You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@milagro.apache.org by sa...@apache.org on 2016/08/15 11:23:38 UTC
[1/9] incubator-milagro-mfa-server git commit: Update RPS to allow
configuration for the new Mobile App Update RPS to have endpoint that return
url for QR code. The RPS now also have /service endpoint that return JSON
formated service details.
Repository: incubator-milagro-mfa-server
Updated Branches:
refs/heads/master 6747f6432 -> d84beade4
Update RPS to allow configuration for the new Mobile App
Update RPS to have endpoint that return url for QR code.
The RPS now also have /service endpoint that return JSON formated
service details.
Project: http://git-wip-us.apache.org/repos/asf/incubator-milagro-mfa-server/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-milagro-mfa-server/commit/9839e044
Tree: http://git-wip-us.apache.org/repos/asf/incubator-milagro-mfa-server/tree/9839e044
Diff: http://git-wip-us.apache.org/repos/asf/incubator-milagro-mfa-server/diff/9839e044
Branch: refs/heads/master
Commit: 9839e0449b137b4545014e5a229fe7dc33df279e
Parents: c402ed1
Author: Pavlin Angelov <pa...@miracl.com>
Authored: Thu May 26 12:31:20 2016 +0300
Committer: Pavlin Angelov <pa...@miracl.com>
Committed: Fri May 27 12:31:58 2016 +0300
----------------------------------------------------------------------
servers/rps/rps.py | 65 ++++++++++++++++++++++++++++++++++++++++++++++++-
1 file changed, 64 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-milagro-mfa-server/blob/9839e044/servers/rps/rps.py
----------------------------------------------------------------------
diff --git a/servers/rps/rps.py b/servers/rps/rps.py
index 4dd9c6f..2b4f176 100755
--- a/servers/rps/rps.py
+++ b/servers/rps/rps.py
@@ -27,6 +27,7 @@ import random
import sys
import time
import urllib
+import uuid
from urlparse import urlparse
import tornado.autoreload
@@ -129,6 +130,9 @@ define("setDeviceName", default=False, type=bool)
define("mobileUseNative", default=False, type=bool)
define("mobileConfig", default=None, type=list)
define("useNFC", default=False, type=bool)
+define("serviceName", default="", type=unicode)
+define("serviceType", default="online", type=unicode)
+define("serviceIconUrl", default="", type=unicode)
# Mapping between local names of dynamic options and names from json
@@ -315,6 +319,9 @@ class ClientSettingsHandler(BaseHandler):
params["accessNumberURL"] = "{0}/accessnumber".format(baseURL)
params["getAccessNumberURL"] = "{0}/getAccessNumber".format(baseURL)
+ if options.mobileUseNative:
+ params["getQrUrl"] = "{0}/getQrUrl".format(baseURL)
+
self.write(params)
self.finish()
@@ -674,7 +681,7 @@ class RPSGetAccessNumberHandler(BaseHandler):
# Generate request for MPinWIDServer for WID
wId = secrets.generate_random_webid(self.application.server_secret.rng, options.accessNumberUseCheckSum)
- while wId is None or (self.storage.find(stage="auth", webID=wId)):
+ while wId is None or (self.storage.find(stage="auth", wid=wId)):
if wId is None:
log.debug("WebId is None".format(wId))
else:
@@ -703,6 +710,44 @@ class RPSGetAccessNumberHandler(BaseHandler):
self.finish()
+class RPSGetQrUrlHandler(BaseHandler):
+ @tornado.web.asynchronous
+ @tornado.gen.engine
+ def post(self):
+ # Generate request for MPinWIDServer for WID
+ wId = uuid.uuid4().hex
+
+ while wId is None or (self.storage.find(stage="auth", wid=wId)):
+ if wId is None:
+ log.debug("WebId is None".format(wId))
+ else:
+ log.debug("WebId {0} already exists. Generating a new one".format(wId))
