msgid "Sync Window" msgstr "Sync-Fenster" @@ -1471,7 +1475,7 @@ msgstr "SQL Resolver testen" msgid "Test Yubikey" msgstr "Yubikey testen" -#: privacyidea/static/components/token/views/token.details.html:294 +#: privacyidea/static/components/token/views/token.details.html:303 msgid "Test token" msgstr " Token testen" @@ -2034,11 +2038,11 @@ msgstr "Tokendaten" msgid "Token details for {{ tokenSerial }}" msgstr "Details zu Token {{ tokenSerial }}" -#: privacyidea/static/components/token/controllers/tokenDetailController.js:126 +#: privacyidea/static/components/token/controllers/tokenDetailController.js:128 msgid "Token resync failed." msgstr "Token Resync fehlgeschlagen." -#: privacyidea/static/components/token/controllers/tokenDetailController.js:123 +#: privacyidea/static/components/token/controllers/tokenDetailController.js:125 msgid "Token resync successful." msgstr "Token wurde erfolgreich resynchronisiert." @@ -2078,11 +2082,11 @@ msgstr "TYPO3" msgid "UID Type" msgstr "UID Typ" -#: privacyidea/static/components/token/views/token.details.html:346 +#: privacyidea/static/components/token/views/token.details.html:355 msgid "Unassign Token" msgstr "Tokenzuweisung aufheben" -#: privacyidea/static/components/token/views/token.details.html:321 +#: privacyidea/static/components/token/views/token.details.html:330 msgid "Unassign User" msgstr "Benutzerzuweisung aufheben" @@ -2122,7 +2126,7 @@ msgstr "Benutzer " msgid "User Filter" msgstr "Benutzerfilter" -#: privacyidea/static/components/token/views/token.details.html:338 +#: privacyidea/static/components/token/views/token.details.html:347 msgid "User Id" msgstr "Benutzer ID" @@ -2149,7 +2153,7 @@ msgstr "Benutzer-Resolver" #: privacyidea/static/components/directives/views/directive.assignuser.html:14 #: privacyidea/static/components/login/views/login.html:15 #: privacyidea/static/components/login/views/login.html:18 -#: privacyidea/static/components/token/views/token.details.html:314 +#: privacyidea/static/components/token/views/token.details.html:323 #: privacyidea/static/components/user/views/user.add.html:28 #: privacyidea/static/components/user/views/user.details.html:22 msgid "Username" @@ -2172,11 +2176,11 @@ msgstr "Validate-Requests pro Token" msgid "Validate Requests per users" msgstr "Validate-Requests pro Benutzer" -#: privacyidea/static/components/token/views/token.details.html:153 +#: privacyidea/static/components/token/views/token.details.html:162 msgid "Validity End" msgstr "Beginn Gültigkeit" -#: privacyidea/static/components/token/views/token.details.html:133 +#: privacyidea/static/components/token/views/token.details.html:142 msgid "Validity Start" msgstr "Ende Gültigkeit" @@ -2318,6 +2322,10 @@ msgstr "ID" msgid "info" msgstr "Info" +#: privacyidea/static/components/token/views/token.details.html:29 +msgid "locked" +msgstr "gesperrt" + #: privacyidea/static/components/audit/views/audit.log.html:60 msgid "log level" msgstr "Logstufe" @@ -2375,6 +2383,10 @@ msgstr "Realm" msgid "resolvers" msgstr "Resolver" +#: privacyidea/static/components/token/views/token.details.html:31 +msgid "revoked" +msgstr "widerrufen" + #: privacyidea/static/components/audit/views/audit.log.html:38 #: privacyidea/static/components/token/views/token.list.html:16 #: privacyidea/static/components/user/views/user.details.html:117 diff --git a/po/template.pot b/po/template.pot index b4a8176363..4987bd83ab 100644 --- a/po/template.pot +++ b/po/template.pot @@ -100,12 +100,12 @@ msgstr "" #: privacyidea/static/components/machine/views/machine.details.html:126 #: privacyidea/static/components/machine/views/machine.details.html:51 -#: privacyidea/static/components/token/views/token.details.html:389 -#: privacyidea/static/components/token/views/token.details.html:471 +#: privacyidea/static/components/token/views/token.details.html:398 +#: privacyidea/static/components/token/views/token.details.html:480 msgid "Application" msgstr "" -#: privacyidea/static/components/token/views/token.details.html:310 +#: privacyidea/static/components/token/views/token.details.html:319 msgid "Assgined User" msgstr "" @@ -113,8 +113,8 @@ msgstr "" msgid "Assign Token" msgstr "" -#: privacyidea/static/components/token/views/token.details.html:353 -#: privacyidea/static/components/token/views/token.details.html:361 +#: privacyidea/static/components/token/views/token.details.html:362 +#: privacyidea/static/components/token/views/token.details.html:370 msgid "Assign User" msgstr "" @@ -130,7 +130,7 @@ msgstr "" msgid "Assignment State" msgstr "" -#: privacyidea/static/components/token/views/token.details.html:499 +#: privacyidea/static/components/token/views/token.details.html:508 msgid "Attach Machine" msgstr "" @@ -138,7 +138,7 @@ msgstr "" msgid "Attach Token" msgstr "" -#: privacyidea/static/components/token/views/token.details.html:465 +#: privacyidea/static/components/token/views/token.details.html:474 msgid "Attach to a new Machine" msgstr "" @@ -217,9 +217,9 @@ msgstr "" #: privacyidea/static/components/config/views/config.realms.list.html:75 #: privacyidea/static/components/directives/views/directive.tokendata.html:21 #: privacyidea/static/components/machine/views/machine.details.html:110 -#: privacyidea/static/components/token/views/token.details.html:187 -#: privacyidea/static/components/token/views/token.details.html:226 -#: privacyidea/static/components/token/views/token.details.html:455 +#: privacyidea/static/components/token/views/token.details.html:196 +#: privacyidea/static/components/token/views/token.details.html:235 +#: privacyidea/static/components/token/views/token.details.html:464 #: privacyidea/static/components/user/views/user.details.html:93 msgid "Cancel" msgstr "" @@ -288,11 +288,11 @@ msgstr "" msgid "Connector name" msgstr "" -#: privacyidea/static/components/token/views/token.details.html:72 +#: privacyidea/static/components/token/views/token.details.html:81 msgid "Count" msgstr "" -#: privacyidea/static/components/token/views/token.details.html:77 +#: privacyidea/static/components/token/views/token.details.html:86 #: privacyidea/static/components/token/views/token.getserial.html:48 msgid "Count Window" msgstr "" @@ -413,7 +413,7 @@ msgstr "" msgid "Delete user" msgstr "" -#: privacyidea/static/components/token/views/token.details.html:96 +#: privacyidea/static/components/token/views/token.details.html:105 #: privacyidea/static/components/token/views/token.enroll.email.html:15 #: privacyidea/static/components/token/views/token.enroll.sms.html:14 #: privacyidea/static/components/token/views/token.enroll.sshkey.html:17 @@ -423,7 +423,7 @@ msgid "Description" msgstr "" #: privacyidea/static/components/machine/views/machine.details.html:98 -#: privacyidea/static/components/token/views/token.details.html:441 +#: privacyidea/static/components/token/views/token.details.html:450 msgid "Detach" msgstr "" @@ -438,7 +438,7 @@ msgid "Details for user {{ username }} in realm" msgstr "" #: privacyidea/static/components/config/views/config.policies.details.html:4 -#: privacyidea/static/components/token/views/token.details.html:32 +#: privacyidea/static/components/token/views/token.details.html:36 msgid "Disable" msgstr "" @@ -467,8 +467,8 @@ msgstr "" #: privacyidea/static/components/config/views/config.realms.list.html:58 #: privacyidea/static/components/config/views/config.resolvers.list.html:19 #: privacyidea/static/components/directives/views/directive.tokendata.html:26 -#: privacyidea/static/components/token/views/token.details.html:177 -#: privacyidea/static/components/token/views/token.details.html:216 +#: privacyidea/static/components/token/views/token.details.html:186 +#: privacyidea/static/components/token/views/token.details.html:225 msgid "Edit" msgstr "" @@ -497,7 +497,7 @@ msgid "Edit Machine Resolvers" msgstr "" #: privacyidea/static/components/machine/views/machine.details.html:94 -#: privacyidea/static/components/token/views/token.details.html:437 +#: privacyidea/static/components/token/views/token.details.html:446 msgid "Edit Options" msgstr "" @@ -550,7 +550,7 @@ msgid "Email Address" msgstr "" #: privacyidea/static/components/config/views/config.policies.details.html:9 -#: privacyidea/static/components/token/views/token.details.html:37 +#: privacyidea/static/components/token/views/token.details.html:41 msgid "Enable" msgstr "" @@ -573,23 +573,23 @@ msgstr "" msgid "Enter OTP key..." msgstr "" -#: privacyidea/static/components/token/views/token.details.html:268 +#: privacyidea/static/components/token/views/token.details.html:277 msgid "Enter PIN again" msgstr "" -#: privacyidea/static/components/token/views/token.details.html:287 +#: privacyidea/static/components/token/views/token.details.html:296 msgid "Enter PIN and OTP to check the token." msgstr "" -#: privacyidea/static/components/token/views/token.details.html:263 +#: privacyidea/static/components/token/views/token.details.html:272 msgid "Enter PIN for token" msgstr "" -#: privacyidea/static/components/token/views/token.details.html:241 +#: privacyidea/static/components/token/views/token.details.html:250 msgid "Enter first OTP value" msgstr "" -#: privacyidea/static/components/token/views/token.details.html:246 +#: privacyidea/static/components/token/views/token.details.html:255 msgid "Enter second OTP value" msgstr "" @@ -597,7 +597,7 @@ msgstr "" msgid "Enter your username and password and click Log In to authenticate." msgstr "" -#: privacyidea/static/components/token/views/token.details.html:51 +#: privacyidea/static/components/token/views/token.details.html:60 msgid "Fail counter" msgstr "" @@ -619,7 +619,7 @@ msgstr "" #: privacyidea/static/components/audit/views/audit.log.html:15 #: privacyidea/static/components/machine/views/machine.details.html:43 #: privacyidea/static/components/machine/views/machine.list.html:5 -#: privacyidea/static/components/token/views/token.details.html:377 +#: privacyidea/static/components/token/views/token.details.html:386 #: privacyidea/static/components/token/views/token.list.html:6 msgid "First" msgstr "" @@ -760,14 +760,14 @@ msgstr "" msgid "Increase the failcounter if the wrong PIN was entered." msgstr "" -#: privacyidea/static/components/token/views/token.details.html:104 +#: privacyidea/static/components/token/views/token.details.html:113 msgid "Info" msgstr "" #: privacyidea/static/components/audit/views/audit.log.html:14 #: privacyidea/static/components/machine/views/machine.details.html:42 #: privacyidea/static/components/machine/views/machine.list.html:4 -#: privacyidea/static/components/token/views/token.details.html:376 +#: privacyidea/static/components/token/views/token.details.html:385 #: privacyidea/static/components/token/views/token.list.html:5 msgid "Last" msgstr "" @@ -828,7 +828,7 @@ msgid "Machine" msgstr "" #: privacyidea/static/components/machine/views/machine.details.html:14 -#: privacyidea/static/components/token/views/token.details.html:387 +#: privacyidea/static/components/token/views/token.details.html:396 msgid "Machine ID" msgstr "" @@ -846,7 +846,7 @@ msgstr "" msgid "Machines" msgstr "" -#: privacyidea/static/components/token/views/token.details.html:370 +#: privacyidea/static/components/token/views/token.details.html:379 msgid "Machines this token is attached to" msgstr "" @@ -880,15 +880,15 @@ msgid "" " newly enrolled tokens" msgstr "" -#: privacyidea/static/components/token/views/token.details.html:42 +#: privacyidea/static/components/token/views/token.details.html:51 msgid "Maxfail" msgstr "" -#: privacyidea/static/components/token/views/token.details.html:111 +#: privacyidea/static/components/token/views/token.details.html:120 msgid "Maximum Authentication Count" msgstr "" -#: privacyidea/static/components/token/views/token.details.html:121 +#: privacyidea/static/components/token/views/token.details.html:130 msgid "Maximum Success Auth Count" msgstr "" @@ -925,7 +925,7 @@ msgstr "" #: privacyidea/static/components/audit/views/audit.log.html:13 #: privacyidea/static/components/machine/views/machine.details.html:41 #: privacyidea/static/components/machine/views/machine.list.html:3 -#: privacyidea/static/components/token/views/token.details.html:375 +#: privacyidea/static/components/token/views/token.details.html:384 #: privacyidea/static/components/token/views/token.list.html:4 msgid "Next" msgstr "" @@ -958,7 +958,7 @@ msgstr "" msgid "OTP Key" msgstr "" -#: privacyidea/static/components/token/views/token.details.html:67 +#: privacyidea/static/components/token/views/token.details.html:76 msgid "OTP Length" msgstr "" @@ -1011,7 +1011,7 @@ msgid "OpenSSL config file" msgstr "" #: privacyidea/static/components/machine/views/machine.details.html:52 -#: privacyidea/static/components/token/views/token.details.html:390 +#: privacyidea/static/components/token/views/token.details.html:399 msgid "Options" msgstr "" @@ -1102,7 +1102,7 @@ msgstr "" #: privacyidea/static/components/audit/views/audit.log.html:12 #: privacyidea/static/components/machine/views/machine.details.html:40 #: privacyidea/static/components/machine/views/machine.list.html:2 -#: privacyidea/static/components/token/views/token.details.html:374 +#: privacyidea/static/components/token/views/token.details.html:383 #: privacyidea/static/components/token/views/token.list.html:3 msgid "Previous" msgstr "" @@ -1146,7 +1146,7 @@ msgstr "" #: privacyidea/static/components/config/views/config.policies.list.html:9 #: privacyidea/static/components/directives/views/directive.assignuser.html:5 -#: privacyidea/static/components/token/views/token.details.html:328 +#: