From 397b2876e2f9bf1c5b3ad3e2874a92715ccda599 Mon Sep 17 00:00:00 2001
From: Nathaniel McCallum <npmccallum@redhat.com>
Date: Tue, 1 Oct 2013 14:26:38 -0400
Subject: Add OTP support to ipalib CLI

https://fedorahosted.org/freeipa/ticket/3368
---
 ipalib/plugins/user.py | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

(limited to 'ipalib/plugins/user.py')

diff --git a/ipalib/plugins/user.py b/ipalib/plugins/user.py
index ae927b642..3c8353ffa 100644
--- a/ipalib/plugins/user.py
+++ b/ipalib/plugins/user.py
@@ -379,7 +379,7 @@ class user(LDAPObject):
             cli_name='user_auth_type',
             label=_('User authentication types'),
             doc=_('Types of supported user authentication'),
-            values=(u'password', u'radius'),
+            values=(u'password', u'radius', u'otp'),
             csv=True,
         ),
         Str('userclass*',
@@ -648,6 +648,14 @@ class user_del(LDAPDelete):
     def pre_callback(self, ldap, dn, *keys, **options):
         assert isinstance(dn, DN)
         check_protected_member(keys[-1])
+
+        # Delete all tokens owned by this user
+        owner = self.api.Object.user.get_primary_key_from_dn(dn)
+        results = self.api.Command.otptoken_find(ipatokenowner=owner)['result']
+        for token in results:
+            token = self.api.Object.otptoken.get_primary_key_from_dn(token['dn'])
+            self.api.Command.otptoken_del(token)
+
         return dn
 
 api.register(user_del)
-- 
cgit