[DRAFT] add configuration: yubico cloud URL

Jochen_Hein · March 28, 2016, 4:11pm

yubico: make the Yubico cloud URL configurable

This patch adds a field to Config -> Tokens -> Yubico which can
contain another validation server than the Yubico servers.

If there is no configuration stored we still use the Yubico
servers as default.

Any comments?

Jochen

diff --git a/privacyidea/lib/tokens/yubicotoken.py b/privacyidea/lib/tokens/yubicotoken.py
index 7b69fe1…07386a5 100644
— a/privacyidea/lib/tokens/yubicotoken.py
+++ b/privacyidea/lib/tokens/yubicotoken.py
@@ -51,7 +51,7 @@ import binascii

YUBICO_LEN_ID = 12
YUBICO_LEN_OTP = 44
-YUBICO_URL = “http://api.yubico.com/wsapi/2.0/verify”
+DEFAULT_YUBICO_URL = "http://api.yubico.com/wsapi/2.0/verify"
DEFAULT_CLIENT_ID = 20771
DEFAULT_API_KEY = “9iE9DRkPHQDJbAFFC31/dum5I54=”

@@ -138,6 +138,7 @@ class YubicoTokenClass(TokenClass):

     apiId = get_from_config("yubico.id", DEFAULT_CLIENT_ID)
     apiKey = get_from_config("yubico.secret", DEFAULT_API_KEY)

   YUBICO_URL = get_from_config("yubico.url", DEFAULT_YUBICO_URL)

   if apiKey == DEFAULT_API_KEY or apiId == DEFAULT_CLIENT_ID:
       log.warning("Usage of default apiKey or apiId not recomended!")

diff --git a/privacyidea/static/components/config/views/config.token.yubico.html b/privacyidea/static/components/config/views/config.token.yubico.html
index 4902201…d07c16d 100644
— a/privacyidea/static/components/config/views/config.token.yubico.html
+++ b/privacyidea/static/components/config/views/config.token.yubico.html
@@ -30,4 +30,13 @@
ng-model=“form[‘yubico.secret’]” name=“yubicoKey”>

+

Yubico URL
<input type=“text”
```
      required
```
```
      class="form-control"
```

      placeholder="{{ 'Yubico URL'|translate }}"

      ng-model="form['yubico.url']" name="yubicoURL">

+

–
The only problem with troubleshooting is that the trouble shoots back.

Jochen_Hein · March 28, 2016, 5:46pm

Jochen Hein <@Jochen_Hein> writes:

-YUBICO_URL = “http://api.yubico.com/wsapi/2.0/verify”
+DEFAULT_YUBICO_URL = “http://api.yubico.com/wsapi/2.0/verify”

Wouldn’t it be better to use https as default?

diff --git a/privacyidea/static/components/config/views/config.token.yubico.html b/privacyidea/static/components/config/views/config.token.yubico.html
index 4902201…d07c16d 100644
— a/privacyidea/static/components/config/views/config.token.yubico.html
+++ b/privacyidea/static/components/config/views/config.token.yubico.html
@@ -30,4 +30,13 @@
ng-model=“form[‘yubico.secret’]” name=“yubicoKey”>

+

Yubico URL

<input type=“text”

<input type="url" ?

```
      required
```
```
      class="form-control"
```

      placeholder="{{ 'Yubico URL'|translate }}"

      ng-model="form['yubico.url']" name="yubicoURL">

+

I think we need to add a default here too - but I have no idea how to
handle that. Let me try placeholder=“https://…”

Yes, that works - I’ll prepare an updated patch.

Jochen–
The only problem with troubleshooting is that the trouble shoots back.