privacyidea/static/components/token/views/token.details.html:337 msgid "Realm" msgstr "" @@ -1202,13 +1202,13 @@ msgstr "" msgid "Repeat password" msgstr "" -#: privacyidea/static/components/token/views/token.details.html:59 +#: privacyidea/static/components/token/views/token.details.html:68 msgid "Reset fail counter" msgstr "" #: privacyidea/static/components/config/views/config.policies.list.html:11 -#: privacyidea/static/components/token/views/token.details.html:333 -#: privacyidea/static/components/token/views/token.details.html:388 +#: privacyidea/static/components/token/views/token.details.html:342 +#: privacyidea/static/components/token/views/token.details.html:397 #: privacyidea/static/components/user/views/user.add.html:9 msgid "Resolver" msgstr "" @@ -1228,10 +1228,14 @@ msgstr "" msgid "Resource Server URI" msgstr "" -#: privacyidea/static/components/token/views/token.details.html:252 +#: privacyidea/static/components/token/views/token.details.html:261 msgid "Resync Token" msgstr "" +#: privacyidea/static/components/token/views/token.details.html:46 +msgid "Revoke" +msgstr "" + #: privacyidea/static/templates/menu.html:62 msgid "Role" msgstr "" @@ -1254,7 +1258,7 @@ msgid "Save" msgstr "" #: privacyidea/static/components/machine/views/machine.details.html:104 -#: privacyidea/static/components/token/views/token.details.html:448 +#: privacyidea/static/components/token/views/token.details.html:457 msgid "Save Options" msgstr "" @@ -1266,11 +1270,11 @@ msgstr "" msgid "Save System Config" msgstr "" -#: privacyidea/static/components/token/views/token.details.html:182 +#: privacyidea/static/components/token/views/token.details.html:191 msgid "Save Token Info" msgstr "" -#: privacyidea/static/components/token/views/token.details.html:221 +#: privacyidea/static/components/token/views/token.details.html:230 msgid "Save realms" msgstr "" @@ -1328,23 +1332,23 @@ msgstr "" msgid "Server URI" msgstr "" -#: privacyidea/static/components/token/views/token.details.html:274 +#: privacyidea/static/components/token/views/token.details.html:283 msgid "Set PIN" msgstr "" -#: privacyidea/static/components/token/views/token.details.html:78 +#: privacyidea/static/components/token/views/token.details.html:87 msgid "Set count window" msgstr "" -#: privacyidea/static/components/token/views/token.details.html:97 +#: privacyidea/static/components/token/views/token.details.html:106 msgid "Set description" msgstr "" -#: privacyidea/static/components/token/views/token.details.html:43 +#: privacyidea/static/components/token/views/token.details.html:52 msgid "Set max fail" msgstr "" -#: privacyidea/static/components/token/views/token.details.html:87 +#: privacyidea/static/components/token/views/token.details.html:96 msgid "Set sync window" msgstr "" @@ -1375,7 +1379,7 @@ msgstr "" msgid "Surname" msgstr "" -#: privacyidea/static/components/token/views/token.details.html:86 +#: privacyidea/static/components/token/views/token.details.html:95 msgid "Sync Window" msgstr "" @@ -1423,7 +1427,7 @@ msgstr "" msgid "Test Yubikey" msgstr "" -#: privacyidea/static/components/token/views/token.details.html:294 +#: privacyidea/static/components/token/views/token.details.html:303 msgid "Test token" msgstr "" @@ -1846,11 +1850,11 @@ msgstr "" msgid "Token details for {{ tokenSerial }}" msgstr "" -#: privacyidea/static/components/token/controllers/tokenDetailController.js:126 +#: privacyidea/static/components/token/controllers/tokenDetailController.js:128 msgid "Token resync failed." msgstr "" -#: privacyidea/static/components/token/controllers/tokenDetailController.js:123 +#: privacyidea/static/components/token/controllers/tokenDetailController.js:125 msgid "Token resync successful." msgstr "" @@ -1890,11 +1894,11 @@ msgstr "" msgid "UID Type" msgstr "" -#: privacyidea/static/components/token/views/token.details.html:346 +#: privacyidea/static/components/token/views/token.details.html:355 msgid "Unassign Token" msgstr "" -#: privacyidea/static/components/token/views/token.details.html:321 +#: privacyidea/static/components/token/views/token.details.html:330 msgid "Unassign User" msgstr "" @@ -1933,7 +1937,7 @@ msgstr "" msgid "User Filter" msgstr "" -#: privacyidea/static/components/token/views/token.details.html:338 +#: privacyidea/static/components/token/views/token.details.html:347 msgid "User Id" msgstr "" @@ -1960,7 +1964,7 @@ msgstr "" #: privacyidea/static/components/directives/views/directive.assignuser.html:14 #: privacyidea/static/components/login/views/login.html:15 #: privacyidea/static/components/login/views/login.html:18 -#: privacyidea/static/components/token/views/token.details.html:314 +#: privacyidea/static/components/token/views/token.details.html:323 #: privacyidea/static/components/user/views/user.add.html:28 #: privacyidea/static/components/user/views/user.details.html:22 msgid "Username" @@ -1983,11 +1987,11 @@ msgstr "" msgid "Validate Requests per users" msgstr "" -#: privacyidea/static/components/token/views/token.details.html:153 +#: privacyidea/static/components/token/views/token.details.html:162 msgid "Validity End" msgstr "" -#: privacyidea/static/components/token/views/token.details.html:133 +#: privacyidea/static/components/token/views/token.details.html:142 msgid "Validity Start" msgstr "" @@ -2124,6 +2128,10 @@ msgstr "" msgid "info" msgstr "" +#: privacyidea/static/components/token/views/token.details.html:29 +msgid "locked" +msgstr "" + #: privacyidea/static/components/audit/views/audit.log.html:60 msgid "log level" msgstr "" @@ -2181,6 +2189,10 @@ msgstr "" msgid "resolvers" msgstr "" +#: privacyidea/static/components/token/views/token.details.html:31 +msgid "revoked" +msgstr "" + #: privacyidea/static/components/audit/views/audit.log.html:38 #: privacyidea/static/components/token/views/token.list.html:16 #: privacyidea/static/components/user/views/user.details.html:117 diff --git a/privacyidea/api/token.py b/privacyidea/api/token.py index b95d10b387..80185e9105 100644 --- a/privacyidea/api/token.py +++ b/privacyidea/api/token.py @@ -42,6 +42,7 @@ from ..lib.user import get_user_from_param from ..lib.token import (init_token, get_tokens_paginate, assign_token, unassign_token, remove_token, enable_token, + revoke_token, reset_token, resync_token, set_pin_so, set_pin_user, set_pin, set_description, set_count_window, set_sync_window, set_count_auth, @@ -393,6 +394,38 @@ def unassign_api(): return send_result(res) +@token_blueprint.route('/revoke', methods=['POST']) +@token_blueprint.route('/revoke/', methods=['POST']) +@prepolicy(check_base_action, request, action=ACTION.REVOKE) +@log_with(log) +def revoke_api(serial=None): + """ + Revoke a single token or all the tokens of a user. + A revoked token will usually be locked. A locked token can not be used + anymore. + For certain token types additional actions might occur when revoking a + token. + + :param serial: the serial number of the single token to revoke + :type serial: basestring + :param user: The login name of the user + :type user: basestring + :param realm: the realm name of the user + :type realm: basestring + :return: In case of success it returns the number of revoked + tokens in "value". + :rtype: json object + """ + user = get_user_from_param(request.all_data, optional) + if not serial: + serial = getParam(request.all_data, "serial", optional) + + res = revoke_token(serial, user=user) + g.audit_object.log({"success": res > 0}) + return send_result(res) + + + @token_blueprint.route('/enable', methods=['POST']) @token_blueprint.route('/enable/', methods=['POST']) @prepolicy(check_base_action, request, action=ACTION.ENABLE) diff --git a/privacyidea/lib/decorators.py b/privacyidea/lib/decorators.py index e2afe71c11..c90d3fdbf3 100644 --- a/privacyidea/lib/decorators.py +++ b/privacyidea/lib/decorators.py @@ -24,6 +24,28 @@ from privacyidea.lib.error import TokenAdminError from privacyidea.lib.error import ParameterError from flask import request +from gettext import gettext as _ + + +def check_token_locked(func): + """ + Decorator to check if a token is locked or not. + The decorator is to be used in token class methods. + It can be used to avoid performing an action on a locked token. + + If the token is locked, a TokenAdminError is raised. + """ + @functools.wraps(func) + def token_locked_wrapper(*args, **kwds): + # The token object + token = args[0] + if token.is_locked(): + raise TokenAdminError(_("This action is not possible, since the " + "token is locked"), id=1007) + f_result = func(*args, **kwds) + return f_result + + return token_locked_wrapper def check_user_or_serial(func): @@ -38,7 +60,7 @@ def user_or_serial_wrapper(*args, **kwds): # If there is no user and serial keyword parameter and if # there is no normal argument, we do not have enough information serial = kwds.get("serial") - user= kwds.get("user") + user = kwds.get("user") if serial is None and (len(args) == 0 or args[0] is None): # We have no serial! The serial would be the first arg if user is None or (user is not None and user.is_empty()): @@ -63,7 +85,7 @@ def check_user_or_serial_in_request_wrapper(*args, **kwds): user = request.all_data.get("user") serial = request.all_data.get("serial") if not serial and not user: - raise ParameterError("You need to specify a serial or a user.") + raise ParameterError(_("You need to specify a serial or a user.")) f_result = func(*args, **kwds) return f_result diff --git a/privacyidea/lib/error.py b/privacyidea/lib/error.py index 743799beba..387d32f634 100644 --- a/privacyidea/lib/error.py +++ b/privacyidea/lib/error.py @@ -24,10 +24,11 @@ # You should have received a copy of the GNU Affero General Public # License along with this program. If not, see . # -'''contains Errors and Exceptions -''' - +""" +contains Errors and Exceptions +""" +from gettext import gettext as _ import logging log = logging.getLogger(__name__) @@ -140,6 +141,7 @@ def __init__(self, description="selfservice error!", id=807): class ParameterError(privacyIDEAError): - USER_OR_SERIAL = 'You either need to provide user or serial' + USER_OR_SERIAL = _('You either need to provide user or serial') + def __init__(self, description="unspecified parameter error!", id=905): privacyIDEAError.__init__(self, description=description, id=id) diff --git a/privacyidea/lib/policy.py b/privacyidea/lib/policy.py index d9b050c291..b480044be4 100644 --- a/privacyidea/lib/policy.py +++ b/privacyidea/lib/policy.py @@ -167,6 +167,7 @@ class ACTION(): RESOLVERDELETE = "resolverdelete" RESOLVERWRITE = "resolverwrite" RESYNC = "resync" + REVOKE = "revoke" SET = "set" SETPIN = "setpin" SETREALM = "setrealm" @@ -602,6 +603,8 @@ def get_static_policy_definitions(scope=None): 'desc': _( 'Admin is allowed to reset the Failcounter of ' 'a token.')}, + ACTION.REVOKE: {'tpye': 'bool', + 'desc': _("Admin is allowed to revoke a token")}, ACTION.ASSIGN: {'type': 'bool', 'desc': _( 'Admin is allowed to assign a token to a ' @@ -779,6 +782,8 @@ def get_static_policy_definitions(scope=None): ACTION.RESYNC: {'type': 'bool', "desc": _("The user is allowed to resyncronize his " "tokens.")}, + ACTION.REVOKE: {'tpye': 'bool', + 'desc': _("The user is allowed to revoke a token")}, ACTION.RESET: {'type': 'bool', 'desc': _('The user is allowed to reset the ' 'failcounter of his tokens.')}, diff --git a/privacyidea/lib/token.py b/privacyidea/lib/token.py index 581507709c..0542e0abe5 100644 --- a/privacyidea/lib/token.py +++ b/privacyidea/lib/token.py @@ -111,7 +111,8 @@ def create_tokenclass_object(db_token): def _create_token_query(tokentype=None, realm=None, assigned=None, user=None, serial=None, active=None, resolver=None, - rollout_state=None, description=None): + rollout_state=None, description=None, revoked=None, + locked=None): """ This function create the sql query for getting tokens. It is used by get_tokens and get_tokens_paginate. @@ -190,6 +191,20 @@ def _create_token_query(tokentype=None, realm=None, assigned=None, user=None, else: sql_query = sql_query.filter(Token.active == False) + if revoked is not None: + # Filter revoked or not revoked tokens + if revoked is True: + sql_query = sql_query.filter(Token.revoked == True) + else: + sql_query = sql_query.filter(Token.revoked == False) + + if locked is not None: + # Filter revoked or not revoked tokens + if locked is True: + sql_query = sql_query.filter(Token.locked == True) + else: + sql_query = sql_query.filter(Token.locked == False) + if rollout_state is not None: # Filter for tokens with the given rollout state sql_query = sql_query.filter(Token.rollout_state == rollout_state) @@ -200,7 +215,7 @@ def _create_token_query(tokentype=None, realm=None, assigned=None, user=None, #@cache.memoize(10) def get_tokens(tokentype=None, realm=None, assigned=None, user=None, serial=None, active=None, resolver=None, rollout_state=None, - count=False): + count=False, revoked=None, locked=None): """ (was getTokensOfType) This function returns a list of token objects of a @@ -234,6 +249,11 @@ def get_tokens(tokentype=None, realm=None, assigned=None, user=None, :param count: If set to True, only the number of the result and not the list is returned. :type count: bool + :param revoked: Only search for revoked tokens or only for not revoked + tokens + :type revoked: bool + :param locked: Only search for locked tokens or only for not locked tokens + :type locked: bool :return: A list of tokenclasses (lib.tokenclass) :rtype: list @@ -243,7 +263,8 @@ def