+
+ wId = uuid.uuid4().hex
+
+ log.debug("New webId generated: {0}." .format(wId))
+
+ webOTT = secrets.generate_ott(options.OTTLength, self.application.server_secret.rng, "hex")
+
+ nowTime = Time.syncedNow()
+ expirePinPadTime = nowTime + datetime.timedelta(seconds=options.accessNumberExpireSeconds)
+ expireTime = expirePinPadTime + datetime.timedelta(seconds=options.accessNumberExtendValiditySeconds)
+
+ self.storage.add(stage="auth", expire_time=expireTime, webOTT=webOTT, wid=wId)
+
+ qrUrl = options.rpsBaseURL + "#" + wId
+ params = {
+ "ttlSeconds": options.accessNumberExpireSeconds,
+ "qrUrl": qrUrl,
+ "webOTT": webOTT,
+ "localTimeStart": Time.DateTimetoEpoch(nowTime),
+ "localTimeEnd": Time.DateTimetoEpoch(expirePinPadTime)
+ }
+
+ self.write(params)
+ self.finish()
+
+
class RPSAccessNumberHandler(BaseHandler):
@tornado.web.asynchronous
@tornado.gen.engine
@@ -849,6 +894,22 @@ class StatusHandler(BaseHandler):
self.finish()
+class ServiceHandler(BaseHandler):
+ @tornado.web.asynchronous
+ @tornado.gen.engine
+ def get(self):
+ params = {
+ "name": options.serviceName,
+ "url": options.rpsBaseURL,
+ "type": options.serviceType,
+ "rps_prefix": options.rpsPrefix,
+ "icon_url": options.serviceIconUrl,
+ }
+
+ self.write(params)
+ self.finish()
+
+
class DefaultHandler(BaseHandler):
def get(self, input):
reason = "URI NOT FOUND"
@@ -1505,6 +1566,7 @@ class Application(tornado.web.Application):
(r"/{0}/setupDone/([0-9A-Fa-f]+)".format(rpsPrefix), RPSSetupDoneHandler), # POST
(r"/{0}/accessnumber".format(rpsPrefix), RPSAccessNumberHandler), # POST
(r"/{0}/getAccessNumber".format(rpsPrefix), RPSGetAccessNumberHandler), # POST
+ (r"/{0}/getQrUrl".format(rpsPrefix), RPSGetQrUrlHandler), # POST
(r"/{0}/clientSettings".format(rpsPrefix), ClientSettingsHandler),
(r"/{0}/authenticate".format(rpsPrefix), RPSAuthenticateHandler), # POST, for mobile login
# Authentication
@@ -1518,6 +1580,7 @@ class Application(tornado.web.Application):
(r"/loginResult", LoginResultHandler), # POST
(r"/status", StatusHandler),
+ (r"/service", ServiceHandler), # GET
(r"/dynamicOptions", DynamicOptionsHandler), # POST, GET
(r"/{0}/mobileConfig".format(rpsPrefix), MobileConfigHandler), # GET
(r"/(.*)", DefaultHandler),
[8/9] incubator-milagro-mfa-server git commit: Merge branch 'master'
of github.com:apache/incubator-milagro-mfa-server into rps-new-mobile-app
Posted by sa...@apache.org.
Merge branch 'master' of github.com:apache/incubator-milagro-mfa-server into rps-new-mobile-app
Project: http://git-wip-us.apache.org/repos/asf/incubator-milagro-mfa-server/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-milagro-mfa-server/commit/ae5dd05e
Tree: http://git-wip-us.apache.org/repos/asf/incubator-milagro-mfa-server/tree/ae5dd05e
Diff: http://git-wip-us.apache.org/repos/asf/incubator-milagro-mfa-server/diff/ae5dd05e
Branch: refs/heads/master
Commit: ae5dd05e1d45532cc7100cf3453aa9833e37abb8
Parents: 8b37a51 6747f64
Author: Pavlin Angelov <pa...@miracl.com>
Authored: Fri Aug 12 17:53:01 2016 +0300
Committer: Pavlin Angelov <pa...@miracl.com>
Committed: Fri Aug 12 17:53:01 2016 +0300
----------------------------------------------------------------------
README.md | 13 +------------
install.sh | 11 +++++------
2 files changed, 6 insertions(+), 18 deletions(-)
----------------------------------------------------------------------
[2/9] incubator-milagro-mfa-server git commit: Update default config
and default parameters to better represent the new options
Posted by sa...@apache.org.
