New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use reset_all_user_token for challenge response tokens #1349

Merged
merged 4 commits into from Dec 20, 2018

Conversation

Projects
None yet
2 participants
@cornelinux
Copy link
Member

cornelinux commented Dec 20, 2018

The policy reset_all_user_tokens now also works
with challenge response tokens. If a successful challenge
was given, the failcounter of all tokens are reset.

For this we move the reset_all logic to a decorator.

Closes #1348

Merging #1349 into master will increase coverage by <.01%.
The diff coverage is 90.9%.
Impacted file tree graph

@@            Coverage Diff             @@
##           master    #1349      +/-   ##
==========================================
+ Coverage   96.37%   96.37%   +<.01%
==========================================
Files         144      144
Lines       17315    17322       +7
==========================================
+ Hits        16687    16694       +7
Misses        628      628
Impacted Files Coverage Δ
privacyidea/lib/tokens/yubikeytoken.py 97.61% <100%> (ø) ⬆️
privacyidea/lib/token.py 94.92% <100%> (+0.15%) ⬆️
privacyidea/lib/policydecorators.py 99.22% <89.47%> (-0.78%) ⬇️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 2f14e9b...29d95af. Read the comment docs.

  •  File: privacyidea/lib/policydecorators.py:L677-722
  • shouldn't that be token_owner.resolver?
  • yes. thx.
  • done in bd97b66
  •  File: privacyidea/lib/token.py:L1979-1994
  • Can we set the default value of allow_reset_all_tokens to False? The default value specified here does not affect the behavior anyway because it is unused in check_token_list. But the implementation of reset_all_user_tokens does not reset tokens if the parameter is unspecified, so having a default value of True here is misleading.
  • You are right. Usually it would not be what you wanted. But it is acutally how it works.
    Done in e78da4c

  

Use reset_all_user_token for challenge response tokens
The policy reset_all_user_tokens now also works
with challenge response tokens. If a successful challenge
was given, the failcounter of all tokens are reset.

For this we move the reset_all logic to a decorator.

Closes #1348

@cornelinux cornelinux requested a review from fredreichbier Dec 20, 2018

action=ACTION.RESETALLTOKENS,
scope=SCOPE.AUTH,
realm=token_owner.login if token_owner else None,
resolver=token_owner.login if token_owner else None,

This comment has been minimized.

@fredreichbier

fredreichbier Dec 20, 2018

Member

shouldn't that be token_owner.resolver?

This comment has been minimized.

@cornelinux

cornelinux Dec 20, 2018

Member

yes. thx.

This comment has been minimized.

@cornelinux

This comment has been minimized.

@fredreichbier

cornelinux added some commits Dec 20, 2018

@codecov

This comment has been minimized.

Copy link

codecov bot commented Dec 20, 2018

Codecov Report

Merging #1349 into master will increase coverage by 0.01%.
The diff coverage is 90.9%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master    #1349      +/-   ##
==========================================
+ Coverage   96.37%   96.38%   +0.01%     
==========================================
  Files         144      144              
  Lines       17315    17322       +7     
==========================================
+ Hits        16687    16696       +9     
+ Misses        628      626       -2
Impacted Files Coverage Δ
privacyidea/lib/tokens/yubikeytoken.py 97.61% <100%> (ø) ⬆️
privacyidea/lib/token.py 94.92% <100%> (+0.15%) ⬆️
privacyidea/lib/policydecorators.py 99.22% <89.47%> (-0.78%) ⬇️
privacyidea/lib/tokens/u2f.py 95.83% <0%> (+1.66%) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 2f14e9b...e78da4c. Read the comment docs.


return res, reply_dict


@log_with(log)
def check_token_list(tokenobject_list, passw, user=None, options=None):
@libpolicy(reset_all_user_tokens)
def check_token_list(tokenobject_list, passw, user=None, options=None, allow_reset_all_tokens=True):

This comment has been minimized.

@fredreichbier

fredreichbier Dec 20, 2018

Member

Can we set the default value of allow_reset_all_tokens to False? The default value specified here does not affect the behavior anyway because it is unused in check_token_list. But the implementation of reset_all_user_tokens does not reset tokens if the parameter is unspecified, so having a default value of True here is misleading.

This comment has been minimized.

@cornelinux

cornelinux Dec 20, 2018

Member

You are right. Usually it would not be what you wanted. But it is acutally how it works.
Done in e78da4c

This comment has been minimized.

@fredreichbier

@fredreichbier fredreichbier merged commit b617a19 into master Dec 20, 2018

4 of 5 checks passed

codecov/patch 90.9% of diff hit (target 96.37%)
Details
ci/circleci Your tests passed on CircleCI!
Details
codecov/project 96.38% (+0.01%) compared to 2f14e9b
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
continuous-integration/travis-ci/push The Travis CI build passed
Details

@fredreichbier fredreichbier deleted the reset_all_user_token branch Dec 20, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment