6.1.1.2.1.10. linotp.controllers.selfservice module¶
- selfservice controller - This is the controller for the self service interface,
where users can manage their own tokens
All functions starting with /selfservice/user... are data functions and protected by the session key i.e. the session key must be passed as the parameter session=
- class linotp.controllers.selfservice.SelfserviceController(*args, **kw)[source]¶
Bases: linotp.lib.base.BaseController
- assign()[source]¶
In this form the user may assign an already existing Token to himself. For this, the user needs to know the serial number of the Token.
- authUser = None¶
- custom_style()[source]¶
In case the user hasn’t defined a custom css, Pylons calls this action. Return an empty file instead of a 404 (which would mean hitting the debug console)
- load_form()[source]¶
This shows the enrollment form for a requested token type.
implicit parameters are:
Parameters: - type – token type
- scope – defines the rendering scope
Returns: rendered html of the requested token
- resync()[source]¶
In this form, the user can resync an HMAC based OTP token by providing two OTP values
- setmpin()[source]¶
In this form the user my set the PIN for his mOTP application soft token on his phone. This is the pin, he needs to enter on his phone, before a otp value will be generated.
- setpin()[source]¶
In this form the user may set the OTP PIN, which is the static password he enters when logging in in front of the otp value.
- useractivateocratoken()[source]¶
useractivateocratoken - called from the selfservice web ui to activate the OCRA token
Parameters: - type (string) – ‘ocra’
- serial (string) – serial number of the token
- activationcode (string - activationcode format) – the calculated activation code
Returns: dict about the token
Return type: - { ‘activate’: True, ‘ocratoken’ : {
‘url’ : url, ‘img’ : ‘<img />’, ‘label’ : “%s@%s” % (self.authUser.login,
self.authUser.realm),
‘serial’ : serial,
} }
- userassign()[source]¶
This is the internal assign function that is called from within the self service portal
- userdelete()[source]¶
This is the internal delete token function that is called from within the self service portal The user is only allowed to delete token, that belong to him.
- userdisable()[source]¶
This is the internal disable function that is called from within the self service portal
- userenable()[source]¶
This is the internal disable function that is called from within the self service portal to enable a token
- userfinshocra2token()[source]¶
- userfinshocra2token - called from the selfservice web ui to finish
- the OCRA2 token to run the final check_t for the token
Parameters: - passw (string) – the calculated verificaton otp
- transactionid (string) – the transactionid
Returns: dict about the token
Return type: - { ‘result’ = ok
‘failcount’ = int(failcount)
}
- userfinshocratoken()[source]¶
- userfinshocratoken - called from the selfservice web ui to finish the OCRA token to
- run the final check_t for the token
Parameters: - passw (string) – the calculated verificaton otp
- transactionid (string) – the transactionid
Returns: dict about the token
Return type: - { ‘result’ = ok
‘failcount’ = int(failcount)
}
- usergetSerialByOtp()[source]¶
- method:
- selfservice/usergetSerialByOtp
- description:
- searches for the token, that generates the given OTP value. The search can be restricted by several critterions This method only searches tokens in the realm of the user and tokens that are not assigned!
- arguments:
- otp - required. Will search for the token, that produces
- this OTP value
type - optional, will only search in tokens of type
- returns:
- a json result with the serial
- exception:
- if an error occurs an exception is serialized and returned
- usergetmultiotp()[source]¶
Using this function the user may receive OTP values for his own tokens.
- method:
- selfservice/getmultiotp
- arguments:
- serial - the serial number of the token count - number of otp values to return curTime - used ONLY for internal testing: datetime.datetime object
- returns:
- JSON response
- userhistory()[source]¶
This returns the list of the tokenactions of this user It returns the audit information for the given search pattern
- method:
- selfservice/userhistory
- arguments:
key, value pairs as search patterns.
- or: Usually the key=values will be locally AND concatenated.
- it a parameter or=true is passed, the filters will be OR concatenated.
- The Flexigrid provides us the following parameters:
- (‘page’, u‘1’), (‘rp’, u‘100’), (‘sortname’, u’number’), (‘sortorder’, u’asc’), (‘query’, u’‘), (‘qtype’, u’serial’)]
- returns:
- JSON response
- userresync()[source]¶
This is the internal resync function that is called from within the self service portal
- userunassign()[source]¶
This is the internal unassign function that is called from within the self service portal. The user is only allowed to unassign token, that belong to him.
- linotp.controllers.selfservice.add_dynamic_selfservice_enrollment(actions)[source]¶
- add_dynamic_actions - load the html of the dynamic tokens
- according to the policy definition
Parameters: actions (array of actions names) – the allowd policy actions for the current scope Returns: hash of {tokentype : html for tab}
- linotp.controllers.selfservice.add_dynamic_selfservice_policies(actions)[source]¶
- add_dynamic_actions - load the html of the dynamic tokens
- according to the policy definition
Parameters: actions (array of actions names) – the allowd policy actions for the current scope Returns: hash of {tokentype : html for tab}