Update default config and default parameters to better represent
the new options
Changed default time to expire QR from 1 minute to 5 minutes
Add basic mobile configs in config_default so the user would know easier
they are existing
Project: http://git-wip-us.apache.org/repos/asf/incubator-milagro-mfa-server/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-milagro-mfa-server/commit/dfe76707
Tree: http://git-wip-us.apache.org/repos/asf/incubator-milagro-mfa-server/tree/dfe76707
Diff: http://git-wip-us.apache.org/repos/asf/incubator-milagro-mfa-server/diff/dfe76707
Branch: refs/heads/master
Commit: dfe7670744c71067bd2e748ee478c2f24b079b49
Parents: 9839e04
Author: Pavlin Angelov <pa...@miracl.com>
Authored: Mon May 30 10:20:58 2016 +0300
Committer: Pavlin Angelov <pa...@miracl.com>
Committed: Mon May 30 10:20:58 2016 +0300
----------------------------------------------------------------------
servers/rps/config_default.py | 6 ++++++
servers/rps/rps.py | 2 +-
2 files changed, 7 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-milagro-mfa-server/blob/dfe76707/servers/rps/config_default.py
----------------------------------------------------------------------
diff --git a/servers/rps/config_default.py b/servers/rps/config_default.py
index 915efee..98896ef 100644
--- a/servers/rps/config_default.py
+++ b/servers/rps/config_default.py
@@ -113,6 +113,12 @@ LogoutURL = '/logout'
# rpsPrefix = 'rps' # Default
# setDeviceName = True
+"""Mobile client options"""
+# mobileUseNative = True # False by default
+serviceName = "Milagro MFA Demo"
+# serviceType = "online" # Default
+# serviceIconUrl = "http://example.com/icon.jpg"
+
"""Key value storage options"""
storage = 'memory'
http://git-wip-us.apache.org/repos/asf/incubator-milagro-mfa-server/blob/dfe76707/servers/rps/rps.py
----------------------------------------------------------------------
diff --git a/servers/rps/rps.py b/servers/rps/rps.py
index 2b4f176..ed6231b 100755
--- a/servers/rps/rps.py
+++ b/servers/rps/rps.py
@@ -100,7 +100,7 @@ define("seedValueLength", default=100, type=int)
define("DTALocalURL", default="", type=unicode)
# access number options
-define("accessNumberExpireSeconds", default=60, type=int)
+define("accessNumberExpireSeconds", default=300, type=int)
define("accessNumberExtendValiditySeconds", default=5, type=int)
define("accessNumberUseCheckSum", default=True, type=bool)
[6/9] incubator-milagro-mfa-server git commit: Return properly
formatted mobileService in ServiceHandler()
Posted by sa...@apache.org.