get_tokens(tokentype=None, realm=None, assigned=None, user=None, assigned=assigned, user=user, serial=serial, active=active, resolver=resolver, - rollout_state=rollout_state) + rollout_state=rollout_state, + revoked=revoked, locked=locked) # Decide, what we are supposed to return if count is True: @@ -1170,6 +1191,30 @@ def set_pin_so(serial, so_pin, user=None): return len(tokenobject_list) +@log_with(log) +@check_user_or_serial +def revoke_token(serial, user=None): + """ + Revoke a token. + + :param serial: The serial number of the token + :type serial: basestring + :param enable: False is the token should be disabled + :type enable: bool + :param user: all tokens of the user will be enabled or disabled + :type user: User object + :return: Number of tokens that were enabled/disabled + :rtype: + """ + tokenobject_list = get_tokens(user=user, serial=serial) + + for tokenobject in tokenobject_list: + tokenobject.revoke() + tokenobject.save() + + return len(tokenobject_list) + + @log_with(log) @check_user_or_serial def enable_token(serial, enable=True, user=None): diff --git a/privacyidea/lib/tokenclass.py b/privacyidea/lib/tokenclass.py index 550dc52163..82f44f12bc 100644 --- a/privacyidea/lib/tokenclass.py +++ b/privacyidea/lib/tokenclass.py @@ -1,12 +1,13 @@ # -*- coding: utf-8 -*- # privacyIDEA is a fork of LinOTP # +# 2015-08-27 Cornelius Kölbel +# Add revocation of token # * Nov 27, 2014 Cornelius Kölbel # Migration to flask # Rewrite of methods # 100% test code coverage -# * Oct676 -# 03, 2014 Cornelius Kölbel +# * Oct 03, 2014 Cornelius Kölbel # Move the QR stuff in getInitDetail into the token classes # * Sep 17, 2014 Cornelius Kölbel, cornelius@privacyidea.org # Improve the return value of the InitDetail @@ -63,7 +64,7 @@ from .crypto import encryptPassword from .crypto import decryptPassword from .policydecorators import libpolicy, auth_otppin - +from .decorators import check_token_locked DATE_FORMAT = "%d/%m/%y %H:%M" optional = True @@ -122,7 +123,8 @@ def get_class_prefix(cls): def get_type(self): return self.token.tokentype - + + @check_token_locked def set_user(self, user, report=None): """ Set the user attributes (uid, resolvername, resolvertype) of a token. @@ -161,6 +163,7 @@ def get_user(self): realm=realmname) return user_object + @check_token_locked def set_user_identifiers(self, uid, resolvername, resolvertype): """ (was setUid) @@ -174,6 +177,7 @@ def set_user_identifiers(self, uid, resolvername, resolvertype): self.token.resolver_type = resolvertype self.token.user_id = uid + @check_token_locked def reset(self): """ Reset the failcounter @@ -181,6 +185,7 @@ def reset(self): self.token.failcount = 0 self.token.save() + @check_token_locked def add_init_details(self, key, value): """ (was addInfo) @@ -189,6 +194,7 @@ def add_init_details(self, key, value): self.init_details[key] = value return self.init_details + @check_token_locked def set_init_details(self, details): if type(details) not in [dict]: raise Exception("Details setting: wrong data type - must be dict") @@ -205,6 +211,7 @@ def get_init_details(self): """ return self.init_details + @check_token_locked def set_tokeninfo(self, info): """ Set the tokeninfo field in the DB. Old values will be deleted. @@ -224,6 +231,7 @@ def set_tokeninfo(self, info): self.token.set_info(info) + @check_token_locked def add_tokeninfo(self, key, value, value_type=None): """ Add a key and a value to the DB tokeninfo @@ -239,6 +247,7 @@ def add_tokeninfo(self, key, value, value_type=None): add_info[key] = encryptPassword(value) self.token.set_info(add_info) + @check_token_locked def check_otp(self, otpval, counter=None, window=None, options=None): """ This checks the OTP value, AFTER the upper level did @@ -294,6 +303,7 @@ def get_multi_otp(self, count=0, epoch_start=0, epoch_end=0, return False, "get_multi_otp not implemented for this tokentype", {} @libpolicy(auth_otppin) + @check_token_locked def check_pin(self, pin, user=None, options=None): """ Check the PIN of the given Password. @@ -318,6 +328,7 @@ def check_pin(self, pin, user=None, options=None): res = self.token.check_pin(pin) return res + @check_token_locked def authenticate(self, passw, user=None, options=None): """ High level interface which covers the check_pin and check_otp @@ -436,6 +447,7 @@ def _genOtpKey_(self, otpkeylen=None): otpkeylen = 20 return generate_otpkey(otpkeylen) + @check_token_locked def set_description(self, description): """ Set the description on the database level @@ -521,25 +533,32 @@ def get_serial(self): def get_tokentype(self): return self.token.tokentype + @check_token_locked def set_so_pin(self, soPin): self.token.set_so_pin(soPin) + @check_token_locked def set_user_pin(self, userPin): self.token.set_user_pin(userPin) + @check_token_locked def set_otpkey(self, otpKey): self.token.set_otpkey(otpKey) + @check_token_locked def set_otplen(self, otplen): self.token.otplen = int(otplen) + @check_token_locked def get_otplen(self): return self.token.otplen + @check_token_locked def set_otp_count(self, otpCount): self.token.count = int(otpCount) self.token.save() + @check_token_locked def set_pin(self, pin, encrypt=False): """ set the PIN of a token. @@ -556,19 +575,55 @@ def set_pin(self, pin, encrypt=False): def get_pin_hash_seed(self): return self.token.pin_hash, self.token.pin_seed + @check_token_locked def set_pin_hash_seed(self, pinhash, seed): self.token.pin_hash = pinhash self.token.pin_seed = seed + @check_token_locked def enable(self, enable=True): self.token.active = enable + def revoke(self): + """ + This revokes the token. + By default it + 1. sets the revoked-field + 2. set the locked field + 3. disables the token. + + Some token types may revoke a token without locking it. + """ + self.token.revoked = True + self.token.locked = True + self.token.active = False + + def is_revoked(self): + """ + Check if the token is in the revoked state + + :return: True, if the token is revoked + """ + return self.token.revoked + + def is_locked(self): + """ + Check if the token is in a locked state + A locked token can not be modified + + :return: True, if the token is locked. + """ + return self.token.locked + + @check_token_locked def set_maxfail(self, maxFail): self.token.maxfail = maxFail + @check_token_locked def set_hashlib(self, hashlib): self.add_tokeninfo("hashlib", hashlib) + @check_token_locked def inc_failcount(self): if self.token.failcount < self.token.maxfail: self.token.failcount = (self.token.failcount + 1) @@ -579,12 +634,14 @@ def inc_failcount(self): raise TokenAdminError("Token Fail Counter update failed", id=1106) return self.token.failcount + @check_token_locked def set_count_window(self, countWindow): self.token.count_window = int(countWindow) def get_count_window(self): return self.token.count_window + @check_token_locked def set_sync_window(self, syncWindow): self.token.sync_window = int(syncWindow) @@ -651,6 +708,7 @@ def get_tokeninfo(self, key=None, default=None): def del_tokeninfo(self, key=None): self.token.del_info(key) + @check_token_locked def set_count_auth_success_max(self, count): """ Sets the counter for the maximum allowed successful logins @@ -660,6 +718,7 @@ def set_count_auth_success_max(self, count): """ self.add_tokeninfo("count_auth_success_max", int(count)) + @check_token_locked def set_count_auth_success(self, count): """ Sets the counter for the occurred successful logins @@ -669,6 +728,7 @@ def set_count_auth_success(self, count): """ self.add_tokeninfo("count_auth_success", int(count)) + @check_token_locked def set_count_auth_max(self, count): """ Sets the counter for the maximum allowed login attemps @@ -678,6 +738,7 @@ def set_count_auth_max(self, count): """ self.add_tokeninfo("count_auth_max", int(count)) + @check_token_locked def set_count_auth(self, count): """ Sets the counter for the occurred login attepms @@ -725,6 +786,7 @@ def get_validity_period_end(self): ret = self.get_tokeninfo("validity_period_end", "") return ret + @check_token_locked def set_validity_period_end(self, end_date): """ sets the end date of the validity period for a token @@ -754,6 +816,7 @@ def get_validity_period_start(self): ret = self.get_tokeninfo("validity_period_start", "") return ret + @check_token_locked def set_validity_period_start(self, start_date): """ sets the start date of the validity period for a token @@ -773,6 +836,7 @@ def set_validity_period_start(self, start_date): self.add_tokeninfo("validity_period_start", start_date) + @check_token_locked def inc_count_auth_success(self): """ Increase the counter, that counts successful authentications @@ -782,6 +846,7 @@ def inc_count_auth_success(self): self.set_count_auth_success(count) return count + @check_token_locked def inc_count_auth(self): """ Increase the counter, that counts authentications - successful and @@ -844,6 +909,7 @@ def check_validity_period(self): return True @log_with(log) + @check_token_locked def inc_otp_counter(self, counter=None, reset=True): """ Increase the otp counter and store the token in the database @@ -887,7 +953,6 @@ def check_otp_exist(self, otp, window=None): """ return -1 - def split_pin_pass(self, passw, user=None, options=None): """ Split the password into the token PIN and the OTP value @@ -915,7 +980,7 @@ def split_pin_pass(self, passw, user=None, options=None): otpval = passw[-otplen:] else: pin = passw[otplen:] - otpval = passw[0:otplen]# + otpval = passw[0:otplen] return True, pin, otpval @@ -1031,7 +1096,7 @@ def get_QRimage_data(self, response_detail): challenge_janitor challenge_janitor """ - # challenge interfaces starts here + # challenge interfaces starts here def is_challenge_request(self, passw, user=None, options=None): """ This method checks, if this is a request, that triggers a challenge. @@ -1098,6 +1163,7 @@ def is_challenge_response(self, passw, user=None, options=None): return challenge_response + @check_token_locked def check_challenge_response(self, user=None, passw=None, options=None): """ This method verifies if there is a matching challenge for the given diff --git a/privacyidea/models.py b/privacyidea/models.py index e5b4211096..56b18e3acd 100644 --- a/privacyidea/models.py +++ b/privacyidea/models.py @@ -3,6 +3,9 @@ # Nov 11, 2014 Cornelius Kölbel, info@privacyidea.org # http://www.privacyidea.org # +# 2015-08-27 Cornelius Kölbel +# Add revocation of token +# # privacyIDEA is a fork of LinOTP. This model definition # is based on the LinOTP model. # @@ -107,7 +110,14 @@ class Token(MethodsMixin, db.Model): maxfail = db.Column(db.Integer(), default=10) active = db.Column(db.Boolean(), + nullable=False, default=True) + revoked = db.Column(db.Boolean(), + nullable=False, + default=False) + locked = db.Column(db.Boolean(), + nullable=False, + default=False) failcount = db.Column(db.Integer(), default=0) count = db.Column(db.Integer(), @@ -119,8 +129,8 @@ class Token(MethodsMixin, db.Model): rollout_state = db.Column(db.Unicode(10), default=u'') info = db.relationship('TokenInfo', - lazy='dynamic', - backref='info') + lazy='dynamic', + backref='info') def __init__(self, serial, tokentype=u"", isactive=True, otplen=6, @@ -134,6 +144,8 @@ def __init__(self, serial, tokentype=u"", self.failcount = 0 self.maxfail = 10 self.active = isactive + self.revoked = False + self.locked = False self.count_window = 10 self.otplen = otplen self.pin_seed = u"" @@ -418,6 +430,8 @@ def get_vars(self, save=False): ret['maxfail'] = self.maxfail ret['active'] = self.active + ret['revoked'] = self.revoked + ret['locked'] = self.locked ret['failcount'] = self.failcount ret['count'] = self.count ret['count_window'] = self.count_window diff --git a/privacyidea/static/components/token/controllers/tokenDetailController.js b/privacyidea/static/components/token/controllers/tokenDetailController.js index 2e514de667..dee823784b 100644 --- a/privacyidea/static/components/token/controllers/tokenDetailController.js +++ b/privacyidea/static/components/token/controllers/tokenDetailController.js @@ -53,7 +53,9 @@ myApp.controller("tokenDetailController", function ($scope, $scope.disable = function () { TokenFactory.disable($scope.tokenSerial, $scope.get); }; - + $scope.revoke = function () { + TokenFactory.revoke($scope.tokenSerial, $scope.get); + }; $scope.set = function (key, value) { TokenFactory.set($scope.tokenSerial, key, value, $scope.get); }; diff --git a/privacyidea/static/components/token/factories/token.js b/privacyidea/static/components/token/factories/token.js index 787445eb17..0d3bdfaa29 100644 --- a/privacyidea/static/components/token/factories/token.js +++ b/privacyidea/static/components/token/factories/token.js @@ -129,6 +129,13 @@ angular.module("TokenModule", ["privacyideaAuth"]) }).success(callback ).error(error_func) }, + revoke: function(serial, callback) { + $http.post(tokenUrl + "/revoke", {"serial": serial}, + { + headers: {'Authorization': AuthFactory.getAuthToken()} + }).success(callback + ).error(error_func) + }, lost: function(serial, callback) { $http.post(tokenUrl + "/lost/" + serial, {}, { diff --git a/privacyidea/static/components/token/views/token.details.html b/privacyidea/static/components/token/views/token.details.html index b5d780535d..97fbe63587 100644 --- a/privacyidea/static/components/token/views/token.details.html +++ b/privacyidea/static/components/token/views/token.details.html @@ -26,17 +26,26 @@

Token details for {{ tokenSerial }} disabled + locked + revoked - + + + The privacyIDEA API seems to be offline!

\n

Please try to reload and otherwise contact your system administrator!

":"

Die privacyIDEA API scheint offline zu sein!

Bitte laden Sie die Seite neu. Ansonsten wenden Sie sich an Ihren System Administrator!

