OTP verification failed

karllo · February 18, 2022, 2:21am

I enabled token TOTP to user ldap with script python, but test OTP only and resync token not work. When i created the token through to site. The OTP code work. Why?

Script:


#!/opt/privacyidea/bin/python
from flask import Flask
from privacyidea.lib.token import init_token, get_tokens
from privacyidea.lib.user import User
import argparse
from flask_sqlalchemy import SQLAlchemy
from privacyidea.lib.utils import BASE58
from privacyidea.lib.crypto import generate_password
from privacyidea.app import create_app
import requests
import re
import sys
import urllib3
# Se o certificado está invalido do site, desabilita a mensagem de warning.
urllib3.disable_warnings()

__doc__ = """
     Script alterado para habilitar token para o usuario. 
"""

# You may change this
LOCAL_TOKEN = "totp"
LOCAL_TOKENLIBSHA="sha1"
CREATE_LOCAL_TOKEN_VIA_API = True
API_USER = "admin"
API_PASSWORD = "12345678"
# List of regex of users to exclude
EXCLUCDE_USERS = [".*@.*"]


def create_token(username, realm, descricao):
    app = create_app(config_name="production",
                     config_file="/etc/privacyidea/pi.cfg",
                     silent=True)
 
    with app.app_context():
        # Set global values
        params = {"type": LOCAL_TOKEN}
        if username:
            user = User(username, realm)
        else:
            user = User()
        
        if LOCAL_TOKEN == "totp":
            # For other tokens, we need genkey=1
            params["genkey"] = 1
        else:
            print("Tipo de token está errado. Só funciona para totp ")
       
        if CREATE_LOCAL_TOKEN_VIA_API:
            params["user"] = username
            params["realm"] = realm
            params["description"] = descricao
            params["hashlib"] = LOCAL_TOKENLIBSHA
            r = requests.post('https://localhost/auth', verify=False,
                              data={"username": API_USER, "password": API_PASSWORD})
            authorization = r.json().get("result").get("value").get("token")
            r = requests.post('https://localhost/token/init', verify=False,
                              data=params,
                              headers={"Authorization": authorization})
            serial = r.json().get("detail").get("serial")
        else:
            tok = init_token(params, user)
            serial = tok.token.serial
        return serial
 
 
parser = argparse.ArgumentParser()
parser.add_argument('--user', dest='username')
parser.add_argument('--realm', dest='realm')
parser.add_argument('--descricao', dest='descricao')
args = parser.parse_args()

for exclude_re in EXCLUCDE_USERS:
    if re.match(exclude_re, args.username):
        print("We do not enroll token for user {0!s}.".format(args.username))
        sys.exit(0)

serial = create_token(args.username, args.realm, args.descricao)
print('Token criado e habilitado para usuario:', args.username, serial

cornelinux · February 25, 2022, 10:52pm

I am sorry. It is not clear what you want.

karllo · March 5, 2022, 1:37am

Screenshot from 2022-03-04 22-20-52
When I create token with script.

cornelinux · March 5, 2022, 9:12am

Yes, the OTP value is wrong.

karllo · March 6, 2022, 1:54pm

When o create token with script, but when i created the token through to site. The OTP code work. Why?

cornelinux · March 7, 2022, 7:42pm

The script seems fine.
So it could be the configuration of your server or pin or so many other things.

karllo · March 8, 2022, 3:28am

I’m not that good at English. Token Wizard create correct CID_IMAGE “QR” in email, but “API REST” is not creating correct QR. There is difference in creating google code. The script not send CID_IMAGE correct.

karllo · March 8, 2022, 9:15pm

How enable user token LDAP with CID TOKEN_IMAGE correct through script?