Return properly formatted mobileService in ServiceHandler()
Project: http://git-wip-us.apache.org/repos/asf/incubator-milagro-mfa-server/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-milagro-mfa-server/commit/82237363
Tree: http://git-wip-us.apache.org/repos/asf/incubator-milagro-mfa-server/tree/82237363
Diff: http://git-wip-us.apache.org/repos/asf/incubator-milagro-mfa-server/diff/82237363
Branch: refs/heads/master
Commit: 82237363cb3238c4fac79bc68d4a2e446bf7a977
Parents: a593b91
Author: Milen Rangelov <mi...@miracl.com>
Authored: Fri Jun 10 17:01:56 2016 +0300
Committer: Milen Rangelov <mi...@miracl.com>
Committed: Fri Jun 10 17:01:56 2016 +0300
----------------------------------------------------------------------
servers/rps/rps.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-milagro-mfa-server/blob/82237363/servers/rps/rps.py
----------------------------------------------------------------------
diff --git a/servers/rps/rps.py b/servers/rps/rps.py
index 1f8f115..7ca8e0f 100755
--- a/servers/rps/rps.py
+++ b/servers/rps/rps.py
@@ -861,7 +861,7 @@ class ServiceHandler(BaseHandler):
@tornado.gen.engine
def get(self):
if options.mobileService:
- params = str(options.mobileService)
+ params = json.dumps(options.mobileService)
self.write(params)
else:
self.set_status(403)
[9/9] incubator-milagro-mfa-server git commit: Merge remote-tracking
branch 'github-miracl/rps-new-mobile-app'
Posted by sa...@apache.org.
Merge remote-tracking branch 'github-miracl/rps-new-mobile-app'
Project: http://git-wip-us.apache.org/repos/asf/incubator-milagro-mfa-server/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-milagro-mfa-server/commit/d84beade
Tree: http://git-wip-us.apache.org/repos/asf/incubator-milagro-mfa-server/tree/d84beade
Diff: http://git-wip-us.apache.org/repos/asf/incubator-milagro-mfa-server/diff/d84beade
Branch: refs/heads/master
Commit: d84beade4462bf2aed47d84b71a1ca5248e430bf
Parents: 6747f64 ae5dd05
Author: Simeon Aladjem <si...@miracl.com>
Authored: Mon Aug 15 14:23:11 2016 +0300
Committer: Simeon Aladjem <si...@miracl.com>
Committed: Mon Aug 15 14:23:11 2016 +0300
----------------------------------------------------------------------
servers/rps/config_default.py | 6 +++
servers/rps/mobile_flow.py | 106 +++++++++++++++++++++++++++++++++++++
servers/rps/rps.py | 96 +++++++++++++++++++++++++--------
3 files changed, 185 insertions(+), 23 deletions(-)
----------------------------------------------------------------------
[7/9] incubator-milagro-mfa-server git commit: Merge branch 'master'
into rps-new-mobile-app
Posted by sa...@apache.org.
Merge branch 'master' into rps-new-mobile-app
Project: http://git-wip-us.apache.org/repos/asf/incubator-milagro-mfa-server/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-milagro-mfa-server/commit/8b37a515
Tree: http://git-wip-us.apache.org/repos/asf/incubator-milagro-mfa-server/tree/8b37a515
Diff: http://git-wip-us.apache.org/repos/asf/incubator-milagro-mfa-server/diff/8b37a515
Branch: refs/heads/master
Commit: 8b37a5158f7f98b12449ae0ffaf322c4c7af0d37
Parents: 8223736 3e62443
Author: Pavlin Angelov <pa...@miracl.com>
Authored: Tue Jun 21 15:06:07 2016 +0300
Committer: Pavlin Angelov <pa...@miracl.com>
Committed: Tue Jun 21 15:06:07 2016 +0300
----------------------------------------------------------------------
.gitignore | 2 +
README.md | 106 +++++++++++++++++++-------
install.sh | 219 +++++++++++++++++++++++++++++++++++++++++++++++++++++
lib/crypto.py | 6 +-
4 files changed, 303 insertions(+), 30 deletions(-)
----------------------------------------------------------------------
[5/9] incubator-milagro-mfa-server git commit: Fix shebang,
make service options dynamic
Posted by sa...@apache.org.