","API Key":"API-Schlüssel","API client ID":"API Client ID","About privacyIDEA Web Client":"Über das privacyIDEA WebUI","Action":"Aktion ","Active":"Aktiv","Add a new user":"Benutzer hinzufügen","Add user":"Benutzer hinzufügen","Admin":"Administrator","Admin-Realm":"Admin-Realm","Administrative actions":"Administrative Requests","All CA Connectors":"All CA Konnektoren","All Machine Resolvers":"Alle Maschinen Resolver","All Machines":"Alle Maschinen","All Policies":"Alle Richtlinien","All Realms":"Alle Realms","All Resolvers":"Alle Resolver","All tokens":"Alle Token","All users":"Alle Benutzer","An Attribute or the DN to identify the machine":"Ein Attribut oder DN zur Identifizierung der Maschine","An Attribute that contains the IP address.":"Ein Attribut, das die IP-Adresse der Maschine enthält","Application":"Applikationen","Assgined User":"Benutzer zuweisen","Assign Token":"Token zuweisen","Assign User":"Benutzer zuweisen","Assign a new token {{ newTokenObject.serial }}":"Einen neuen Token {{ newTokenObject.serial }} zuweisen","Assign token to user":"Token einem Benutzer zuweisen","Assignment State":"Zuweisung","Attach Machine":"Maschine anhängen","Attach Token":"Token anhängen","Attach to a new Machine":"An eine neue Maschine anhängen","Attribute mapping":"Attributszuordnung","Audit":"Audit","Authentication Server URI":"URI des Authentisierungsservers","Authentication failed.":"Authentisierung fehlgeschlagen.","Auto resync timeout":"Timeout für Auto Resynchronisation","Automatic resync during authentication":"Automatische Resynchronisation während der Authentifizierung","Base DN":"Base DN","Bind DN":"Bind DN","Bind Password":"Bind Passwort","Bind Type":"Bind Typ","By entering an OTP value you can get the serial number of the token.\n You can also enter additional optional parameters, to narrow down the\n search for the token. So you can only search within certain token types\n or in assigned or unassigned tokens.":"Sie können die Seriennummer eines Tokens bestimmen, indem Sie einen bisher nicht gebrauchten OTP-Wert dieses Tokens eingeben. Sie können weitere Parameter eingeben, um die Suche einzuschränken. So können Sie bspw. nur innerhalb bestimmter Tokentypen oder zugewiesener oder noch nicht zugewiesener Token suchen.","CA Certificate":"Zertifikat der Zeritfizierungsstelle (CA)","CA Connector":"CA Konnektor","CA Connector name":"CA Konnektor Name","CA Key":"Schlüssel der Zertifizierungsstelle","CAs":"Zertifizierungsstellen","Cancel":"Abbrechen","Certificate (PEM)":"Zertifikat (PEM)","Certificate Directory":"Zertifikats-Verzeichnis","Certificate Signing\n Request Directory":"Verzeichnis für Zertifikatsanfragen","Certificate Signing Request (PEM)":"Zertifikatsanforderung (PEM)","Check the PIN locally":"PIN lokal verifizieren","Clear default realm":"Standard-Realm zurücksetzen","Click here or scan\n the QR Code, if you\n want to add the Token to your Google Authenticator.":"Klicken Sie hier oder scannen Sie den QR-Code, um den Token ihrer Google Authenticator- oder FreeOTP-App hinzuzufügen.","Click here or scan\n the QR Code, if you\n want to add the Token to your mOTP App like Token2.":"Klicken Sie hier oder scannen Sie den QR-Code, um den Token Ihrer mOTP App wie \"Token2\" hinzuzufügen.","Client":"Client ","Close":"Schließen","Config":"Konfiguration","Connection Parameters":"Verbindungsparameter","Connector name":"Konnektor-Name","Count":"Zähler","Count Window":"Zählerfenster","Count Window of\n newly enrolled tokens":"Zählerfenster für neu ausgerollte Token","Create Policy":"Richtlinie erzeugen","Create a new LDAP Resolver":"Erzeuge einen neuen LDAP Resolver","Create a new Local CA Connector":"Erzeuge einen neuen Lokalen CA Konnektor","Create a new Passwd Resolver":"Erzeuge einen neuen Passwd Resolver","Create a new Policy":"Erzeuge eine neue Richtlinie","Create a new SCIM Resolver":"Erzeuge einen neuen SCIM Resolver","Create a new SQL Resolver":"Erzeuge einen neuen SQL Resolver","Create a new hosts Machine\n Resolver":"Erzeuge einen neuen Hosts Maschinen Resolver","Create a new hosts Machine Resolver":"Erzeuge einen neuen Hosts Maschinen Resolver","Create default realm":"Standard-Realm anlegen","Create new Policy":"Erzeuge einen neue Richtlinie","Create realm":"Realm anlegen","Database":"Datenbank","Database Encoding":"Datenbank-Enkodierung","Default":"Standard","Default Hashlib":"Standard Hashverfahren","Default RADIUS Secret":"Standard RADIUS Secret","Default RADIUS Server":"Standard RADIUS Server","Default Remote Server":"Standard Remote privacyIDEA Server","Default Time Shift":"Standard Zeitabweichung","Default Time Step":"Standard Zeitschritt","Default Time Window":"Standard Zeitfenster","Delete":"Löschen","Delete User":"Benutzer löschen","Delete user":"Benutzer löschen","Description":"Beschreibung","Detach":"abhängen","Details for machine {{ machineid }} in Machine Resolver\n {{ machineresolver }}":"Details zur Maschine {{ machineid }} im Maschinen-Resolver {{ machineresolver }}","Details for user {{ username }} in realm":"Details zum Benutzer {{ username }} in Realm","Disable":"Deaktivieren","Do you really want to delete the user in the user store?":"Wollen Sie wirklich den Benutzer in der Benutzerquelle löschen?","Download":"Herunterladen","Download the certificate":"Zertifikat herunterladen","Driver":"Treiber","EMail Token settings":"Email Token Einstellungen","Edit":"Bearbeiten","Edit CA Connector {{ connectorname }}":"Bearbeite CA Konnector {{ connectorname }}","Edit LDAP Machine Resolver\n {{ resolvername }}":"Bearbeite LDAP Maschinen Resolver {{ resolvername }}","Edit LDAP Resolver {{ resolvername }}":"Bearbeite LDAP Resolver {{ resolvername }}","Edit Local CA Connector\n {{ connectorname }}":"Bearbeite Lokalen CA Konnektor {{ connectorname }}","Edit Machine Resolvers":"Maschinen-Resolver bearbeiten","Edit Options":"Optionen bearbeiten","Edit Passwd Resolver {{ resolvername }}":"Bearbeite Passwd Resolver {{ resolvername }}","Edit Policy {{ existingPolicyname }}":"Richtline {{ existingPolicyname }} bearbeiten","Edit Resolver {{ resolvername }}":"Bearbeite Resolver {{ resolvername }}","Edit SCIM Resolver {{ resolvername }}":"Bearbeite SCIM Resolver {{ resolvername }}","Edit SQL Resolver {{ resolvername }}":"Bearbeite SQL Resolver {{ resolvername }}","Edit hosts Machine Resolver\n {{ resolvername }}":"Bearbeite Hosts Maschinen Resolver {{ resolvername }}","Edit realms":"Realms bearbeiten","Edit user":"Benutzer bearbeiten","Edit user store":"Benutzerquelle editierbar","Email":"EMail","Email Address":"EMail-Adresse","Enable":"Aktivieren","Enroll New Token":"Neuen Token ausrollen","Enroll Token":"Token ausrollen","Enroll a new token":"Neuen Token ausrollen ","Enter OTP key...":"OTP Schlüssel eingeben...","Enter PIN again":"PIN wiederholen","Enter PIN and OTP to check the token.":"PIN und OTP eingeben um den Token zu prüfen.","Enter PIN for token":"Token-PIN eingeben","Enter first OTP value":"Ersten OTP-Wert eingeben","Enter second OTP value":"Zweiten OTP-Wert eingeben","Enter your username and password and click Log In to authenticate.":"Bitte geben Sie Ihren Benutzernamen und Ihr Passwort ein, um sich anzumelden.","Fail counter":"Fehlerzähler","Failed authentication requests per token":"Fehlgeschlagene Authentisierungen pro Token","Failed authentication requests per user":"Fehlgeschlagene Authentisierungen pro Benutzer","File name":"Dateiname","First":"Anfang","For HOTP and TOTP tokens:":"Für HOTP und TOTP Token:","For OCRA tokens:":"Für OCRA Token:","Generate OTP Key on the Server":"OTP Schlüssel auf dem Server erzeugen","Generate Request":"Zertifikatsanforderung erzeugen","Generate the Key Pair on the Server":"Das Schlüsselpaar auf dem Server erzeugen","Get Serial":"Seriennummer bestimmen","Get Serial Number":"Seriennummer bestimmen","Get Serial number by OTP value":"Seriennummer anhand eines OTP-Wertes bestimmen","Get System Documentation":"System Dokumentation","Given name":"Vorname","HOTP Token settings":"HOTP Token Einstellungen","Hash algorithm":"Hash Algorithmus","Here you can define how the SMS will be sent - via which kind of gateway.":"Hier können Sie definieren, wie SMS versendet werden - über welche Art Gateway.","Here you can define settings, that will be set as default values, when\n enrolling a HOTP token.":"Hier können Sie Werte definieren, die als Standard-Werte für neu ausgerollte HOTP Token verwendet werden.","Here you can define settings, that will be set as default values, when\n enrolling a TOTP token.":"Hier können Sie Werte definieren, die als Standard-Werte für neu ausgerollte TOTP-Token verwendet werden.","Here you can upload a csv file for your OATH token.\n The file is supposed to contain one token per line.":"Hier können Sie eine CSV-Datei mit OATH Token hochladen. Diese Datei enthält einen Token pro Zeile.","Here you can upload a csv file for your Yubikey token.\n The file is supposed to contain one token per line.":"Hier können Sie eine CSV-Datei mit Yubikey Token hochladen. Diese Datei enthält einen Token pro Zeile.","Hide Policy templates":"Vorlagen ausblenden","Hostname":"Hostname","Hostname Attribute":"Attribut für Hostnamen","IP Address":"IP-Adresse","IP Address Attribute":"Attribut für IP-Adresse","Id":"ID","If the token is lost, you can enroll a temporary password based token and\n give the password to the user. The OTP PIN of the old token is still the\n same.":"Wenn ein Token verloren ist, können Sie einen temporären Passwort-basierten Token ausrollen und dieses Passwort an den Benutzer geben. Dieses Passwort muss vom Benutzer mit der OTP PIN des alten Tokens kombiniert werden.","If you change the name of the policy, it will create a new policy\n with the new name!":"Wenn Sie den Namen der Richtlinie ändern, wird eine neue Richtlinie mit diesem Namen erzeugt. Die Richtlinie mit dem alten Namen bleibt erhalten.","Import Tokens":"Token imporieren","Import tokens from a file":"Tokendatei importieren","Include SAML attributes in the\n authentication response.":"SAML Attribute in die Authentisierungsantwort mit einbinden.","Increase the failcounter if the wrong PIN was entered.":"Den Fehlerzähler erhöhen, wenn eine falsche PIN eingegeben wurde.","Info":"Info","Last":"Ende","Leave the Bind DN empty if you want to do anonymous binding.":"Lassen Sie Bind DN leer, um einen Anonymous Bind gegen das LDAP-Verzeichnis zu machen.","Length of UID":"Länger des UID","Licensed under":"Lizenziert unter","Limit":"Begrenzung","Loading Machines...":"Lade Maschinen...","Loading serials...":"Laden Seriennummern...","Loading users...":"Lade Benutzer...","Log":"Logbuch","Log In":"Anmelden","Login":"Anmelden","Logout\n {{ loggedInUser.username }} @{{ loggedInUser.realm }}":"{{ loggedInUser.username }} @{{ loggedInUser.realm }} Abmelden","Lost Token":"Verlorener Token","Machine":"Maschine","Machine ID":"Maschinen-ID","Machine ID Attribute":"Attribut für Maschinen ID","Machine Resolver":"Maschinen-Resolver","Machines":"Maschinen","Machines this token is attached to":"Maschinen, an die dieser Token angehängt ist","Mail Sender Address":"Absenderadresse","Mail Server":"Mailserver","Mail User":"Mail-Benutzer","Mail User Password":"Passwort des Mailbenutzers","Mapping":"Zuordnung","Mark the token to be lost":"Den Token als verloren markieren","Max Failcount of\n newly enrolled tokens":"Maximale Fehlerzähler für neu ausgerollte Token","Maxfail":"Max. Fehlerzähler ","Maximum Authentication Count":"Maximale Authentisierungen","Maximum Success Auth Count":"Maximale erfolgreiche Authentisierungen","Microsoft Internet Explorer is not supported.":"Der Microsoft Internet Explorer wird nicht unterstützt.","Mobile":"Mobiltelefon","New Connectors":"Neue Konnektoren","New Resolvers":"Neue Resolver","New {{ connectortype | uppercase }} CA Connector":"Neuer {{ connectortype | uppercase }} CA Konnektor","New {{ mResolvertype | uppercase }} Resolver":"Neuer {{ mResolvertype | uppercase }} Resolver","New {{ resolvertype }}":"Neuer {{ resolvertype }}","Next":"Weiter","No":"Nein","No Serial number could be found for OTP value {{ otp }}.":"Zu dem OTP-Wert {{ otp }} konnte keine Seriennummer gefunden werden.","No anonymous referral chasing":"Referrals werden nicht (anonym) verfolgt.","Not yet implemented!":"Noch nicht implementiert!","Number of machines: {{ $scope.machinecount }}":"Anzahl der Maschinen: {{ $sope.machinecount }}","OTP Key":"OTP Schlüssel","OTP Length":"OTP-Länge","OTP PINs do not match!":"Die OTP-PINs sind nicht gleich!","OTP Value":"OTP-Wert","OTP length":"OTP-Länge ","OTP length of\n newly enrolled tokens":"OTP Länge von neu ausgerollten Token","OTP validity time":"Gültigkeitszeitraum für OTP","OTRS":"OTRS","Obviously you have no realms defined. Do you want me to create a\n default realm for you from the machines /etc/passwd?":"Offenbar haben Sie bisher keinen Realm definiert. Wollen Sie, dassaus der Datei /etc/passwd dieser Maschine automatisch ein Standard Realm erzeugt wird?","Online Documentation":"Online Dokumentation","Open new tab to create certificate\n request":"Ein neues Tab öffnen, um die Zertifikatsanforderung zu erstellen.","OpenSSL config file":"OpenSSL Konfigurationsdatei","Options":"Optionen","Overall token usage":"Allgemeine Tokennutzung","Override Authorization Clients":"Überschreibe den authorisierenden Client","Owncloud":"ownCloud","PIN":"PIN","Pass, if the user does not exist":"Durchwinken, wenn der Benutzer nicht existiert","Pass, if the user has no token":"Durchwinken, wenn der Benutzer keinen Token hat","Password":"Passwort","Paste the ssh PUBLIC key":"Fügen Sie hier den öffentlichen SSH-Schlüssel ein.","Phone":"Telefon","Phone number":"Telefonnummer","Please sign in":"Anmelden","Policies":"Richtlinien","Policy Name":"Richtlinienname","Policy Templates":"Vorlagen für Richtlinien","Port":"Port","Prepend the PIN in front of the OTP value\n . Otherwise it will be post pended.":"OTP-PIN dem OTP-Wert voranstellen. Ansonsten wird die OTP-PIN hinten angehängt.","Preset Active Directory":"Active Directory vorbelegen","Preset OpenLDAP":"OpenLDAP vorbelegen","Previous":"Zurück","Progress: {{ progressPercentage }}%":"Fortschritt: {{ progressPercentage }}%","Provider Config":"Provider Konfiguration","Push Yubikey button here...":"Drücken Sie hier den Knopf auf dem Yubikey...","Quick links":"Verwandte Themen","RADIUS Secret":"RADIUS Secret","RADIUS Server":"RADIUS-Server","RADIUS Token settings":"RADIUS Token Einstellungen","RADIUS User":"RADIUS Benutzer","RADIUS dictionary file":"RADIUS dictionary Datei","Realm":"Realm ","Realm defrealm created.":"Der Realm defrealm wurde erzeugt.","Realm name":"Realmname","Realms":"Realms","Refresh":"Aktualisieren","Registration Code":"Registrierungscode","Remote Realm":"Remote Realm","Remote Resolver":"Remote Resolver","Remote Serial":"Remote Seriennummer ","Remote Server":"Remote-Server","Remote Token settings":"Remote Token Einstellungen","Remote User":"Remote Benutzer","Repeat password":"Passwort wiederholen","Reset fail counter":"Fehlerzähler zurücksetzen","Resolver":"Resolver","Resolver name":"Resolvername","Resource Server URI":"URI des Resource Servers","Resync Token":" Token resynchronisieren","Role":"Rolle","SMS Provider":"SMS Provider","SMS Token settings":"SMS Token Einstellungen","SSH public Key":"Öffentlicher SSH Schlüssel","Save":"Speichern","Save Options":"Optionen speichern","Save Resolver":"Resolver speichern","Save System Config":"Systemkonfiguration speichern","Save Token Info":"Tokeninfo speichern","Save realms":"Realms speichern","Save resolver":"Resolver speichern","Save user":"Benutzer speichern","Scope":"Geltungsbereich","Search Filter":"Suchfilter","Secret":"Secret","Select Realm":"Realm auswählen","Select file and import":"Datei auswählen und importieren","Serial":"Seriennummer ","Serial Substring":"Teil einer Seriennummer","Server":"Server","Server URI":"Server-URI","Set PIN":" PIN setzen","Set count window":"Zählerfenster setzen","Set description":"Beschreibung setzen","Set max fail":"Max. Fehlerzähler setzen","Set sync window":"Sync-Fenster setzen","Show Policy templates":"Vorlagen anzeigen","Size Limit":"Größenbeschränkung","Some nice words...":"Ein paar nette Worte...","Statistics":"Statistik","Support":"Support","Surname":"Nachname","Sync Window":"Sync-Fenster","Sync Window of\n newly enrolled tokens":"Synchronisationsfenster für neu ausgerollte Token","System":"System","System Config":"Systemkonfiguration","System Config saved.":"Systemkonfiguration gespeichert.","TOTP Token settings":"TOTP Token Einstellungen","Table":"Tabelle","Test LDAP Resolver":"LDAP Resolver testen","Test SCIM Resolver":"SCIM Resolver testen","Test SQL Resolver":"SQL Resolver testen","Test Yubikey":"Yubikey testen","Test token":" Token testen","The Certificate Token lets you enroll an x509 ceritificate\n by the given CA.":"Der Zertifikatstoken wird dazu verwendet, um x509 Zertifikat von einer konfigurierten Zertifizierungsstelle ausstellen zu lassen.","The EMail token is a challenge response token that sends the OTP value to\n the given email address, when the correct OTP PIN was presented by the user.":"Der EMail-Token ist ein Challenge-Response-Token, der - nachdem die richtige OTP-PIN eingegeben wurde -einen OTP-Wert an die hinterlegte EMail-Adresse sendet.","The Email Token sends the OTP value to the users email address.":"Der EMail Token sendet einen OTP-Wert an die EMail-Adresse des Benutzers.","The Google Authenticator only supports an OTP length of 6.":"Der Google Authenticator unterstützt lediglich OTP Länge 6.","The Google Authenticator only supports the SHA1 algorithm.":"Der Google Authenticator unterstützt lediglich den SHA1 Algorithmus.","The HOTP Token is a event based one time password token.