I enabled token TOTP to user ldap with script python, but test OTP only and resync token not work. When i created the token through to site. The OTP code work. Why?
Script:
#!/opt/privacyidea/bin/python
from flask import Flask
from privacyidea.lib.token import init_token, get_tokens
from privacyidea.lib.user import User
import argparse
from flask_sqlalchemy import SQLAlchemy
from privacyidea.lib.utils import BASE58
from privacyidea.lib.crypto import generate_password
from privacyidea.app import create_app
import requests
import re
import sys
import urllib3
# Se o certificado está invalido do site, desabilita a mensagem de warning.
urllib3.disable_warnings()
__doc__ = """
Script alterado para habilitar token para o usuario.
"""
# You may change this
LOCAL_TOKEN = "totp"
LOCAL_TOKENLIBSHA="sha1"
CREATE_LOCAL_TOKEN_VIA_API = True
API_USER = "admin"
API_PASSWORD = "12345678"
# List of regex of users to exclude
EXCLUCDE_USERS = [".*@.*"]
def create_token(username, realm, descricao):
app = create_app(config_name="production",
config_file="/etc/privacyidea/pi.cfg",
silent=True)
with app.app_context():
# Set global values
params = {"type": LOCAL_TOKEN}
if username:
user = User(username, realm)
else:
user = User()
if LOCAL_TOKEN == "totp":
# For other tokens, we need genkey=1
params["genkey"] = 1
else:
print("Tipo de token está errado. Só funciona para totp ")
if CREATE_LOCAL_TOKEN_VIA_API:
params["user"] = username
params["realm"] = realm
params["description"] = descricao
params["hashlib"] = LOCAL_TOKENLIBSHA
r = requests.post('https://localhost/auth', verify=False,
data={"username": API_USER, "password": API_PASSWORD})
authorization = r.json().get("result").get("value").get("token")
r = requests.post('https://localhost/token/init', verify=False,
data=params,
headers={"Authorization": authorization})
serial = r.json().get("detail").get("serial")
else:
tok = init_token(params, user)
serial = tok.token.serial
return serial
parser = argparse.ArgumentParser()
parser.add_argument('--user', dest='username')
parser.add_argument('--realm', dest='realm')
parser.add_argument('--descricao', dest='descricao')
args = parser.parse_args()
for exclude_re in EXCLUCDE_USERS:
if re.match(exclude_re, args.username):
print("We do not enroll token for user {0!s}.".format(args.username))
sys.exit(0)
serial = create_token(args.username, args.realm, args.descricao)
print('Token criado e habilitado para usuario:', args.username, serial