Fix shebang, make service options dynamic
Project: http://git-wip-us.apache.org/repos/asf/incubator-milagro-mfa-server/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-milagro-mfa-server/commit/a593b917
Tree: http://git-wip-us.apache.org/repos/asf/incubator-milagro-mfa-server/tree/a593b917
Diff: http://git-wip-us.apache.org/repos/asf/incubator-milagro-mfa-server/diff/a593b917
Branch: refs/heads/master
Commit: a593b91769abac09a68f47a0e5811357a309a4c3
Parents: 2dfaec0
Author: Milen Rangelov <mi...@miracl.com>
Authored: Fri Jun 10 16:22:08 2016 +0300
Committer: Milen Rangelov <mi...@miracl.com>
Committed: Fri Jun 10 16:22:08 2016 +0300
----------------------------------------------------------------------
servers/rps/rps.py | 18 ++++++++----------
1 file changed, 8 insertions(+), 10 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-milagro-mfa-server/blob/a593b917/servers/rps/rps.py
----------------------------------------------------------------------
diff --git a/servers/rps/rps.py b/servers/rps/rps.py
index 81aace9..1f8f115 100755
--- a/servers/rps/rps.py
+++ b/servers/rps/rps.py
@@ -1,4 +1,4 @@
-#!/usr/bin/en python
+#!/usr/bin/env python
#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
@@ -130,6 +130,7 @@ define("setDeviceName", default=False, type=bool)
# mobile client config
define("mobileUseNative", default=False, type=bool)
define("mobileConfig", default=None, type=list)
+define("mobileService", default=None, type=dict)
define("useNFC", default=False, type=bool)
define("serviceName", default="", type=unicode)
define("serviceType", default="online", type=unicode)
@@ -144,6 +145,7 @@ DYNAMIC_OPTION_MAPPING = {
'time_synchronization_period': 'timePeriod',
'mobile_use_native': 'mobileUseNative',
'mobile_client_config': 'mobileConfig',
+ 'mobile_service': 'mobileService',
}
@@ -858,15 +860,11 @@ class ServiceHandler(BaseHandler):
@tornado.web.asynchronous
@tornado.gen.engine
def get(self):
- params = {
- "name": options.serviceName,
- "url": options.rpsBaseURL,
- "type": options.serviceType,
- "rps_prefix": options.rpsPrefix,
- "icon_url": options.serviceIconUrl,
- }
-
- self.write(params)
+ if options.mobileService:
+ params = str(options.mobileService)
+ self.write(params)
+ else:
+ self.set_status(403)
self.finish()
[3/9] incubator-milagro-mfa-server git commit: Refactor: Extract
business logic in separete file
Posted by sa...@apache.org.
Refactor: Extract business logic in separete file
Extract mobile flow logic from the handler in separete file
We want it to be more easy to test and change
Project: http://git-wip-us.apache.org/repos/asf/incubator-milagro-mfa-server/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-milagro-mfa-server/commit/89ec87d3
Tree: http://git-wip-us.apache.org/repos/asf/incubator-milagro-mfa-server/tree/89ec87d3
Diff: http://git-wip-us.apache.org/repos/asf/incubator-milagro-mfa-server/diff/89ec87d3
Branch: refs/heads/master
Commit: 89ec87d330253f354241b63bab5487e71344edfb
Parents: dfe7670
Author: Pavlin Angelov <pa...@miracl.com>
Authored: Wed Jun 1 15:39:07 2016 +0300
Committer: Pavlin Angelov <pa...@miracl.com>
Committed: Wed Jun 1 15:39:07 2016 +0300
----------------------------------------------------------------------
servers/rps/mobile_flow.py | 54 +++++++++++++++++++++++++++++++++++++++++
servers/rps/rps.py | 34 +++-----------------------
2 files changed, 58 insertions(+), 30 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-milagro-mfa-server/blob/89ec87d3/servers/rps/mobile_flow.py
----------------------------------------------------------------------
diff --git a/servers/rps/mobile_flow.py b/servers/rps/mobile_flow.py