\n It is described in RFC\n 4226.":"Der HOTP Token ist ein ereignisbasierte Einmal-Passwort-Token. Er ist in RFC\n 4226 beschrieben.","The HOTP token is an event based token. You can paste a secret key or\n have the server generate the secret and scan the QR code with a smartphone\n app like the Google Authenticator turning your\n smartphone into an authentication device.":"Der HOTP Token ist ein ereignisbasierter Token. Sie können einen existierenden geheimen Schlüssel einfügen oder vom Server erzeugen lassen. Den so erzeugten geheimen OTP-Schlüssel können Sie dann mit dem Smartphone und einer App wie dem Google Authenticator oder FreeOTP vom QR-Code einscannen. So können Sie das Smartphone zu einem Authentisierungs-Token umwandeln.","The OTP key":"Der OTP-Schlüssel","The RADIUS server may include the port number.":"Der RADIUS Server kann auch einen IP Port enthalten.","The RADIUS token forwards the authentication request to another\n RADIUS server. You can choose if the PIN should be stripped and\n checked locally.":"Der RADIUS Token leitet die Authentisierungsanfrage an einen RADIUS-Server weiter. Sie können auswählen, ob die PIN abgetrennt und lokal überprüft werden soll.","The RADIUS token forwards the authentication request to another RADIUS\n server.":"Der RADIUS Token leitete die Authentisierungsanfrage an einen RADIUS Server weiter. ","The RSA keys will be generated in the browser.\n You will be taken to a new browser window, where you can\n create the Certificate Request. The private key remains in\n your browser and you will be able to install the certificate\n to the browser.":"Das RSA Schlüsselpaar wird im Browser erzeugt. Es wird ein neues Browser-Fenster geöffnet, in dem Sie die Zertifikatsanforderung erstellen können. Der private Schlüssel bleibt in ihrem Browser und Sie können anschließend das Zertifikat in Ihrem Browser installieren.","The Remote token forwards the authentication request to another\n privacyIDEA server.":"Der Remote Token leitet die Authentisierungsanfrage an einen privacyIDEA server weiter.","The SMS Token is an event based token. After the user has tried to\n authenticate with the OTP PIN, an SMS with an OTP value is sent to the\n users mobile phone. Then user can authenticate with this OTP value in a\n second step.":"Der SMS Token ist ein ereignisbasierter Challenge-Response Token. Nachdem der Benutzer die korrekte OTP-PINeingegeben hat, wird eine SMS mit dem OTP-Wert an die hinterlegte Handynummer gesendet.Im zweiten Schritt kann sich der Benutzer mit diesem OTP-Wert authentisieren.","The SMS Token sends an OTP value to the mobile phone of the user.":"Der SMS Token sendet einen OTP-Wert an das Mobiltelefon des Benutzers.","The SSH Key Token stores the public SSH Key in the server.\n This can be used to authenticate to a secure shell.":"Der SSH Key Token speichert den öffentlichen SSH Schlüssel im Server. Damit kann der Benutzer sich an Servern mittels SSH anmelden.","The Serial number for the OTP value {{ otp }} is\n {{ serial }}.":"Die Seriennummer für den Token mit dem OTP-Wert {{ otp }} ist {{ serial }}.","The Simple Pass Token does not take additional arguments. You only need to\n specify a OTP PIN.":"Der Simple Pass Token benötigt keine zusätzlichen Argumente. Sie müssen lediglich eine OTP PIN angeben.","The TOTP Token is a time based one time password token.\n It is described in RFC\n 6238.":"Der TOTP Token ist ein zeitbasierter Einmal-Passwort-Token.Er ist in RFC\n 6238 beschrieben.","The TOTP token is a time based token. You can paste a secret key or\n have the server generate the secret and scan the QR code with a\n smartphone app like the Google Authenticator or FreeOTP turning your\n smartphone into an authentication device.":"Der TOTP Token ist ein zeitbasierter Token. Sie können den geheimen OTP-Schlüssel hier einfügen oder den Server einen Schlüssel generieren lassen. Diesen können Sie in Ihre Smartphone-App wie Google Authenticator oder FreeOTP importieren, indem Sie den QR-Code scannen.","The Yubico Cloud mode forwards the authentication request to the\n YubiCloud. The Yubikey needs to be registered with the YubiCloud.":"Im Yubico Cloud Modus wird die Authentisierungsanfrage an die YubiCloud weitergeleitet. Der Yubikey muss in der YubiCloud registriert sein.","The Yubico Token is a Yubikey that is registered with the YubiCloud\n service. The Yubikey emits a 44 charater one time password. The first 12\n characters are a unique ID which is used to bind the device to the user.":"Der Yubico Token ist ein Yubikey der in der YubiCloud registriert ist.Der Yubikey erzeugt ein 44 Zeichen langes Passwort. Die ersten 12 Zeichensind eine eindeutige ID, welche verwendet wird, um den Token dem Benutzer zuzuordnen.","The Yubikey Token is an USB device that emits an event based One Time\n Password. You can initialize the Yubikey using the tool ykpersonalize.\n Paste the secret hex key here.\n You also need to choose, if the Yubikey emits the additional UID, which\n is either 12 or 16 characters long. You can check this in the test field.":"Der Yubikey ist ein USB-Gerät, das eine ereignis-basiertes Einmal-Passwort auswirft. Dazu wird es als Tastatur erkannt. Sie können den Yubikey mit dem Tool ykpersonalize initialisieren. Fügen Sie den geheimen Schlüssel hier ein. Außerdem können Sie auswählen, ob der Yubikey eine UID mit ausgibt. Diese kann entweder 12 oder 16 Zeichen lang sein.","The authentication request is forwarded to the YubiCloud. For accessing\n the YubiCloud you need to enter an API Client ID and an API Key, which\n you can request here.":"Die Authentisierungsanfrage wird an die YubiCloud weitergeleitet. Um die YubiCloud ansprechen zu können, benötigt man ein API Client ID und einen API Schlüssel.Dieser ist hier erhältlich.","The certificate was enrolled successfully.":"Das Zertifikat wurde erfolgreich ausgestellt.","The challenge validity time":"Die Gültigkeitszeit der Challenge","The client ID":"Die Client ID","The mOTP PIN is the PIN that needs to be entered on the mobile device.":"Die mOTP PIN ist die PIN, die auf dem Mobiltelefon in der App eingegeben werden muss.","The mOTP token is a time based OTP token for mobile devices.\n You can\n have the server generate the secret and scan the QR code.":"Der mOTP Token ist ein zeitbasierter OTP Token für mobile Geräte. Sie können den Server den geheimen Schlüssel erzeugen lassen und anschließen den QR-Coden mit einer App wie \"Token2\" scannen.","The number of lookahead OTP values. Default 10.":"Die Anzahl der untersuchten OTP-Werte (Standard 10)","The old token is disabled and can be deleted or enabled later.":"Der alte Token wird deaktiviert und kann später gelöscht oder wieder aktiviert werden.","The password can not be shown again, later!":"Das Passwort kann später nicht wieder angezeigt werden!","The password that needs to be combined with the OTP PIN:\n {{ lostResult.password }}":"Das Passwort, das mit der alten OTP PIN kombiniert werden muss: {{ lostResult.password }}","The privacyIDEA authentication backend is licensed under the\n AGPLv3.\n Some components may be part to other licenses.\n privacyIDEA was originally forked from LinOTP, which was\n licensed\n by LSE Leading Security Experts GmbH.\n For detailed information please take a look at the\n backend\n service itself.":"Das privacyIDEA Authentisierungsbackend ist unter der AGPLv3 lizenziert. Manche Komponenten können im Detail anderen Lizenzen folgen. privacyIDEA wurde ursprünglich als Fork von LinOTP erstellt, das durch dieLSE Leading Security Experts GmbH lizenziert wurde. Für weitere Details schauen Sie bitte beim Backend Service.","The privacyIDEA system seems to be offline. The API is not reachable!":"Das privacyIDEA System scheint offline zu sein. Die API ist nicht erreichbar.","The registration token is a code, that the user can use to authenticate once!\n After using this code to login, the registration token is deleted and can\n not be used anymore.":"Der Registrierungs-Token ist ein Code, den der Benutzer nur einmal zur Authentisierung verwenden kann. Nach der Benutzung wird der Registrierungs-Token gelöscht und kann nicht wieder verwendet werden.","The remote Server URL":"Die URL des Remote-Servers","The remote token forwards the authentication request to another\n privacyIDEA server. You can choose if the PIN should be stripped and\n checked locally.":"Der Remote-Token leitet die Authentisierungsanfrage an einen anderen privacyIDEA-Server weitern. Sie können auswählen, ob die PIN abgetrennt und lokal überprüft werden soll.","The serial number on the remote server":"Die Seriennummer auf dem Remote-Server","The serial of the new token is\n \n {{ lostResult.serial }}.":"Die Seriennummer des neuen Tokens ist \n {{ lostResult.serial }}.","The server will create the OTP key\n and a QR Code\n will be\n displayed to you to be scanned.":"Der Server erzeugt den geheimen Schlüssel und es wird ein QR-Code angezeigt, den Sie mit einer Smartphone-App scannen können.","The server will create the private RSA key and store it in\n the\n database. If want to create the key pair client side,\n uncheck\n this option.":"Der Server erzeugt das RSA Schlüsselpaar und speichert es in der Datenbank. Wenn Sie das Schlüsselpaar im Browser erzeugen wollen, entfernen Sie den Haken.","The server will create the secret key\n and a QR Code\n will be\n displayed to you to be scanned with the Token2 app.":"Der Server erzeugt den geheimen Schlüssel und es wird ein QR-Code angezeigt, den Sie mit der Token2-App scannen können.","The time in seconds for which the sent OTP value is valid for\n authentication.":"Die Zeit in Sekunden, für die der versendete OTP-Wert zur Authentisierung gültig ist.","The token is valid till {{ lostResult.end_date }}.":"Der Token ist bis {{ lostResult.end_date }} gültig.","The token was marked lost successfully.":"Der Token wurde erfolgreich als verloren markiert.","The token was successfully enrolled with serial number\n \n {{ enrolledToken.serial }}\n for user\n {{ newUser.user }} in realm\n {{ newUser.realm }}.":"Der Token mit der Seriennummer \n {{ enrolledToken.serial }} wurde erfolgreich für den Benutzer {{ newUser.user }} in Realm {{ newUser.realm }}ausgerollt.","The token was successfully enrolled with serial number\n \n {{ enrolledToken.serial }}.":"Der Token mit der Seriennummer {{ enrolledToken.serial }} wurde erfolgreich ausgerollt.","The user data in this database can be modified from within\n privacyIDEA.":"Die Benutzerdaten in der Datenbank können von privacyIDEA aus verwaltet werden.","The user will have to authenticate with the old OTP PIN he knows and this\n newly generated password.":"Der Benutzer muss sich mit der alten OTP PIN, die er kennt, und diesem neu erzeugten Passwort anmelden.","The username on the RADIUS server":"Der Benutzername auf dem RADIUS-Server","The username on the remote server":"Der Benutzername auf dem Remote-Server","These are the resolvers marked as editable. You can add\n a user\n to the resolver. The user will appear in the realms,\n that\n contain this resolver.":"Das sind die Resolver, die als editierbar markiert sind. SIe könne Benutzer in diesen Resolver hinzufügen. Der Benutzer erscheint dann in den Realm, in denen dieser Resolver enthalten ist.","These are the validate-requests (authentication) grouped by\n users.\n The successful and the failed requests are listed.":"Dies sind die Authentisierungsanfragen nach Benutzern sortiert.Außerdem wird nach erfolgreichen und fehlgeschlagenen Authentisierungsanfragen unterschieden.","These are the validate-requests (authentication) grouped by the\n serial number of the token.\n The successful and the failed requests are listed.":"Dies sind die Authentisierungsanfragen nach Token sortiert.Außerdem wird nach erfolgreichen und fehlgeschlagenen Authentisierungsanfragen unterschieden.","These client IP addresses or subnets are\n allowed to masquerade as another client.":"Diese Client IP Adressen oder Subnetze dürfen sich als ein anderer Client (andere IP-Adresse) ausgeben.","This documentation contains the current\n configuration of your system in restructured text. You can use\n this to document your installed system.":"Diese Dokumentation enthält die aktuelle System-Konfiguration im \"restructured text\" Format.Dies kann verwendet werden, um einen Dokumentation des installierten Systems zu erstellen.","This is a Single Page Application client that acts as a\n frontend for\n privacyIDEA authentication backend.":"Dies ist eine Single Page Applikation, die als Frontend für das privacyIDEA Authentisierungsbackend dient.","This is an RFC6030 OATH compliant PSKC file.\n At the moment only unencrypted PSKC files are supported.\n Please ask for an update to import encrypted PSKC files.":"Dies ist eine RFC6030 konformes PSKC-Datei. Im Moment werden nur unverschlüsselte PSKC-Dateien unterstützt. Bitte fragen Sie nach einem update, um verschlüsselte PSKC-Dateien zu importieren.","This is the overall token usage with\n any\n kind of action in regards to the serial number.":"Dies ist die allgemeine Tokennutzung, egal welche Aktion mit dem Tokenoder in Bezug auf den Token durchgeführt wurde.","This is used, so that the user can enroll a token on his own, after\n logging in for the first time.":"Dieser wird verwendet, damit ein Benutzer sich einmalig anmelden kann, um danach sich selber einen Token auszustellen.","Timeout":"Time-out","Timeout (seconds)":"Time-out (Sekunden)","Timestep":"Zeitschritt","Tine 2.0":"Tine 2.0","Token Type":"Tokentyp ","Token data":"Tokendaten","Token details for {{ tokenSerial }}":"Details zu Token {{ tokenSerial }}","Token resync failed.":"Token Resync fehlgeschlagen.","Token resync successful.":"Token wurde erfolgreich resynchronisiert.","Token {{ selectedToken.serial }} is Lost!":"Der Token {{ selectedToken.serial }} ist verloren!","Tokens":"Token","Tokens and Applications for machine {{ machineid }}":"Token und Applikationen zur Maschine {{ machineid }}","Tokens for user {{ username }}":"Token des Benutzers {{ username }}","Type":"Typ","Type a password":"Geben Sie ein Passwort ein","Typo3":"TYPO3","UID Type":"UID Typ","Unassign Token":"Tokenzuweisung aufheben","Unassign User":"Benutzerzuweisung aufheben","Upload Certificate":"Zertifikat hochladen","Upload Request":"Zertifikatsanforderung hochladen","Uploaded File: {{ uploadedFile }}":"Hochgeladene Datei: {{ uploadedFile }}","Uploaded Tokens: {{ uploadedTokens }}":"Hochgeladene Token: {{ uploadedTokens }}","Use @ sign to split the username\n and the realm.":"Verwende das @-Zeichen, um den Benutzernamen und den Realm abzutrennen.","Use TLS":"TLS verwenden","User":"Benutzer ","User Filter":"Benutzerfilter","User Id":"Benutzer ID","User created.":"Benutzer angelegt.","User deleted successfully.":"Benutzer erfolgreich gelöscht.","User updated successfully.":"Benutzer erfolgreich aktualisiert.","User-Realm":"Benutzerrealm","User-Resolver":"Benutzer-Resolver","Username":"Benutzer","Users":"Benutzer","Users phone number...":"Telefonnummer des Benutzers","Validate Requests per token":"Validate-Requests pro Token","Validate Requests per users":"Validate-Requests pro Benutzer","Validity End":"Beginn Gültigkeit","Validity Start":"Ende Gültigkeit","Verify SSL certificate":"SSL-Zertifikat verifizieren","View token in Audit log":"Token im Audit Log anzeigen","View user in Audit log":"Benutzer im Audit Log anzeigen","Where statement":"WHERE-Ausdruck","Which administrative request where the most popular.":"Die meistgenutzen administrativen Requests.","Wordpress":"Wordpress","Working Directory":"Arbeitsverzeichnis","You have no editable resolvers defined. So you can not write\n to any user store. If you want to add users, you need to\n define an editable\n resolver\n (like SQLResolver) and check the\n box \"Edit user store\".":"Sie haben keine editierbaren Resolver definiert. Daher können Sie in keine Benutzer-Quelle schreiben. Wenn Sie Benutzer hinzufügen wollen, müssen Sie einen editierbaren Resolver definieren (bpsw. SQLResolver) und die Checkbox \"Benutzerquelle editierbar\" anhaken.","You may pass this registration code to the user.":"Sie können diesen Registrierungscode an den Benutzer übergeben.","You will be logged out in {{ myCountdown }} second(s).":"Sie werden nach {{ myCountdown }} Sekunden abgemeldet.","Yubico Token settings":"Yubico Token Einstellungen","Yubikey Identifier":"Yubikey ID","action":"Aktion","action detail":"Aktionsdetail","active":"aktiv","administrator":"Administrator","an optional serial substring":"Optionaler Teil der Seriennummer","clearance":"Freigabestufe","client":"Client","date":"Datum","description":"Beschreibung","disabled":"deaktiviert","email":"EMail","emit a public UID":"Die öffentliche UID mit ausgeben","enter some OTP value":"Geben Sie einen OTP-Wert ein...","failcounter":"Fehlerzähler","givenname":"Vorname","hostname":"Hostname","id":"ID","info":"Info","log level":"Logstufe","mOTP PIN":"mOTP PIN","maxfail":"Max. Fehlerzähler","missing_line":"Fehlende Zeile","mobile":"Mobiltelefon","new realm":"Neuer Realm","number":"Nr.","otplen":"OTP Länge","phone":"Telefon","privacyIDEA Single Page Web Client":"privacyIDEA Single Page Web Client","privacyIDEA authentication backend":"privacyIDEA Authentisierungsbackend","privacyidea server":"privacyIDEA Server","realm":"Realm","resolvers":"Resolver","serial":"Seriennummer","serial number, seed, type, ocrasuite":"Seriennummer, OTP-Schlüssel, Typ, OCRA-Suite","serial number, seed, type, otplen, timeStep":"Seriennummer, OTP-Schlüssel, Typ, OTP-Länge, Zeitschritt","set Default":"Setze als Standard","sig_check":"Signatur","start typing a machine.":"Fangen Sie an, einen Maschinennamen zu tippen.","start typing a serial number of a token that is notassigned, yet.":"Fangen Sie an, eine nicht zugewiesene Seriennummer zu tippen.","start typing a serial number of a token.":"Fangen Sie an, eine Seriennummer zu tippen.","start typing a username":"Fangen Sie an, einen Benutzernamen zu tippen.","success":"Erfolg","surname":"Nachname","token type":"Tokentyp","total tokens: {{ tokendata.count }}":"Tokenanzahl: {{ tokendata.count }}","total users: {{ usercount }}":"Benutzeranzahl: {{ usercount }}","type":"Typ","type (default hotp), otplen (default 6), timeStep (default 30) and\n ocrasuite are optional.":"Der Typ (Standard HOTP), OTP-Länge (Standard 6), Zeitschritt (Standard 30) und OCRA-Suite sind optional.","user":"Benutzer","username":"Benutzername","window":"Fenster","{{ auditdata.count }} entries found.":"Es wurden {{ auditdata.count }} Einträge gefunden."}); + gettextCatalog.setStrings('de', {"45% Complete":"45% abgeschlossen","

The privacyIDEA API seems to be offline!

