[Freeipa-devel] [PATCH 0042] Rework how otptoken defaults are handled

Nathaniel McCallum npmccallum at redhat.com
Fri Feb 21 15:09:50 UTC 2014


On Fri, 2014-02-21 at 09:45 -0500, Nathaniel McCallum wrote:
> We had originally decided to provide defaults on the server side so that
> they could be part of a global config for the admin. However, on further
> reflection, only certain defaults really make sense given the
> limitations of Google Authenticator. Similarly, other defaults may be
> token specific.
> 
> Attempting to handle defaults on the server side also makes both the UI
> and the generated documentation unclear.
> 
> NOTE: this patch changes an existing API. VERSION says that we should
> bump the major version in this case. But we haven't actually released
> this API yet. Please advise.

I forgot to mention something else about this patch. The default_from in
the key parameter generates a warning. This is because the default is a
bytes string and internally a check is done against NULLS
(constants.py:36). The u'' in NULLS forces an attempt to convert the
byte string to unicode. When this fails (because ipatokenotpkey is *NOT*
a string but a byte array), a warning is thrown.

Since '' and u'' evaluate as equal, what is the point of having u'' in
NULLS? I don't see any way to suppress this warning except to remove u''
from NULLS.

Nathaniel




More information about the Freeipa-devel mailing list