From a2ae2918dd3dce00c4d5b7aa61d6f5ba08b5e97f Mon Sep 17 00:00:00 2001
From: Nathaniel McCallum <npmccallum@redhat.com>
Date: Mon, 10 Feb 2014 12:07:51 -0500
Subject: Fix generation of invalid OTP URIs

https://fedorahosted.org/freeipa/ticket/4169

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
---
 ipalib/plugins/otptoken.py | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'ipalib/plugins/otptoken.py')

diff --git a/ipalib/plugins/otptoken.py b/ipalib/plugins/otptoken.py
index 7462ca9f..a85a6431 100644
--- a/ipalib/plugins/otptoken.py
+++ b/ipalib/plugins/otptoken.py
@@ -202,6 +202,15 @@ class otptoken_add(LDAPCreate):
     )
 
     def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options):
+        # These are values we always want to write to LDAP. So if they are
+        # specified as a value that evaluates to False (i.e. None), delete them
+        # and fill in the defaults below.
+        for attr in ('ipatokentotpclockoffset', 'ipatokentotptimestep',
+                     'ipatokenotpalgorithm', 'ipatokenotpdigits',
+                     'ipatokenotpkey'):
+            if attr in entry_attrs and not entry_attrs[attr]:
+                del entry_attrs[attr]
+
         # Set defaults. This needs to happen on the server side because we may
         # have global configurable defaults in the near future.
         options.setdefault('type', TOKEN_TYPES[0])
-- 
cgit