utils: remove wrong limitation on secret length, make secret only required for the generate command

2014-03-10 14:25:04 +01:00 · 2014-03-10 14:25:04 +01:00 · d533635916
parent fe05bc40d0
commit d533635916
1 changed files with 15 additions and 14 deletions
--- a/authentic2_idp_ltpa/utils.py
+++ b/authentic2_idp_ltpa/utils.py
@ -12,7 +12,6 @@ def decode_secret(secret):
        secret = secret[4:].decode('base64')
    elif secret.startswith('hex:'):
        secret = secret[4:].decode('hex')
-    assert len(secret) == 20, 'secret must be 20 bytes long'
    return secret

 def generate_domino_ltpa_token(user, secret, creation=None, expire=None,
@ -61,10 +60,9 @@ if __name__ == '__main__':
    import datetime

    parser = argparse.ArgumentParser(description='Process some integers.')
-    parser.add_argument('--secret',
-            required=True,
-            help='secret as hex or b64 string, must be 20 bytes long, prefix '
-                 'with hex: or b64:')
+    secret_arg = parser.add_argument('--secret',
+            help='secret as plain, hex or base-64 encoded string, prefix '
+                 'with hex: or b64: for encoded strings')
    subparsers = parser.add_subparsers(help='sub-command help')

    # create the parser for the "a" command
@ -78,19 +76,22 @@ if __name__ == '__main__':
    parser_parse.add_argument('token', help='the LTPA cookie content')

    args = parser.parse_args()
-    if args.secret.startswith('hex:'):
-        secret = args.secret[4:].decode('hex')
-    elif args.secret.startswith('b64:'):
-        secret = args.secret[4:].decode('base64')
-    else:
-        secret = args.secret
-    assert len(secret) == 20, 'an LTPA secret must be 20 bytes long'
+    if args.secret:
+        if args.secret.startswith('hex:'):
+            args.secret = args.secret[4:].decode('hex')
+        elif args.secret.startswith('b64:'):
+            args.secret = args.secret[4:].decode('base64')
+        else:
+            args.secret = args.secret

    if args.command == 'generate':
+        if not args.secret:
+            raise argparse.ArgumentError(secret_arg,
+                    'is required to generate a token')
        print generate_domino_ltpa_token(user=args.user,
-                secret=secret)
+                secret=args.secret)
    elif args.command == 'parse':
-        user, creation, expire = parse_token(args.token, secret=secret)
+        user, creation, expire = parse_token(args.token, secret=args.secret)
        def from_timestamp(t):
            return datetime.datetime.utcfromtimestamp(t).isoformat() + 'Z'
        print 'User:', user