new file mode 100644
index 0000000..638b115
--- /dev/null
+++ b/servers/rps/mobile_flow.py
@@ -0,0 +1,54 @@
+import uuid
+import datetime
+
+from tornado.log import app_log as log
+from tornado.options import options
+
+from mpin_utils import secrets
+from mpin_utils.common import (
+ Time,
+)
+
+
+class MobileFlow:
+ """ Holds Bussines logic for the Mobile flow """
+
+ def __init__(self, application, storage):
+ self.application = application
+ self.storage = storage
+
+ def generate_wid(self):
+ # Generate request for MPinWIDServer for WID
+ wId = uuid.uuid4().hex
+
+ while wId is None or (self.storage.find(stage="auth", wid=wId)):
+ if wId is None:
+ log.debug("WebId is None".format(wId))
+ else:
+ log.debug("WebId {0} already exists. Generating a new one".format(wId))
+
+ wId = uuid.uuid4().hex
+ log.debug("New webId generated: {0}." .format(wId))
+
+ return wId
+
+ def generate_qr(self, wId):
+ webOTT = secrets.generate_ott(options.OTTLength, self.application.server_secret.rng, "hex")
+
+ nowTime = Time.syncedNow()
+ expirePinPadTime = nowTime + datetime.timedelta(seconds=options.accessNumberExpireSeconds)
+ expireTime = expirePinPadTime + datetime.timedelta(seconds=options.accessNumberExtendValiditySeconds)
+
+ self.storage.add(stage="auth", expire_time=expireTime, webOTT=webOTT, wid=wId)
+
+ qrUrl = options.rpsBaseURL + "#" + wId
+
+ params = {
+ "ttlSeconds": options.accessNumberExpireSeconds,
+ "qrUrl": qrUrl,
+ "webOTT": webOTT,
+ "localTimeStart": Time.DateTimetoEpoch(nowTime),
+ "localTimeEnd": Time.DateTimetoEpoch(expirePinPadTime)
+ }
+
+ return params
http://git-wip-us.apache.org/repos/asf/incubator-milagro-mfa-server/blob/89ec87d3/servers/rps/rps.py
----------------------------------------------------------------------
diff --git a/servers/rps/rps.py b/servers/rps/rps.py
index ed6231b..12986dd 100755
--- a/servers/rps/rps.py
+++ b/servers/rps/rps.py
@@ -27,7 +27,6 @@ import random
import sys
import time
import urllib
-import uuid
from urlparse import urlparse
import tornado.autoreload
@@ -57,6 +56,8 @@ from dynamic_options import (
process_dynamic_options,
)
+from mobile_flow import MobileFlow
+
if os.name == "posix":
from mpDaemon import Daemon
elif os.name == "nt":
@@ -714,35 +715,8 @@ class RPSGetQrUrlHandler(BaseHandler):
@tornado.web.asynchronous
@tornado.gen.engine
def post(self):
- # Generate request for MPinWIDServer for WID
- wId = uuid.uuid4().hex
-
- while wId is None or (self.storage.find(stage="auth", wid=wId)):
- if wId is None:
- log.debug("WebId is None".format(wId))
- else:
- log.debug("WebId {0} already exists. Generating a new one".format(wId))
-
- wId = uuid.uuid4().hex
-
- log.debug("New webId generated: {0}." .format(wId))
-
- webOTT = secrets.generate_ott(options.OTTLength, self.application.server_secret.rng, "hex")
-
- nowTime = Time.syncedNow()
- expirePinPadTime = nowTime + datetime.timedelta(seconds=options.accessNumberExpireSeconds)
- expireTime = expirePinPadTime + datetime.timedelta(seconds=options.accessNumberExtendValiditySeconds)
-
- self.storage.add(stage="auth", expire_time=expireTime, webOTT=webOTT, wid=wId)
-
- qrUrl = options.rpsBaseURL + "#" + wId
- params = {
- "ttlSeconds": options.accessNumberExpireSeconds,
- "qrUrl": qrUrl,
- "webOTT": webOTT,
- "localTimeStart": Time.DateTimetoEpoch(nowTime),
- "localTimeEnd": Time.DateTimetoEpoch(expirePinPadTime)
- }
+ mobileFlow = MobileFlow(self.application, self.storage)
+ params = mobileFlow.generate_qr(mobileFlow.generate_wid())
self.write(params)
self.finish()
[4/9] incubator-milagro-mfa-server git commit: Implement qr mobile
flow
Posted by sa...@apache.org.
