From 772ed2b7e6eb43b38043a37362236853c8280ece Mon Sep 17 00:00:00 2001
From: David Kupka <dkupka@redhat.com>
Date: Thu, 25 Aug 2016 11:53:39 +0200
Subject: [PATCH] otptoken: Convert ipatokenotpkey on server

Force client to send the value of ipatokenotpkey as entered by user.
Otherwise client encodes the value with base64 before sending to server
resulting in using base32(base64(value)) instead of base32(value).

https://fedorahosted.org/freeipa/ticket/6247
---
 ipaserver/plugins/otptoken.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/ipaserver/plugins/otptoken.py b/ipaserver/plugins/otptoken.py
index f695678..389d5e9 100644
--- a/ipaserver/plugins/otptoken.py
+++ b/ipaserver/plugins/otptoken.py
@@ -215,6 +215,8 @@ class otptoken(LDAPObject):
             default_from=lambda: os.urandom(KEY_LENGTH),
             autofill=True,
             flags=('no_display', 'no_update', 'no_search'),
+            # force conversion on server
+            normalizer=lambda x: x,
         ),
         StrEnum('ipatokenotpalgorithm?',
             cli_name='algo',