-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathsso_factors.py
172 lines (139 loc) · 4.4 KB
/
sso_factors.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
import numbers
from enum import Enum, EnumMeta
from functools import total_ordering
def _get_int(obj, check_class: bool = True) -> int:
try:
if obj.__class__ == str:
potential_num = obj.strip().split(".")[0]
if potential_num in _factorQuality:
return _factorQuality[potential_num]
if potential_num.isnumeric():
return int(potential_num)
if check_class and obj in FactorQuality:
return FactorQuality.get(obj).value
if isinstance(obj, numbers.Real):
return int(obj)
except:
pass
return None
class FactorQualityMeta(EnumMeta):
def __contains__(self, other):
try:
self(other)
except ValueError:
if other.__class__ == str:
if other.lower() in self.list():
return True
return False
else:
return True
_factorQuality = {
"none": 0,
"low": 1,
"medium": 2,
"high": 3,
"veryhigh": 4,
"highest": 5,
}
@total_ordering
class FactorQuality(str, Enum, metaclass=FactorQualityMeta):
none: str = "none"
low: str = "low"
medium: str = "medium"
high: str = "high"
veryhigh: str = "veryhigh"
highest: str = "highest"
def __eq__(self, other):
i = _get_int(other)
if i or i == 0:
return _factorQuality[self.value] == i
return NotImplemented
def __lt__(self, other):
i = _get_int(other)
if i is None:
return False
if i or i == 0:
return _factorQuality[self.value] < i
return NotImplemented
def __gt__(self, other):
i = _get_int(other)
if i is None:
return False
if i or i == 0:
return _factorQuality[self.value] > i
return NotImplemented
def __le__(self, other):
i = _get_int(other)
if i is None:
return False
if i or i == 0:
return _factorQuality[self.value] <= i
return NotImplemented
def __ge__(self, other):
i = _get_int(other)
if i is None:
return False
if i or i == 0:
return _factorQuality[self.value] >= i
return NotImplemented
def __str__(self):
return self.name
def __repr__(self):
return f"<FactorQuality('{self.name}')>"
def __json__(self):
return str(self)
def acr(self):
if self.value == "none":
return None
elif self.value == "low":
return "0"
elif self.value == "medium":
return {"values": ["AAL1"]}
elif self.value == "high":
return {"values": ["AAL2"]}
elif self.value == "veryhigh":
return {"values": ["AAL3"]}
elif self.value == "highest":
return {"values": ["AAL3"]}
return None
@classmethod
def list(cls):
return [x.name for x in cls]
@classmethod
def get(cls, value=None):
try:
if value:
valstr = str(value).lower()
for member in cls:
if member.name == valstr:
return member
if type(value) == int or _get_int(value, check_class=False) is not None:
vint = _get_int(value, check_class=False)
for member in cls:
if _factorQuality[member.value] == vint:
return member
except Exception:
pass
return cls.none
def calculate_auth_quality(pf_quality=None, mfa_quality=None) -> str:
pfq = FactorQuality.get(pf_quality)
mfq = FactorQuality.get(mfa_quality)
# if no multifactor multifactor, then use the primary factor value
if pfq == "none" and mfq == "none":
return pfq
if pfq >= "high" and mfq >= "veryhigh":
return FactorQuality.highest
if pfq >= "high" and mfq >= "high":
return FactorQuality.veryhigh
if pfq >= "medium" and mfq >= "highest":
return FactorQuality.veryhigh
if pfq >= "high":
return FactorQuality.high
if pfq >= "medium" and mfq >= "high":
return FactorQuality.high
if pfq >= "medium":
return FactorQuality.medium
# if no multifactor multifactor, then use the primary factor value
if pfq != "none" and mfq == "none":
return pfq
return FactorQuality.low