6.1.1.2.1.8. linotp.controllers.ocra module

ocra controller - Interface for the Challenge Response Token (OCRA)

class linotp.controllers.ocra.OcraController(*args, **kw)

Bases: linotp.lib.base.BaseController

The OcraController implements challenges/response tokens according to RFC 6287

calculateOtp()

check_t()

method:

ocra/check_t

description:

verify the response of the ocra token

arguments:

• transactionid: (required - string)

  Dies ist eine Transaktions-ID, die bei der Challenge ausgegeben wurde.

• pass: (required - string)

  die response, die der OCRA Token auf Grund der Challenge berechnet hat

returns:

A JSON response:

{
 "version": "LinOTP 2.4",
 "jsonrpc": "2.0",
 "result": {
     "status": true,
     "value": {
         "failcount" : 3,
         "result": false
        }
    },
 "id": 0
}

exception:

checkstatus()

method:

ocra/checkstatus

description:

Methode zur assynchronen Ueberpruefungen eines Challenge Response Valiadation requests

arguments:

• transactionid: (required one of - string - (hex))

  Dies ist eine Transaktions-ID, die bei der Challenge ausgegeben wurde.

• serial: (required one of - string)

  die Serien Nummer des OCRA Token

• user: (required one of - string)

  die Benutzer eines Tokens

required is one of (user,serial,transactionid)

returns:

A JSON response:

{
 "version": "LinOTP 2.4",
 "jsonrpc": "2.0",
 "result": {
     "status": true,
     "value": [
             {
             "serial": SERIENNUMMER1,
             "transactionid": TRANSACTIONID1,
             "received_tan": true,
             "valid_tan": true,
             "failcount": 0
             },
             {
             "serial": SERIENNUMMER1,
             "transactionid": TRANSACTIONID2,
             "received_tan": false,
             "valid_tan": false,
             "failcount": 0
             },
             {
             "serial": SERIENNUMMER2,
             "transactionid": TRANSACTIONID3,
             "received_tan": true,
             "valid_tan": false,
             "failcount": 2
             },
         ]
     },
 "id": 0
 }

exception:

getActivationCode()

method:

ocra/getActivationCode

description:

returns an valid example activcation code

arguments:

./.

returns:

JSON with “activationcode”: “JZXW4ZI=2A”

request()

method:

ocra/request

description:

request a challenge for a user or for a serial number (token).

arguments:

• serial: (required - string) Serial number of the token, for which a challenge should be generated (either serial or user is required)
• user: (required - string) The user for whose token a challenge should be generated If the user has more than one token, an error is returend. (either serial or user is required)
• data: (required - String: URLendoced) These are the display data, that can be used to generate the challenge

remark:

the app will report a wrong qrcode, if the policy:

{'authentication' : qrtanurl=https://localhost }

is not defined !!

returns:

A JSON respone:

{
    "version": "LinOTP 2.4",
    "jsonrpc": "2.0",
    "result": {
        "status": true,
        "value": false,
    },
    "detail": {
            "transactionid" : TRANSAKTIONSID,
            "data" : DATAOBJECT,
    }
}

• transactionid: This is the transaction ID, that is used later for verifying the Return code /TAN.
• data: This is an object (URL) which can be used to generate a QR-Code to be displayed to the QRTAN App