6.1.1.3.2.29. linotp.lib.token module¶
contains several token api functions
- class linotp.lib.token.TokenIterator(user, serial, page=None, psize=None, filter=None, sort=None, sortdir=None, filterRealm=None, user_fields=None, params=None)[source]¶
Bases: object
TokenIterator class - support a smooth iterating through the tokens
- linotp.lib.token.assignToken(serial, user, pin, param=None)[source]¶
assignToken - used to assign and to unassign token
- linotp.lib.token.auto_assignToken(passw, user, pin='', param=None)[source]¶
This function is called to auto_assign a token, when the user enters an OTP value of an not assigned token.
- linotp.lib.token.checkSerialPass(serial, passw, options=None, user=None)[source]¶
This function checks the otp for a given serial @attention: the parameter user must be set, as the pin policy==1 will verify the user pin
- linotp.lib.token.checkTokenList(tokenList, passw, user=User(login='', realm='', conf='' ::resolverUid:{}, resolverConf:{}), options=None)[source]¶
identify a matching token and test, if the token is valid, locked .. This function is called by checkSerialPass and checkUserPass to
Parameters: - tokenList – list of identified tokens
- passw – the provided passw (mostly pin+otp)
- user – the identified use - as class object
- option – additonal parameters, which are passed to the token
Returns: tuple of boolean and optional response
- linotp.lib.token.checkUserPass(user, passw, options=None)[source]¶
Parameters: - user – the to be identified user
- passw – the identifiaction pass
- options – optional parameters, which are provided to the token checkOTP / checkPass
Returns: tuple of True/False and optional information
- linotp.lib.token.checkYubikeyPass(passw)[source]¶
Checks the password of a yubikey in Yubico mode (44,48), where the first 12 or 16 characters are the tokenid
Parameters: passw (string) – The password that consist of the static yubikey prefix and the otp Returns: True/False and the User-Object of the token owner Return type: dict
- linotp.lib.token.check_serial(serial)[source]¶
This checks, if a serial number is already contained.
- The function returns a tuple:
- (result, new_serial)
If the serial is already contained a new, modified serial new_serial is returned.
result: bool: True if the serial does not already exist.
- linotp.lib.token.copyTokenPin(serial_from, serial_to)[source]¶
This function copies the token PIN from one token to the other token. This can be used for workflows like lost token.
In fact the PinHash and the PinSeed need to be transferred
- returns:
- 1 : success -1: no source token -2: no destination token
- linotp.lib.token.copyTokenUser(serial_from, serial_to)[source]¶
This function copies the user from one token to the other This can be used for workflows like lost token
- returns:
- 1: success -1: no source token -2: no destination token
- linotp.lib.token.createTokenClassObject(token, typ=None)[source]¶
createTokenClassObject - create a token class object from a given type
Parameters: - token (database token) – the database refeneced token
- typ (string) – type of to be created token
Returns: instance of the token class object
Return type: token class object
- linotp.lib.token.finish_check_TokenList(validTokenList, pinMatchingTokenList, invalidTokenlist, user)[source]¶
- linotp.lib.token.genSerial(tokenType=None, prefix=None)[source]¶
generate a serial number similar to the one generated in the manage web gui
Parameters: tokenType – the token type prefix is done by a lookup on the tokens Returns: serial number
- linotp.lib.token.getOtp(serial, curTime=None)[source]¶
This function returns the current OTP value for a given Token. Please note, that this controller needs to be activated and that the tokentype needs to support this function.
- method
- getOtp - get the current OTP value
- parameter
- serial - serialnumber for token curTime - used for self test
- return
- tuple with (res, pin, otpval, passw)
- linotp.lib.token.getRealms4Token(user, tokenrealm=None)[source]¶
get the realm objects of a user or from the tokenrealm defintion, which could be a list of realms or a single realm
- helper method to enhance the code readablility
Parameters: - user – the user wich defines the set of realms
- tokenrealm – a string or a list of realm strings
Returns: the list of realm objects
- linotp.lib.token.getRealmsOfTokenOrUser(token)[source]¶
This returns the realms of either the token or of the user of the token.
