Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add admin policy restrictions for token parameter #1938

Merged
merged 2 commits into from Nov 26, 2019

Conversation

@plettich
Copy link
Member

plettich commented Nov 22, 2019

The restriction of TOTP/HOTP token parameters like hashlib, timestep or OTP
length could be enforced for users via policies.
This PR adds the possibility to restrict these parameters for the admin
scope as well.

The system-wide default configuration for the token types is still usable
but will be overwritten by a corresponding policy.
In the Web-UI these parameters are disabled/hidden if a corresponding
policy is set.

If a default system configuration is set, it won't be added to the form
data anymore and thus won't add confusing token info data.

Also simplified the get_class_info() functions since the actions are mostly the same for HTOP/TOTP.

Working on #1566

@plettich plettich added this to the 3.2 milestone Nov 22, 2019
@plettich plettich requested a review from cornelinux Nov 22, 2019
@plettich plettich self-assigned this Nov 22, 2019
@plettich plettich added this to In progress in privacyIDEA 3.2 via automation Nov 22, 2019
@codecov

This comment has been minimized.

Copy link

codecov bot commented Nov 22, 2019

Codecov Report

Merging #1938 into master will increase coverage by <.01%.
The diff coverage is 100%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master    #1938      +/-   ##
==========================================
+ Coverage   97.21%   97.22%   +<.01%     
==========================================
  Files         153      153              
  Lines       18556    18609      +53     
==========================================
+ Hits        18040    18093      +53     
  Misses        516      516
Impacted Files Coverage Δ
privacyidea/lib/tokens/totptoken.py 98.85% <100%> (-0.01%) ⬇️
privacyidea/lib/tokens/hotptoken.py 100% <100%> (ø) ⬆️
privacyidea/lib/eventhandler/usernotification.py 93.51% <0%> (+2.74%) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update fb4ceaf...bf04b67. Read the comment docs.

The restriction of TOTP/HOTP token parameters like hashlib, timestep or OTP
length could be enforced for users via policies.
This PR adds the possibility to restrict these parameters for the admin
scope as well.

The system-wide default configuration for the token types is still usable
but will be overwritten by a corresponding policy.
In the Web-UI these parameters are disabled/hidden if a corresponding
policy is set.

If a default system configuration is set, it won't be added to the form
data anymore and thus won't add confusing token info data.

Working on #1566
@plettich plettich force-pushed the 1566/restrict_admin_policies branch from 8e28002 to 62b4ddb Nov 22, 2019
@NuvandaPV NuvandaPV moved this from In progress to Review in progress in privacyIDEA 3.2 Nov 25, 2019
Copy link
Member

cornelinux left a comment

Please note the typo --- and clarify my questions.
Do we need to discuss?

- (re)move refactoring to the next release
- fix typo
@plettich plettich requested a review from cornelinux Nov 26, 2019
privacyIDEA 3.2 automation moved this from Review in progress to Reviewer approved Nov 26, 2019
@cornelinux cornelinux merged commit f78a06c into master Nov 26, 2019
5 checks passed
5 checks passed
ci/circleci Your tests passed on CircleCI!
Details
codecov/patch 100% of diff hit (target 97.21%)
Details
codecov/project 97.22% (+<.01%) compared to fb4ceaf
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
continuous-integration/travis-ci/push The Travis CI build passed
Details
privacyIDEA 3.2 automation moved this from Reviewer approved to Done Nov 26, 2019
@cornelinux cornelinux deleted the 1566/restrict_admin_policies branch Nov 26, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
2 participants
You can’t perform that action at this time.