Implement qr mobile flow
Created /codeStatus endpoint as expected by mobile apps to report their
status to the server
Change /accessnumber to /access and implement the new flow of reporting
statuses to the MPin-pad
Project: http://git-wip-us.apache.org/repos/asf/incubator-milagro-mfa-server/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-milagro-mfa-server/commit/2dfaec0f
Tree: http://git-wip-us.apache.org/repos/asf/incubator-milagro-mfa-server/tree/2dfaec0f
Diff: http://git-wip-us.apache.org/repos/asf/incubator-milagro-mfa-server/diff/2dfaec0f
Branch: refs/heads/master
Commit: 2dfaec0fc9b112ed1d6d0581c6bbb48ec0336b06
Parents: 89ec87d
Author: Pavlin Angelov <pa...@miracl.com>
Authored: Tue Jun 7 14:15:32 2016 +0300
Committer: Pavlin Angelov <pa...@miracl.com>
Committed: Wed Jun 8 17:45:40 2016 +0300
----------------------------------------------------------------------
servers/rps/mobile_flow.py | 52 ++++++++++++++++++++++++++++++++++++
servers/rps/rps.py | 59 ++++++++++++++++++++++++++---------------
2 files changed, 89 insertions(+), 22 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-milagro-mfa-server/blob/2dfaec0f/servers/rps/mobile_flow.py
----------------------------------------------------------------------
diff --git a/servers/rps/mobile_flow.py b/servers/rps/mobile_flow.py
index 638b115..27db65e 100644
--- a/servers/rps/mobile_flow.py
+++ b/servers/rps/mobile_flow.py
@@ -52,3 +52,55 @@ class MobileFlow:
}
return params
+
+ def update_app_status(self, data):
+ mobile_status = data.get('status')
+ params = {
+ 'Status': 'OK'
+ }
+
+ # Keyfind
+ keyAuth = self.storage.find(stage="auth", wid=data.get('wid'))
+ if not keyAuth:
+ return params
+
+ userId = data.get('userId')
+
+ keyAuth.update(mobile_status=mobile_status, userId=userId)
+
+ if mobile_status == "wid":
+ params = {
+ 'PrerollId': "", # We don't use it at the moment
+ 'AppName': options.serviceName,
+ 'AppLogoUrl': options.serviceIconUrl,
+ }
+
+ return params
+
+ def get_app_status(self, webOTT):
+ params = {
+ 'status': "new",
+ 'statusCode': 0,
+ 'userId': "",
+ 'redirectURL': "",
+ 'authOTT': ""
+ }
+
+ I = self.storage.find(stage="auth", webOTT=webOTT)
+ if not I:
+ log.debug("Cannot find webOTT: {0}".format(webOTT))
+ params['status'] = 'expired'
+ return params
+
+ if I.mobile_status:
+ params['status'] = I.mobile_status
+
+ if I.mobile_status == 'user' and I.userId:
+ params['userId'] = I.userId
+
+ authOTT = I.authOTT
+ if authOTT and (str(I.status) == "200"):
+ params['status'] = 'authenticate'
+ params['authOTT'] = authOTT
+
+ return params
http://git-wip-us.apache.org/repos/asf/incubator-milagro-mfa-server/blob/2dfaec0f/servers/rps/rps.py
----------------------------------------------------------------------
diff --git a/servers/rps/rps.py b/servers/rps/rps.py
index 12986dd..81aace9 100755
--- a/servers/rps/rps.py
+++ b/servers/rps/rps.py
@@ -1,4 +1,4 @@
-#!/usr/bin/env python
+#!/usr/bin/en python
#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
@@ -317,11 +317,12 @@ class ClientSettingsHandler(BaseHandler):
}
if not options.requestOTP:
- params["accessNumberURL"] = "{0}/accessnumber".format(baseURL)
+ params["accessNumberURL"] = "{0}/access".format(baseURL)
params["getAccessNumberURL"] = "{0}/getAccessNumber".format(baseURL)
if options.mobileUseNative:
params["getQrUrl"] = "{0}/getQrUrl".format(baseURL)
+ params["codeStatusURL"] = "{0}/codeStatus".format(baseURL)
self.write(params)
self.finish()
@@ -722,7 +723,7 @@ class RPSGetQrUrlHandler(BaseHandler):
self.finish()
-class RPSAccessNumberHandler(BaseHandler):
+class RPSAccessHanler(BaseHandler):
@tornado.web.asynchronous
@tornado.gen.engine
def post(self):
@@ -736,25 +737,10 @@ class RPSAccessNumberHandler(BaseHandler):
self.finish()
return
- I = self.storage.find(stage="auth", webOTT=webOTT)
- if not I:
- log.debug("Cannot find webOTT: {0}".format(webOTT))
-
- self.set_status(404)
- self.finish()
- return
+ params = MobileFlow(self.application, self.storage).get_app_status(webOTT)
- authOTT = I.authOTT
- if authOTT and (str(I.status) == "200"):
- self.write({"authOTT": authOTT})
- self.finish()
- else:
- if not authOTT:
- log.debug("authOTT not set for webOTT: {0}".format(webOTT))
- else:
- log.debug("Auth status for webOTT: {0}: {1}".format(webOTT, I.status))
- self.set_status(401)
- self.finish()
+ self.write(params)
+ self.finish()
class RPSAuthenticateHandler(BaseHandler):
@@ -1528,6 +1514,34 @@ class MobileConfigHandler(BaseHandler):
self.write(json.dumps(options.mobileConfig))
+class RPSCodeStatusHandler(BaseHandler):
+ @tornado.web.asynchronous
+ @tornado.gen.engine
+ def post(self):
+ try:
+ data = json.loads(self.request.body)
+ data['status']
+ except ValueError:
+ log.error("Cannot decode body as JSON.")
+ log.debug(self.request.body)
+ self.set_status(400, reason="BAD REQUEST. INVALID JSON")
+ self.finish()
+ return
+ except KeyError:
+ log.error("Invalid JSON data structure")
+ log.debug(data)
+ self.set_status(400, reason="BAD REQUEST. INVALID DATA")
+ self.finish()
+ return
+
+ mobileFlow = MobileFlow(self.application, self.storage)
+ params = mobileFlow.update_app_status(data)
+
+ self.set_status(200, 'OK')
+ self.write(params)
+ self.finish()
+
+
# MAIN
class Application(tornado.web.Application):
def __init__(self):
@@ -1538,9 +1552,10 @@ class Application(tornado.web.Application):
(r"/{0}/signature/([0-9A-Fa-f]+)".format(rpsPrefix), RPSSignatureHandler), # GET
(r"/{0}/timePermit/([0-9A-Fa-f]+)".format(rpsPrefix), RPSTimePermitHandler), # GET
(r"/{0}/setupDone/([0-9A-Fa-f]+)".format(rpsPrefix), RPSSetupDoneHandler), # POST
- (r"/{0}/accessnumber".format(rpsPrefix), RPSAccessNumberHandler), # POST
+ (r"/{0}/access".format(rpsPrefix), RPSAccessHanler), # POST
(r"/{0}/getAccessNumber".format(rpsPrefix), RPSGetAccessNumberHandler), # POST
(r"/{0}/getQrUrl".format(rpsPrefix), RPSGetQrUrlHandler), # POST
+ (r"/{0}/codeStatus".format(rpsPrefix), RPSCodeStatusHandler), # POST
(r"/{0}/clientSettings".format(rpsPrefix), ClientSettingsHandler),
(r"/{0}/authenticate".format(rpsPrefix), RPSAuthenticateHandler), # POST, for mobile login
# Authentication