Source code for privacyidea.lib.eventhandler.requestmangler

# -*- coding: utf-8 -*-
#  2019-09-06 Cornelius Kölbel <>
#             Initial writup
# License:  AGPLv3
# (c) 2019. Cornelius Kölbel
# This code is free software; you can redistribute it and/or
# modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
# License as published by the Free Software Foundation; either
# version 3 of the License, or any later version.
# This code is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# You should have received a copy of the GNU Affero General Public
# License along with this program.  If not, see <>.
__doc__ = """This is the event handler module modifying request parameters.
from privacyidea.lib.eventhandler.base import BaseEventHandler
from privacyidea.lib.token import (get_token_types, set_validity_period_end,
from privacyidea.lib.realm import get_realms
from privacyidea.lib.token import (set_realms, remove_token, enable_token,
                                   unassign_token, init_token, set_description,
                                   set_count_window, add_tokeninfo,
                                   set_failcounter, delete_tokeninfo)
from privacyidea.lib.utils import (parse_date, is_true,
from privacyidea.lib.tokenclass import DATE_FORMAT, AUTH_DATE_FORMAT
from privacyidea.lib import _
import json
import logging
import re
import datetime
import yaml
from dateutil.parser import parse as parse_date_string
from import tzlocal

log = logging.getLogger(__name__)

[docs]class ACTION_TYPE(object): """ Allowed actions """ SET = "set" DELETE = "delete"
[docs]class RequestManglerEventHandler(BaseEventHandler): """ An Eventhandler needs to return a list of actions, which it can handle. It also returns a list of allowed action and conditions It returns an identifier, which can be used in the eventhandlig definitions """ identifier = "RequestMangler" description = "This event handler can modify the parameters in the request." @property def allowed_positions(cls): """ This returns the allowed positions of the event handler definition. :return: list of allowed positions """ """ Usually we would only modify the parameters in the PRE location, so that the request is handled with the modified parameters. But we could also modify the parameters in the POST location, so that the request is handled with the original parameters, but *after* the request is handled, some parameters can be changed to that an event handler, that is called *After* the RequestMangler gets other input parameters. At the time of writing I can not make up a scenario, but technically it could make sense. """ return ["post", "pre"] @property def actions(cls): """ This method returns a dictionary of allowed actions and possible options in this handler module. :return: dict with actions """ actions = {ACTION_TYPE.DELETE: {"parameter": {"type": "str", "required": True, "description": _("The parameter that should be deleted.")} }, ACTION_TYPE.SET: {"parameter": {"type": "str", "required": True, "description": _("The parameter that should be added or modified.") }, "value": {"type": "str", "required": True, "description": _("The new value of the parameter. Can contain tags like {0}, {1} for " "the matched sub strings.") }, "match_parameter": {"type": "str", "description": _("The parameter, that should match some values.") }, "match_pattern": {"type": "str", "description": _("The value of the match_parameter. It can contain a regular " "expression and '()' to transfer values to the new parameter.") } } } return actions
[docs] def do(self, action, options=None): """ This method executes the defined action in the given event. :param action: :param options: Contains the flask parameters g, request, response and the handler_def configuration :type options: dict :return: """ ret = True request = options.get("request") handler_def = options.get("handler_def") handler_options = handler_def.get("options", {}) parameter = handler_options.get("parameter") if parameter: if action.lower() == ACTION_TYPE.DELETE: if parameter in request.all_data: del(request.all_data[parameter]) elif action.lower() == ACTION_TYPE.SET: value = handler_options.get("value") match_parameter = handler_options.get("match_parameter") match_pattern = handler_options.get("match_pattern") if value is not None: # We only take action, if we have a value, even an empty string "". if not match_parameter: # simple setting a parameter request.all_data[parameter] = value elif match_pattern and match_parameter in request.all_data: # setting a parameter depending on another value, # but only set it, if match_parameter exists """ Note: Beware user supplied format-string like "match_pattern", it can be dangerous: but in our case it is fine because no objects are involved, as m.groups() always returns a tuple of strings """ m = re.match("^" + match_pattern + "$", request.all_data.get(match_parameter)) if m: # Now we set the new value with the matching tuple try: request.all_data[parameter] = value.format(*m.groups()) except IndexError: log.warning("The number of found tags ({0!r}) " "do not match the required number ({1!r}).".format(m.groups(), value)) return ret