8.6.6. RequestMangler Handler Module

The RequestMangler is a special handler module, that can modify the request parameters of an HTTP request. This way privacyIDEA can change the data that is processed within the request.

Usually this handler is used in the pre location. However there might be occasions when you want to modify parameters only before passing them to the next post handler. In this case you can also use the RequestMangler handler in the post location.

8.6.6.1. Possible Actions

8.6.6.1.1. delete

This action simply deletes the given parameter from the request.

E.g. you could in certain cases delete the transaction_id from a /validate/check request. This way you would render challenge response inactive.

8.6.6.1.2. set

This action is used to add or modify additional request parameters.

You can set a parameter with the value or substrings of another parameter.

This is why this action takes the additional options value, match_parameter and match_pattern. match_pattern always needs to match the complete value of the match_parameter.

If you simply want to set a parameter to a fixed value you only need the options:

  • parameter: as the name of the parameter you want to set and

  • value: to set to a fixed value.

If you can to set a parameter based on the value of another parameter, you can use the regex notation () and the python string formatting tags {0}, {1}.

Example 1

To set the realm based on the username parameter:

parameter: realm
match_parameter: username
match_pattern: .*@(.*)
value: {0}

A request like:

username=surname.givenname@example.com
realm=

with an empty realm will be modified to:

username=surname.givenname@example.com
realm=example.com

since, the pattern .*@(.*) will match the email address and extract the domain after the “@” sign. The python tag “{0}” will be replaced with the matching domainname.

Example 2

To simply change the domain name in the very same parameter:

parameter: username
match_parameter: username
match_pattern: (.*)@example.com
value: {0}@newcompany.com

A request like:

username=surname.givenname@example.com

will be modified to:

username=surname.givenname@newcompany.com

Note

The match_pattern in the above example will not match “surname.givenname@example.company”, since it always matches the complete value as mentioned above.

8.6.6.2. Code

This is the event handler module modifying request parameters.

class privacyidea.lib.eventhandler.requestmangler.ACTION_TYPE[source]

Allowed actions

DELETE = 'delete'
SET = 'set'
class privacyidea.lib.eventhandler.requestmangler.RequestManglerEventHandler[source]

An Eventhandler needs to return a list of actions, which it can handle.

It also returns a list of allowed action and conditions

It returns an identifier, which can be used in the eventhandlig definitions

property actions

This method returns a dictionary of allowed actions and possible options in this handler module.

Returns

dict with actions

property allowed_positions

This returns the allowed positions of the event handler definition. :return: list of allowed positions

description = 'This event handler can modify the parameters in the request.'
do(action, options=None)[source]

This method executes the defined action in the given event.

Parameters
  • action

  • options (dict) – Contains the flask parameters g, request, response and the handler_def configuration

Returns

identifier = 'RequestMangler'