- linotp.lib.token.getTokenConfig(tok, section=None)[source]¶
- getTokenConfig - return the config definition
- of a dynamic token
Parameters: - tok (string) – token type (shortname)
- section (string) – subsection of the token definition - optional
Returns: dict - if nothing found an empty dict
Return type: dict
- linotp.lib.token.getTokenInRealm(realm, active=True)[source]¶
This returns the number of tokens in one realm.
You can either query only active token or also disabled tokens.
- linotp.lib.token.getTokenNumResolver(resolver=None, active=True)[source]¶
This returns the number of the (active) tokens if no resolver is passed, the overall token number is returned, if a resolver is passed, the token number within this resolver is returned
if active is set to false, ALL tokens are returned
- linotp.lib.token.getTokenOwner(serial)[source]¶
returns the user object, to which the token is assigned. the token is idetified and retirved by it’s serial number
Parameters: serial – serial number of the token Returns: user object
- linotp.lib.token.getTokenRealms(serial)[source]¶
This function returns a list of the realms of a token
- linotp.lib.token.getTokenType(serial)[source]¶
Returns the tokentype of a given serial number
Parameters: serial – the serial number of the to be searched token
- linotp.lib.token.getTokens4UserOrSerial(user=None, serial=None, forUpdate=False, _class=True)[source]¶
- linotp.lib.token.getTokensOfType(typ=None, realm=None, assigned=None)[source]¶
This function returns a list of token objects of the following type.
- here we need to create the token list.
- all types (if typ==None)
- realms
- assigned or unassigned tokens (1/0)
TODO: rename function to “getTokens”
- linotp.lib.token.get_multi_otp(serial, count=0, epoch_start=0, epoch_end=0, curTime=None)[source]¶
This function returns a list of OTP values for the given Token. Please note, that this controller needs to be activated and that the tokentype needs to support this function.
- method
- get_multi_otp - get the list of OTP values
- parameter
- serial - the serial number of the token count - number of the <count> next otp values (to be used with event or timebased tokens) epoch_start - unix time start date (used with timebased tokens) epoch_end - unix time end date (used with timebased tokens) curTime - used for selftest
- return
- dictionary of otp values
- linotp.lib.token.get_serial_by_otp(token_list=None, otp='', window=10, typ=None, realm=None, assigned=None)[source]¶
Returns the serial for a given OTP value and the user (serial, user)
Parameters: - otp –
- the otp value to be searched
- window –
- how many OTPs should be calculated per token
- typ –
- The tokentype
- realm –
- The realm in which to search for the token
- assigned –
- search either in assigned (1) or not assigend (0) tokens
Returns: the serial for a given OTP value and the user
- otp –
- linotp.lib.token.get_token_by_otp(token_list=None, otp='', window=10, typ=u'HMAC', realm=None, assigned=None)[source]¶
- method
- get_token_by_otp - from the given token list this function returns
- the token, that generates the given OTP value
Parameters: - token_list –
- the list of token objects to be investigated
- otpval –
- the otp value, that needs to be found
- window –
- the window of search
- assigned –
- or unassigned tokens (1/0)
Returns: returns the token object.
- linotp.lib.token.get_token_owner(token)[source]¶
provide the owner as a user object for a given tokenclass obj
Parameters: token – tokenclass object Returns: user object
- linotp.lib.token.get_token_type_list()[source]¶
get_token_type_list - returns the list of the available tokentypes like hmac, spass, totp...
Returns: list of token types :rtype : list
- linotp.lib.token.get_tokenserial_of_transaction(transId)[source]¶
get the serial number of a token from a challenge state / transaction
Parameters: transId – the state / transaction id Returns: the serial number or None
- linotp.lib.token.initToken(param, user, tokenrealm=None)[source]¶
initToken - create a new token or update a token
Parameters: - param – the list of provided parameters in the list the serialnumber is required, the token type default ist hmac
- user – the token owner
- tokenrealm – the realms, to which the token belongs
Returns: tuple of success and token object
- linotp.lib.token.losttoken(serial, new_serial='', password='', default_validity=0)[source]¶
This is the workflow to handle a lost token
Parameters: - serial – Token serial number
- new_serial – new serial number
- password – new password
- default_validity – set the token to be valid
Returns: result dictionary
- linotp.lib.token.newToken(token_class)[source]¶
newTokenClass - return a token class, which could be used as a constructor
Parameters: token_class (string) – string representation of the token class name Returns: token class Return type: token class