\n

Please try to reload and otherwise contact your system administrator!

":"

Die privacyIDEA API scheint offline zu sein!

Bitte laden Sie die Seite neu. Ansonsten wenden Sie sich an Ihren System Administrator!

","API Key":"API-Schlüssel","API client ID":"API Client ID","About privacyIDEA Web Client":"Über das privacyIDEA WebUI","Action":"Aktion ","Active":"Aktiv","Add a new user":"Benutzer hinzufügen","Add user":"Benutzer hinzufügen","Admin":"Administrator","Admin-Realm":"Admin-Realm","Administrative actions":"Administrative Requests","All CA Connectors":"All CA Konnektoren","All Machine Resolvers":"Alle Maschinen Resolver","All Machines":"Alle Maschinen","All Policies":"Alle Richtlinien","All Realms":"Alle Realms","All Resolvers":"Alle Resolver","All tokens":"Alle Token","All users":"Alle Benutzer","An Attribute or the DN to identify the machine":"Ein Attribut oder DN zur Identifizierung der Maschine","An Attribute that contains the IP address.":"Ein Attribut, das die IP-Adresse der Maschine enthält","Application":"Applikationen","Assgined User":"Benutzer zuweisen","Assign Token":"Token zuweisen","Assign User":"Benutzer zuweisen","Assign a new token {{ newTokenObject.serial }}":"Einen neuen Token {{ newTokenObject.serial }} zuweisen","Assign token to user":"Token einem Benutzer zuweisen","Assignment State":"Zuweisung","Attach Machine":"Maschine anhängen","Attach Token":"Token anhängen","Attach to a new Machine":"An eine neue Maschine anhängen","Attribute mapping":"Attributszuordnung","Audit":"Audit","Authentication Server URI":"URI des Authentisierungsservers","Authentication failed.":"Authentisierung fehlgeschlagen.","Auto resync timeout":"Timeout für Auto Resynchronisation","Automatic resync during authentication":"Automatische Resynchronisation während der Authentifizierung","Base DN":"Base DN","Bind DN":"Bind DN","Bind Password":"Bind Passwort","Bind Type":"Bind Typ","By entering an OTP value you can get the serial number of the token.\n You can also enter additional optional parameters, to narrow down the\n search for the token. So you can only search within certain token types\n or in assigned or unassigned tokens.":"Sie können die Seriennummer eines Tokens bestimmen, indem Sie einen bisher nicht gebrauchten OTP-Wert dieses Tokens eingeben. Sie können weitere Parameter eingeben, um die Suche einzuschränken. So können Sie bspw. nur innerhalb bestimmter Tokentypen oder zugewiesener oder noch nicht zugewiesener Token suchen.","CA Certificate":"Zertifikat der Zeritfizierungsstelle (CA)","CA Connector":"CA Konnektor","CA Connector name":"CA Konnektor Name","CA Key":"Schlüssel der Zertifizierungsstelle","CAs":"Zertifizierungsstellen","Cancel":"Abbrechen","Certificate (PEM)":"Zertifikat (PEM)","Certificate Directory":"Zertifikats-Verzeichnis","Certificate Signing\n Request Directory":"Verzeichnis für Zertifikatsanfragen","Certificate Signing Request (PEM)":"Zertifikatsanforderung (PEM)","Check the PIN locally":"PIN lokal verifizieren","Clear default realm":"Standard-Realm zurücksetzen","Click here or scan\n the QR Code, if you\n want to add the Token to your Google Authenticator.":"Klicken Sie hier oder scannen Sie den QR-Code, um den Token ihrer Google Authenticator- oder FreeOTP-App hinzuzufügen.","Click here or scan\n the QR Code, if you\n want to add the Token to your mOTP App like Token2.":"Klicken Sie hier oder scannen Sie den QR-Code, um den Token Ihrer mOTP App wie \"Token2\" hinzuzufügen.","Client":"Client ","Close":"Schließen","Config":"Konfiguration","Connection Parameters":"Verbindungsparameter","Connector name":"Konnektor-Name","Count":"Zähler","Count Window":"Zählerfenster","Count Window of\n newly enrolled tokens":"Zählerfenster für neu ausgerollte Token","Create Policy":"Richtlinie erzeugen","Create a new LDAP Resolver":"Erzeuge einen neuen LDAP Resolver","Create a new Local CA Connector":"Erzeuge einen neuen Lokalen CA Konnektor","Create a new Passwd Resolver":"Erzeuge einen neuen Passwd Resolver","Create a new Policy":"Erzeuge eine neue Richtlinie","Create a new SCIM Resolver":"Erzeuge einen neuen SCIM Resolver","Create a new SQL Resolver":"Erzeuge einen neuen SQL Resolver","Create a new hosts Machine\n Resolver":"Erzeuge einen neuen Hosts Maschinen Resolver","Create a new hosts Machine Resolver":"Erzeuge einen neuen Hosts Maschinen Resolver","Create default realm":"Standard-Realm anlegen","Create new Policy":"Erzeuge einen neue Richtlinie","Create realm":"Realm anlegen","Database":"Datenbank","Database Encoding":"Datenbank-Enkodierung","Default":"Standard","Default Hashlib":"Standard Hashverfahren","Default RADIUS Secret":"Standard RADIUS Secret","Default RADIUS Server":"Standard RADIUS Server","Default Remote Server":"Standard Remote privacyIDEA Server","Default Time Shift":"Standard Zeitabweichung","Default Time Step":"Standard Zeitschritt","Default Time Window":"Standard Zeitfenster","Delete":"Löschen","Delete User":"Benutzer löschen","Delete user":"Benutzer löschen","Description":"Beschreibung","Detach":"abhängen","Details for machine {{ machineid }} in Machine Resolver\n {{ machineresolver }}":"Details zur Maschine {{ machineid }} im Maschinen-Resolver {{ machineresolver }}","Details for user {{ username }} in realm":"Details zum Benutzer {{ username }} in Realm","Disable":"Deaktivieren","Do you really want to delete the user in the user store?":"Wollen Sie wirklich den Benutzer in der Benutzerquelle löschen?","Download":"Herunterladen","Download the certificate":"Zertifikat herunterladen","Driver":"Treiber","EMail Token settings":"Email Token Einstellungen","Edit":"Bearbeiten","Edit CA Connector {{ connectorname }}":"Bearbeite CA Konnector {{ connectorname }}","Edit LDAP Machine Resolver\n {{ resolvername }}":"Bearbeite LDAP Maschinen Resolver {{ resolvername }}","Edit LDAP Resolver {{ resolvername }}":"Bearbeite LDAP Resolver {{ resolvername }}","Edit Local CA Connector\n {{ connectorname }}":"Bearbeite Lokalen CA Konnektor {{ connectorname }}","Edit Machine Resolvers":"Maschinen-Resolver bearbeiten","Edit Options":"Optionen bearbeiten","Edit Passwd Resolver {{ resolvername }}":"Bearbeite Passwd Resolver {{ resolvername }}","Edit Policy {{ existingPolicyname }}":"Richtline {{ existingPolicyname }} bearbeiten","Edit Resolver {{ resolvername }}":"Bearbeite Resolver {{ resolvername }}","Edit SCIM Resolver {{ resolvername }}":"Bearbeite SCIM Resolver {{ resolvername }}","Edit SQL Resolver {{ resolvername }}":"Bearbeite SQL Resolver {{ resolvername }}","Edit hosts Machine Resolver\n {{ resolvername }}":"Bearbeite Hosts Maschinen Resolver {{ resolvername }}","Edit realms":"Realms bearbeiten","Edit user":"Benutzer bearbeiten","Edit user store":"Benutzerquelle editierbar","Email":"EMail","Email Address":"EMail-Adresse","Enable":"Aktivieren","Enroll New Token":"Neuen Token ausrollen","Enroll Token":"Token ausrollen","Enroll a new token":"Neuen Token ausrollen ","Enter OTP key...":"OTP Schlüssel eingeben...","Enter PIN again":"PIN wiederholen","Enter PIN and OTP to check the token.":"PIN und OTP eingeben um den Token zu prüfen.","Enter PIN for token":"Token-PIN eingeben","Enter first OTP value":"Ersten OTP-Wert eingeben","Enter second OTP value":"Zweiten OTP-Wert eingeben","Enter your username and password and click Log In to authenticate.":"Bitte geben Sie Ihren Benutzernamen und Ihr Passwort ein, um sich anzumelden.","Fail counter":"Fehlerzähler","Failed authentication requests per token":"Fehlgeschlagene Authentisierungen pro Token","Failed authentication requests per user":"Fehlgeschlagene Authentisierungen pro Benutzer","File name":"Dateiname","First":"Anfang","For HOTP and TOTP tokens:":"Für HOTP und TOTP Token:","For OCRA tokens:":"Für OCRA Token:","Generate OTP Key on the Server":"OTP Schlüssel auf dem Server erzeugen","Generate Request":"Zertifikatsanforderung erzeugen","Generate the Key Pair on the Server":"Das Schlüsselpaar auf dem Server erzeugen","Get Serial":"Seriennummer bestimmen","Get Serial Number":"Seriennummer bestimmen","Get Serial number by OTP value":"Seriennummer anhand eines OTP-Wertes bestimmen","Get System Documentation":"System Dokumentation","Given name":"Vorname","HOTP Token settings":"HOTP Token Einstellungen","Hash algorithm":"Hash Algorithmus","Here you can define how the SMS will be sent - via which kind of gateway.":"Hier können Sie definieren, wie SMS versendet werden - über welche Art Gateway.","Here you can define settings, that will be set as default values, when\n enrolling a HOTP token.":"Hier können Sie Werte definieren, die als Standard-Werte für neu ausgerollte HOTP Token verwendet werden.","Here you can define settings, that will be set as default values, when\n enrolling a TOTP token.":"Hier können Sie Werte definieren, die als Standard-Werte für neu ausgerollte TOTP-Token verwendet werden.","Here you can upload a csv file for your OATH token.\n The file is supposed to contain one token per line.":"Hier können Sie eine CSV-Datei mit OATH Token hochladen. Diese Datei enthält einen Token pro Zeile.","Here you can upload a csv file for your Yubikey token.\n The file is supposed to contain one token per line.":"Hier können Sie eine CSV-Datei mit Yubikey Token hochladen. Diese Datei enthält einen Token pro Zeile.","Hide Policy templates":"Vorlagen ausblenden","Hostname":"Hostname","Hostname Attribute":"Attribut für Hostnamen","IP Address":"IP-Adresse","IP Address Attribute":"Attribut für IP-Adresse","Id":"ID","If the token is lost, you can enroll a temporary password based token and\n give the password to the user. The OTP PIN of the old token is still the\n same.":"Wenn ein Token verloren ist, können Sie einen temporären Passwort-basierten Token ausrollen und dieses Passwort an den Benutzer geben. Dieses Passwort muss vom Benutzer mit der OTP PIN des alten Tokens kombiniert werden.","If you change the name of the policy, it will create a new policy\n with the new name!":"Wenn Sie den Namen der Richtlinie ändern, wird eine neue Richtlinie mit diesem Namen erzeugt. Die Richtlinie mit dem alten Namen bleibt erhalten.","Import Tokens":"Token imporieren","Import tokens from a file":"Tokendatei importieren","Include SAML attributes in the\n authentication response.":"SAML Attribute in die Authentisierungsantwort mit einbinden.","Increase the failcounter if the wrong PIN was entered.":"Den Fehlerzähler erhöhen, wenn eine falsche PIN eingegeben wurde.","Info":"Info","Last":"Ende","Leave the Bind DN empty if you want to do anonymous binding.":"Lassen Sie Bind DN leer, um einen Anonymous Bind gegen das LDAP-Verzeichnis zu machen.","Length of UID":"Länger des UID","Licensed under":"Lizenziert unter","Limit":"Begrenzung","Loading Machines...":"Lade Maschinen...","Loading serials...":"Laden Seriennummern...","Loading users...":"Lade Benutzer...","Log":"Logbuch","Log In":"Anmelden","Login":"Anmelden","Logout\n {{ loggedInUser.username }} @{{ loggedInUser.realm }}":"{{ loggedInUser.username }} @{{ loggedInUser.realm }} Abmelden","Lost Token":"Verlorener Token","Machine":"Maschine","Machine ID":"Maschinen-ID","Machine ID Attribute":"Attribut für Maschinen ID","Machine Resolver":"Maschinen-Resolver","Machines":"Maschinen","Machines this token is attached to":"Maschinen, an die dieser Token angehängt ist","Mail Sender Address":"Absenderadresse","Mail Server":"Mailserver","Mail User":"Mail-Benutzer","Mail User Password":"Passwort des Mailbenutzers","Mapping":"Zuordnung","Mark the token to be lost":"Den Token als verloren markieren","Max Failcount of\n newly enrolled tokens":"Maximale Fehlerzähler für neu ausgerollte Token","Maxfail":"Max. Fehlerzähler ","Maximum Authentication Count":"Maximale Authentisierungen","Maximum Success Auth Count":"Maximale erfolgreiche Authentisierungen","Microsoft Internet Explorer is not supported.":"Der Microsoft Internet Explorer wird nicht unterstützt.","Mobile":"Mobiltelefon","New Connectors":"Neue Konnektoren","New Resolvers":"Neue Resolver","New {{ connectortype | uppercase }} CA Connector":"Neuer {{ connectortype | uppercase }} CA Konnektor","New {{ mResolvertype | uppercase }} Resolver":"Neuer {{ mResolvertype | uppercase }} Resolver","New {{ resolvertype }}":"Neuer {{ resolvertype }}","Next":"Weiter","No":"Nein","No Serial number could be found for OTP value {{ otp }}.":"Zu dem OTP-Wert {{ otp }} konnte keine Seriennummer gefunden werden.","No anonymous referral chasing":"Referrals werden nicht (anonym) verfolgt.","Not yet implemented!":"Noch nicht implementiert!","Number of machines: {{ $scope.machinecount }}":"Anzahl der Maschinen: {{ $sope.machinecount }}","OTP Key":"OTP Schlüssel","OTP Length":"OTP-Länge","OTP PINs do not match!":"Die OTP-PINs sind nicht gleich!","OTP Value":"OTP-Wert","OTP length":"OTP-Länge ","OTP length of\n newly enrolled tokens":"OTP Länge von neu ausgerollten Token","OTP validity time":"Gültigkeitszeitraum für OTP","OTRS":"OTRS","Obviously you have no realms defined. Do you want me to create a\n default realm for you from the machines /etc/passwd?":"Offenbar haben Sie bisher keinen Realm definiert. Wollen Sie, dassaus der Datei /etc/passwd dieser Maschine automatisch ein Standard Realm erzeugt wird?","Online Documentation":"Online Dokumentation","Open new tab to create certificate\n request":"Ein neues Tab öffnen, um die Zertifikatsanforderung zu erstellen.","OpenSSL config file":"OpenSSL Konfigurationsdatei","Options":"Optionen","Overall token usage":"Allgemeine Tokennutzung","Override Authorization Clients":"Überschreibe den authorisierenden Client","Owncloud":"ownCloud","PIN":"PIN","Pass, if the user does not exist":"Durchwinken, wenn der Benutzer nicht existiert","Pass, if the user has no token":"Durchwinken, wenn der Benutzer keinen Token hat","Password":"Passwort","Paste the ssh PUBLIC key":"Fügen Sie hier den öffentlichen SSH-Schlüssel ein.","Phone":"Telefon","Phone number":"Telefonnummer","Please sign in":"Anmelden","Policies":"Richtlinien","Policy Name":"Richtlinienname","Policy Templates":"Vorlagen für Richtlinien","Port":"Port","Prepend the PIN in front of the OTP value\n . Otherwise it will be post pended.":"OTP-PIN dem OTP-Wert voranstellen. Ansonsten wird die OTP-PIN hinten angehängt.","Preset Active Directory":"Active Directory vorbelegen","Preset OpenLDAP":"OpenLDAP vorbelegen","Previous":"Zurück","Progress: {{ progressPercentage }}%":"Fortschritt: {{ progressPercentage }}%","Provider Config":"Provider Konfiguration","Push Yubikey button here...":"Drücken Sie hier den Knopf auf dem Yubikey...","Quick links":"Verwandte Themen","RADIUS Secret":"RADIUS Secret","RADIUS Server":"RADIUS-Server","RADIUS Token settings":"RADIUS Token Einstellungen","RADIUS User":"RADIUS Benutzer","RADIUS dictionary file":"RADIUS dictionary Datei","Realm":"Realm ","Realm defrealm created.":"Der Realm defrealm wurde erzeugt.","Realm name":"Realmname","Realms":"Realms","Refresh":"Aktualisieren","Registration Code":"Registrierungscode","Remote Realm":"Remote Realm","Remote Resolver":"Remote Resolver","Remote Serial":"Remote Seriennummer ","Remote Server":"Remote-Server","Remote Token settings":"Remote Token Einstellungen","Remote User":"Remote Benutzer","Repeat password":"Passwort wiederholen","Reset fail counter":"Fehlerzähler zurücksetzen","Resolver":"Resolver","Resolver name":"Resolvername","Resource Server URI":"URI des Resource Servers","Resync Token":" Token resynchronisieren","Revoke":"Widerrufen","Role":"Rolle","SMS Provider":"SMS Provider","SMS Token settings":"SMS Token Einstellungen","SSH public Key":"Öffentlicher SSH Schlüssel","Save":"Speichern","Save Options":"Optionen speichern","Save Resolver":"Resolver speichern","Save System Config":"Systemkonfiguration speichern","Save Token Info":"Tokeninfo speichern","Save realms":"Realms speichern","Save resolver":"Resolver speichern","Save user":"Benutzer speichern","Scope":"Geltungsbereich","Search Filter":"Suchfilter","Secret":"Secret","Select Realm":"Realm auswählen","Select file and import":"Datei auswählen und importieren","Serial":"Seriennummer ","Serial Substring":"Teil einer Seriennummer","Server":"Server","Server URI":"Server-URI","Set PIN":" PIN setzen","Set count window":"Zählerfenster setzen","Set description":"Beschreibung setzen","Set max fail":"Max. Fehlerzähler setzen","Set sync window":"Sync-Fenster setzen","Show Policy templates":"Vorlagen anzeigen","Size Limit":"Größenbeschränkung","Some nice words...":"Ein paar nette Worte...","Statistics":"Statistik","Support":"Support","Surname":"Nachname","Sync Window":"Sync-Fenster","Sync Window of\n newly enrolled tokens":"Synchronisationsfenster für neu ausgerollte Token","System":"System","System Config":"Systemkonfiguration","System Config saved.":"Systemkonfiguration gespeichert.","TOTP Token settings":"TOTP Token Einstellungen","Table":"Tabelle","Test LDAP Resolver":"LDAP Resolver testen","Test SCIM Resolver":"SCIM Resolver testen","Test SQL Resolver":"SQL Resolver testen","Test Yubikey":"Yubikey testen","Test token":" Token testen","The Certificate Token lets you enroll an x509 ceritificate\n by the given CA.":"Der Zertifikatstoken wird dazu verwendet, um x509 Zertifikat von einer konfigurierten Zertifizierungsstelle ausstellen zu lassen.","The EMail token is a challenge response token that sends the OTP value to\n the given email address, when the correct OTP PIN was presented by the user.":"Der EMail-Token ist ein Challenge-Response-Token, der - nachdem die richtige OTP-PIN eingegeben wurde -einen OTP-Wert an die hinterlegte EMail-Adresse sendet.","The Email Token sends the OTP value to the users email address.":"Der EMail Token sendet einen OTP-Wert an die EMail-Adresse des Benutzers.","The Google Authenticator only supports an OTP length of 6.":"Der Google Authenticator unterstützt lediglich OTP Länge 6.","The Google Authenticator only supports the SHA1 algorithm.":"Der Google Authenticator unterstützt lediglich den SHA1 Algorithmus.","The HOTP Token is a event based one time password token.\n It is described in RFC\n 4226.":"Der HOTP Token ist ein ereignisbasierte Einmal-Passwort-Token. Er ist in RFC\n 4226 beschrieben.","The HOTP token is an event based token. You can paste a secret key or\n have the server generate the secret and scan the QR code with a smartphone\n app like the Google Authenticator turning your\n smartphone into an authentication device.":"Der HOTP Token ist ein ereignisbasierter Token. Sie können einen existierenden geheimen Schlüssel einfügen oder vom Server erzeugen lassen. Den so erzeugten geheimen OTP-Schlüssel können Sie dann mit dem Smartphone und einer App wie dem Google Authenticator oder FreeOTP vom QR-Code einscannen. So können Sie das Smartphone zu einem Authentisierungs-Token umwandeln.","The OTP key":"Der OTP-Schlüssel","The RADIUS server may include the port number.":"Der RADIUS Server kann auch einen IP Port enthalten.","The RADIUS token forwards the authentication request to another\n RADIUS server. You can choose if the PIN should be stripped and\n checked locally.":"Der RADIUS Token leitet die Authentisierungsanfrage an einen RADIUS-Server weiter. Sie können auswählen, ob die PIN abgetrennt und lokal überprüft werden soll.","The RADIUS token forwards the authentication request to another RADIUS\n server.":"Der RADIUS Token leitete die Authentisierungsanfrage an einen RADIUS Server weiter. ","The RSA keys will be generated in the browser.\n You will be taken to a new browser window, where you can\n create the Certificate Request. The private key remains in\n your browser and you will be able to install the certificate\n to the browser.":"Das RSA Schlüsselpaar wird im Browser erzeugt. Es wird ein neues Browser-Fenster geöffnet, in dem Sie die Zertifikatsanforderung erstellen können. Der private Schlüssel bleibt in ihrem Browser und Sie können anschließend das Zertifikat in Ihrem Browser installieren.","The Remote token forwards the authentication request to another\n privacyIDEA server.":"Der Remote Token leitet die Authentisierungsanfrage an einen privacyIDEA server weiter.","The SMS Token is an event based token. After the user has tried to\n authenticate with the OTP PIN, an SMS with an OTP value is sent to the\n users mobile phone. Then user can authenticate with this OTP value in a\n second step.":"Der SMS Token ist ein ereignisbasierter Challenge-Response Token. Nachdem der Benutzer die korrekte OTP-PINeingegeben hat, wird eine SMS mit dem OTP-Wert an die hinterlegte Handynummer gesendet.Im zweiten Schritt kann sich der Benutzer mit diesem OTP-Wert authentisieren.","The SMS Token sends an OTP value to the mobile phone of the user.":"Der SMS Token sendet einen OTP-Wert an das Mobiltelefon des Benutzers.","The SSH Key Token stores the public SSH Key in the server.\n This can be used to authenticate to a secure shell.":"Der SSH Key Token speichert den öffentlichen SSH Schlüssel im Server. Damit kann der Benutzer sich an Servern mittels SSH anmelden.","The Serial number for the OTP value {{ otp }} is\n {{ serial }}.":"Die Seriennummer für den Token mit dem OTP-Wert {{ otp }} ist {{ serial }}.","The Simple Pass Token does not take additional arguments. You only need to\n specify a OTP PIN.":"Der Simple Pass Token benötigt keine zusätzlichen Argumente. Sie müssen lediglich eine OTP PIN angeben.","The TOTP Token is a time based one time password token.\n It is described in RFC\n 6238.":"Der TOTP Token ist ein zeitbasierter Einmal-Passwort-Token.Er ist in RFC\n 6238 beschrieben.","The TOTP token is a time based token. You can paste a secret key or\n have the server generate the secret and scan the QR code with a\n smartphone app like the Google Authenticator or FreeOTP turning your\n smartphone into an authentication device.":"Der TOTP Token ist ein zeitbasierter Token. Sie können den geheimen OTP-Schlüssel hier einfügen oder den Server einen Schlüssel generieren lassen. Diesen können Sie in Ihre Smartphone-App wie Google Authenticator oder FreeOTP importieren, indem Sie den QR-Code scannen.","The Yubico Cloud mode forwards the authentication request to the\n YubiCloud. The Yubikey needs to be registered with the YubiCloud.":"Im Yubico Cloud Modus wird die Authentisierungsanfrage an die YubiCloud weitergeleitet. Der Yubikey muss in der YubiCloud registriert sein.","The Yubico Token is a Yubikey that is registered with the YubiCloud\n service. The Yubikey emits a 44 charater one time password. The first 12\n characters are a unique ID which is used to bind the device to the user.":"Der Yubico Token ist ein Yubikey der in der YubiCloud registriert ist.Der Yubikey erzeugt ein 44 Zeichen langes Passwort. Die ersten 12 Zeichensind eine eindeutige ID, welche verwendet wird, um den Token dem Benutzer zuzuordnen.","The Yubikey Token is an USB device that emits an event based One Time\n Password. You can initialize the Yubikey using the tool ykpersonalize.\n Paste the secret hex key here.\n You also need to choose, if the Yubikey emits the additional UID, which\n is either 12 or 16 characters long. You can check this in the test field.":"Der Yubikey ist ein USB-Gerät, das eine ereignis-basiertes Einmal-Passwort auswirft. Dazu wird es als Tastatur erkannt. Sie können den Yubikey mit dem Tool ykpersonalize initialisieren. Fügen Sie den geheimen Schlüssel hier ein. Außerdem können Sie auswählen, ob der Yubikey eine UID mit ausgibt. Diese kann entweder 12 oder 16 Zeichen lang sein.","The authentication request is forwarded to the YubiCloud. For accessing\n the YubiCloud you need to enter an API Client ID and an API Key, which\n you can request here.":"Die Authentisierungsanfrage wird an die YubiCloud weitergeleitet. Um die YubiCloud ansprechen zu können, benötigt man ein API Client ID und einen API Schlüssel.Dieser ist hier erhältlich.","The certificate was enrolled successfully.":"Das Zertifikat wurde erfolgreich ausgestellt.","The challenge validity time":"Die Gültigkeitszeit der Challenge","The client ID":"Die Client ID","The mOTP PIN is the PIN that needs to be entered on the mobile device.":"Die mOTP PIN ist die PIN, die auf dem Mobiltelefon in der App eingegeben werden muss.","The mOTP token is a time based OTP token for mobile devices.\n You can\n have the server generate the secret and scan the QR code.":"Der mOTP Token ist ein zeitbasierter OTP Token für mobile Geräte. Sie können den Server den geheimen Schlüssel erzeugen lassen und anschließen den QR-Coden mit einer App wie \"Token2\" scannen.","The number of lookahead OTP values. Default 10.":"Die Anzahl der untersuchten OTP-Werte (Standard 10)","The old token is disabled and can be deleted or enabled later.":"Der alte Token wird deaktiviert und kann später gelöscht oder wieder aktiviert werden.","The password can not be shown again, later!":"Das Passwort kann später nicht wieder angezeigt werden!","The password that needs to be combined with the OTP PIN:\n {{ lostResult.password }}":"Das Passwort, das mit der alten OTP PIN kombiniert werden muss: {{ lostResult.password }}","The privacyIDEA authentication backend is licensed under the\n AGPLv3.\n Some components may be part to other licenses.\n privacyIDEA was originally forked from LinOTP, which was\n licensed\n by LSE Leading Security Experts GmbH.\n For detailed information please take a look at the\n backend\n service itself.":"Das privacyIDEA Authentisierungsbackend ist unter der AGPLv3 lizenziert. Manche Komponenten können im Detail anderen Lizenzen folgen. privacyIDEA wurde ursprünglich als Fork von LinOTP erstellt, das durch dieLSE Leading Security Experts GmbH lizenziert wurde. Für weitere Details schauen Sie bitte beim Backend Service.","The privacyIDEA system seems to be offline. The API is not reachable!":"Das privacyIDEA System scheint offline zu sein. Die API ist nicht erreichbar.","The registration token is a code, that the user can use to authenticate once!