smstoken.py updates for new sms token created and sent everytime you try to login with sms token both valid and invalid
-new SMS action created - smsonfail
class SMSACTION(object):
SMSTEXT = "smstext"
SMSAUTO = "smsautosend"
SMSONFAIL = “smsonfail”
-function def get_class_info(…, add web GUI option
’policy’: {
SCOPE.AUTH: {
SMSACTION.SMSTEXT: {
‘type’: ‘str’,
‘desc’: _(‘The text that will be send via SMS for’
’ an SMS token. Use and '
‘as parameters.’)},
SMSACTION.SMSAUTO: {
‘type’: ‘bool’,
‘desc’: _('If set, a new SMS OTP will be sent '
'after successful authentication with '
‘one SMS OTP.’)},
SMSACTION.SMSONFAIL: {
‘type’: ‘bool’,
‘desc’: _('If set, a new SMS OTP will be sent '
'after any unsuccessful authentication with '
‘one SMS OTP.’)},
}
-new handle function created def _get_sms_onfail(options): , it’s copy of _get_auto_sms(options), just checking different SMSACTION. It would be better to join both functions with SMSACTION parameter but not today.
def _get_sms_onfail(options):
"""
This returns the SMSONFAIL setting.
:param options: contains user and g object.
:optins type: dict
:return: True if an SMS should be sent automatically on failure
:rtype: bool
"""
smsonfail = False
g = options.get("g")
user_object = options.get("user")
username = None
realm = None
if user_object:
username = user_object.login
realm = user_object.realm
if g:
clientip = options.get("clientip")
policy_object = g.policy_object
smsonfailpol = policy_object.\
get_policies(action=SMSACTION.SMSONFAIL,
scope=SCOPE.AUTH,
realm=realm,
user=username,
client=clientip, active=True)
smsonfail = len(smsonfailpol) >= 1
return smsonfail
-last step is update of function def check_otp(self, anOtpVal, counter=None, window=None, options=None) and activate new option check.
if ret >= 0 and self._get_auto_sms(options):
message = self._get_sms_text(options)
self.inc_otp_counter(ret, reset=False)
success, message = self._send_sms(message=message)
log.debug("AutoSMS: send new SMS: {0!s}".format(success))
log.debug("AutoSMS: {0!r}".format(message))
elif ret == -1 and self._get_sms_onfail(options):
success, message, transId, attr = self.create_challenge(options = options)
log.debug("OnfailSMS: send new SMS: {0!s}".format(success))
log.debug("OnfailSMS: {0!r}".format(message))
-so SMS is sent when you authenticate successfully (former code) and there is addon with new option to send SMS with new OTP code on authetication failure. It make sense to use smsonfail option only with auto_sms option.