\n After using this code to login, the registration token is deleted and can\n not be used anymore.":"Der Registrierungs-Token ist ein Code, den der Benutzer nur einmal zur Authentisierung verwenden kann. Nach der Benutzung wird der Registrierungs-Token gelöscht und kann nicht wieder verwendet werden.","The remote Server URL":"Die URL des Remote-Servers","The remote token forwards the authentication request to another\n privacyIDEA server. You can choose if the PIN should be stripped and\n checked locally.":"Der Remote-Token leitet die Authentisierungsanfrage an einen anderen privacyIDEA-Server weitern. Sie können auswählen, ob die PIN abgetrennt und lokal überprüft werden soll.","The serial number on the remote server":"Die Seriennummer auf dem Remote-Server","The serial of the new token is\n \n {{ lostResult.serial }}.":"Die Seriennummer des neuen Tokens ist \n {{ lostResult.serial }}.","The server will create the OTP key\n and a QR Code\n will be\n displayed to you to be scanned.":"Der Server erzeugt den geheimen Schlüssel und es wird ein QR-Code angezeigt, den Sie mit einer Smartphone-App scannen können.","The server will create the private RSA key and store it in\n the\n database. If want to create the key pair client side,\n uncheck\n this option.":"Der Server erzeugt das RSA Schlüsselpaar und speichert es in der Datenbank. Wenn Sie das Schlüsselpaar im Browser erzeugen wollen, entfernen Sie den Haken.","The server will create the secret key\n and a QR Code\n will be\n displayed to you to be scanned with the Token2 app.":"Der Server erzeugt den geheimen Schlüssel und es wird ein QR-Code angezeigt, den Sie mit der Token2-App scannen können.","The time in seconds for which the sent OTP value is valid for\n authentication.":"Die Zeit in Sekunden, für die der versendete OTP-Wert zur Authentisierung gültig ist.","The token is valid till {{ lostResult.end_date }}.":"Der Token ist bis {{ lostResult.end_date }} gültig.","The token was marked lost successfully.":"Der Token wurde erfolgreich als verloren markiert.","The token was successfully enrolled with serial number\n \n {{ enrolledToken.serial }}\n for user\n {{ newUser.user }} in realm\n {{ newUser.realm }}.":"Der Token mit der Seriennummer \n {{ enrolledToken.serial }} wurde erfolgreich für den Benutzer {{ newUser.user }} in Realm {{ newUser.realm }}ausgerollt.","The token was successfully enrolled with serial number\n \n {{ enrolledToken.serial }}.":"Der Token mit der Seriennummer {{ enrolledToken.serial }} wurde erfolgreich ausgerollt.","The user data in this database can be modified from within\n privacyIDEA.":"Die Benutzerdaten in der Datenbank können von privacyIDEA aus verwaltet werden.","The user will have to authenticate with the old OTP PIN he knows and this\n newly generated password.":"Der Benutzer muss sich mit der alten OTP PIN, die er kennt, und diesem neu erzeugten Passwort anmelden.","The username on the RADIUS server":"Der Benutzername auf dem RADIUS-Server","The username on the remote server":"Der Benutzername auf dem Remote-Server","These are the resolvers marked as editable. You can add\n a user\n to the resolver. The user will appear in the realms,\n that\n contain this resolver.":"Das sind die Resolver, die als editierbar markiert sind. SIe könne Benutzer in diesen Resolver hinzufügen. Der Benutzer erscheint dann in den Realm, in denen dieser Resolver enthalten ist.","These are the validate-requests (authentication) grouped by\n users.\n The successful and the failed requests are listed.":"Dies sind die Authentisierungsanfragen nach Benutzern sortiert.Außerdem wird nach erfolgreichen und fehlgeschlagenen Authentisierungsanfragen unterschieden.","These are the validate-requests (authentication) grouped by the\n serial number of the token.\n The successful and the failed requests are listed.":"Dies sind die Authentisierungsanfragen nach Token sortiert.Außerdem wird nach erfolgreichen und fehlgeschlagenen Authentisierungsanfragen unterschieden.","These client IP addresses or subnets are\n allowed to masquerade as another client.":"Diese Client IP Adressen oder Subnetze dürfen sich als ein anderer Client (andere IP-Adresse) ausgeben.","This documentation contains the current\n configuration of your system in restructured text. You can use\n this to document your installed system.":"Diese Dokumentation enthält die aktuelle System-Konfiguration im \"restructured text\" Format.Dies kann verwendet werden, um einen Dokumentation des installierten Systems zu erstellen.","This is a Single Page Application client that acts as a\n frontend for\n privacyIDEA authentication backend.":"Dies ist eine Single Page Applikation, die als Frontend für das privacyIDEA Authentisierungsbackend dient.","This is an RFC6030 OATH compliant PSKC file.\n At the moment only unencrypted PSKC files are supported.\n Please ask for an update to import encrypted PSKC files.":"Dies ist eine RFC6030 konformes PSKC-Datei. Im Moment werden nur unverschlüsselte PSKC-Dateien unterstützt. Bitte fragen Sie nach einem update, um verschlüsselte PSKC-Dateien zu importieren.","This is the overall token usage with\n any\n kind of action in regards to the serial number.":"Dies ist die allgemeine Tokennutzung, egal welche Aktion mit dem Tokenoder in Bezug auf den Token durchgeführt wurde.","This is used, so that the user can enroll a token on his own, after\n logging in for the first time.":"Dieser wird verwendet, damit ein Benutzer sich einmalig anmelden kann, um danach sich selber einen Token auszustellen.","Timeout":"Time-out","Timeout (seconds)":"Time-out (Sekunden)","Timestep":"Zeitschritt","Tine 2.0":"Tine 2.0","Token Type":"Tokentyp ","Token data":"Tokendaten","Token details for {{ tokenSerial }}":"Details zu Token {{ tokenSerial }}","Token resync failed.":"Token Resync fehlgeschlagen.","Token resync successful.":"Token wurde erfolgreich resynchronisiert.","Token {{ selectedToken.serial }} is Lost!":"Der Token {{ selectedToken.serial }} ist verloren!","Tokens":"Token","Tokens and Applications for machine {{ machineid }}":"Token und Applikationen zur Maschine {{ machineid }}","Tokens for user {{ username }}":"Token des Benutzers {{ username }}","Type":"Typ","Type a password":"Geben Sie ein Passwort ein","Typo3":"TYPO3","UID Type":"UID Typ","Unassign Token":"Tokenzuweisung aufheben","Unassign User":"Benutzerzuweisung aufheben","Upload Certificate":"Zertifikat hochladen","Upload Request":"Zertifikatsanforderung hochladen","Uploaded File: {{ uploadedFile }}":"Hochgeladene Datei: {{ uploadedFile }}","Uploaded Tokens: {{ uploadedTokens }}":"Hochgeladene Token: {{ uploadedTokens }}","Use @ sign to split the username\n and the realm.":"Verwende das @-Zeichen, um den Benutzernamen und den Realm abzutrennen.","Use TLS":"TLS verwenden","User":"Benutzer ","User Filter":"Benutzerfilter","User Id":"Benutzer ID","User created.":"Benutzer angelegt.","User deleted successfully.":"Benutzer erfolgreich gelöscht.","User updated successfully.":"Benutzer erfolgreich aktualisiert.","User-Realm":"Benutzerrealm","User-Resolver":"Benutzer-Resolver","Username":"Benutzer","Users":"Benutzer","Users phone number...":"Telefonnummer des Benutzers","Validate Requests per token":"Validate-Requests pro Token","Validate Requests per users":"Validate-Requests pro Benutzer","Validity End":"Beginn Gültigkeit","Validity Start":"Ende Gültigkeit","Verify SSL certificate":"SSL-Zertifikat verifizieren","View token in Audit log":"Token im Audit Log anzeigen","View user in Audit log":"Benutzer im Audit Log anzeigen","Where statement":"WHERE-Ausdruck","Which administrative request where the most popular.":"Die meistgenutzen administrativen Requests.","Wordpress":"Wordpress","Working Directory":"Arbeitsverzeichnis","You have no editable resolvers defined. So you can not write\n to any user store. If you want to add users, you need to\n define an editable\n resolver\n (like SQLResolver) and check the\n box \"Edit user store\".":"Sie haben keine editierbaren Resolver definiert. Daher können Sie in keine Benutzer-Quelle schreiben. Wenn Sie Benutzer hinzufügen wollen, müssen Sie einen editierbaren Resolver definieren (bpsw. SQLResolver) und die Checkbox \"Benutzerquelle editierbar\" anhaken.","You may pass this registration code to the user.":"Sie können diesen Registrierungscode an den Benutzer übergeben.","You will be logged out in {{ myCountdown }} second(s).":"Sie werden nach {{ myCountdown }} Sekunden abgemeldet.","Yubico Token settings":"Yubico Token Einstellungen","Yubikey Identifier":"Yubikey ID","action":"Aktion","action detail":"Aktionsdetail","active":"aktiv","administrator":"Administrator","an optional serial substring":"Optionaler Teil der Seriennummer","clearance":"Freigabestufe","client":"Client","date":"Datum","description":"Beschreibung","disabled":"deaktiviert","email":"EMail","emit a public UID":"Die öffentliche UID mit ausgeben","enter some OTP value":"Geben Sie einen OTP-Wert ein...","failcounter":"Fehlerzähler","givenname":"Vorname","hostname":"Hostname","id":"ID","info":"Info","locked":"gesperrt","log level":"Logstufe","mOTP PIN":"mOTP PIN","maxfail":"Max. Fehlerzähler","missing_line":"Fehlende Zeile","mobile":"Mobiltelefon","new realm":"Neuer Realm","number":"Nr.","otplen":"OTP Länge","phone":"Telefon","privacyIDEA Single Page Web Client":"privacyIDEA Single Page Web Client","privacyIDEA authentication backend":"privacyIDEA Authentisierungsbackend","privacyidea server":"privacyIDEA Server","realm":"Realm","resolvers":"Resolver","revoked":"widerrufen","serial":"Seriennummer","serial number, seed, type, ocrasuite":"Seriennummer, OTP-Schlüssel, Typ, OCRA-Suite","serial number, seed, type, otplen, timeStep":"Seriennummer, OTP-Schlüssel, Typ, OTP-Länge, Zeitschritt","set Default":"Setze als Standard","sig_check":"Signatur","start typing a machine.":"Fangen Sie an, einen Maschinennamen zu tippen.","start typing a serial number of a token that is notassigned, yet.":"Fangen Sie an, eine nicht zugewiesene Seriennummer zu tippen.","start typing a serial number of a token.":"Fangen Sie an, eine Seriennummer zu tippen.","start typing a username":"Fangen Sie an, einen Benutzernamen zu tippen.","success":"Erfolg","surname":"Nachname","token type":"Tokentyp","total tokens: {{ tokendata.count }}":"Tokenanzahl: {{ tokendata.count }}","total users: {{ usercount }}":"Benutzeranzahl: {{ usercount }}","type":"Typ","type (default hotp), otplen (default 6), timeStep (default 30) and\n ocrasuite are optional.":"Der Typ (Standard HOTP), OTP-Länge (Standard 6), Zeitschritt (Standard 30) und OCRA-Suite sind optional.","user":"Benutzer","username":"Benutzername","window":"Fenster","{{ auditdata.count }} entries found.":"Es wurden {{ auditdata.count }} Einträge gefunden."}); /* jshint +W100 */ }]); \ No newline at end of file diff --git a/setup.py b/setup.py index 67abe7d205..ce2e5ccfb0 100644 --- a/setup.py +++ b/setup.py @@ -59,7 +59,7 @@ def get_file_contents(file_path): "Flask-SQLAlchemy>=2.0", "Flask-Script>=2.0.5", "Jinja2>=2.7.3", - "Mako>=1.0.0", + "Mako>=0.9.1", "MarkupSafe>=0.23", "MySQL-python>=1.2.5", "Pillow>=2.6.1", @@ -121,7 +121,8 @@ def get_file_contents(file_path): "migrations/versions/4f32a4e1bf33_.py", "migrations/versions/2181294eed0b_.py", "migrations/versions/e5cbeb7c177_.py", - "migrations/versions/4d9178fa8336_.py"]) + "migrations/versions/4d9178fa8336_.py", + "migrations/versions/20969b4cbf06_.py"]) ], classifiers=["Framework :: Flask", "License :: OSI Approved :: " diff --git a/tests/test_api_token.py b/tests/test_api_token.py index 3a1d3dee76..488b6890a0 100644 --- a/tests/test_api_token.py +++ b/tests/test_api_token.py @@ -894,3 +894,23 @@ def test_17_enroll_certificate(self): detail = json.loads(res.data).get("detail") certificate = detail.get("certificate") self.assertTrue("-----BEGIN CERTIFICATE-----" in certificate) + + def test_18_revoke_token(self): + self._create_temp_token("RevToken") + + # revoke token + with self.app.test_request_context('/token/revoke/RevToken', + method='POST', + data={}, + headers={'Authorization': self.at}): + res = self.app.full_dispatch_request() + self.assertTrue(res.status_code == 200, res) + result = json.loads(res.data).get("result") + self.assertTrue(result.get("value") == 1, result) + + # Try to enable the revoked token + with self.app.test_request_context('/token/enable/RevToken', + method='POST', + data={}, + headers={'Authorization': self.at}): + self.assertRaises(Exception, self.app.full_dispatch_request) diff --git a/tests/test_lib_tokenclass.py b/tests/test_lib_tokenclass.py index 585c51ec20..03f0d0bcf2 100644 --- a/tests/test_lib_tokenclass.py +++ b/tests/test_lib_tokenclass.py @@ -601,3 +601,14 @@ def test_22_store_tokeninfo_longer_than_2000_byte(self): sshkey = token.get_tokeninfo("sshkey") self.assertTrue(sshkey == data, sshkey) + + def test_31_revoke(self): + db_token = Token.query.filter_by(serial=self.serial1).first() + token = TokenClass(db_token) + token.revoke() + self.assertTrue(token.is_revoked()) + self.assertTrue(token.is_locked()) + self.assertTrue(token.token.active is False) + # A revoked token can not be enabled anymore + self.assertRaises(Exception, token.enable) +