6.1.1.3.1.5.1.1. linotp.lib.tokens.emailtoken module

This file contains the e-mail token implementation: - EmailTokenClass (HOTP)

class linotp.lib.tokens.emailtoken.EmailTokenClass(aToken)

Bases: linotp.lib.tokens.hmactoken.HmacTokenClass

E-mail token (similar to SMS token)

DEFAULT_EMAIL_BLOCKING_TIMEOUT = 120

DEFAULT_EMAIL_PROVIDER = 'linotp.lib.emailprovider.SMTPEmailProvider'

EMAIL_ADDRESS_KEY = 'email_address'

authenticate(passw, user, options=None)

The e-mail token only supports challenge response mode therefore when a ‘normal authenticate’ request arrives we return false.

Returns:pin_match, otp_counter, reply Return type:bool, int, string

checkResponse4Challenge(user, passw, options=None, challenges=None)

verify the response of a previous challenge

There are two possible cases:

1. The ‘transaction_id’ (also know as ‘state’, which has the same value) is available in options
2. No ‘transaction_id’

In the first case we can safely assume that the passw only contains the OTP (no pin). In the second case passw will contain both and we split to get the OTP.

Parameters:

• user – the requesting user
• passw – the to be checked pass (pin+otp)
• options – options an additional argument, which could be token specific
• challenges – the list of challenges, where each challenge is described as dict

Returns:

tuple of (otpcounter and the list of matching challenges)

createChallenge(transactionid, options=None)

create a challenge, which is submitted to the user

Parameters:

• transactionid – the id of this challenge
• options – the request context parameters / data

Returns:

tuple of (bool, message, data and attributes) bool, if submit was successful message is status-info submitted to the user data is preserved in the challenge attributes - additional attributes, which are displayed in the

output

Return type:

bool, string, dict, dict

classmethod getClassInfo(key=None, ret='all')

getClassInfo - returns a subtree of the token definition

Parameters:

• key (string) – subsection identifier
• ret (user defined) – default return value, if nothing is found

Returns:

subsection if key exists or user defined

Return type:

s.o.

classmethod getClassPrefix()

classmethod getClassType()

initChallenge(transactionid, challenges=None, options=None)

initialize the challenge - This method checks if the creation of a new challenge (identified by transactionid) should proceed or if an old challenge should be used instead.

Parameters:

• transactionid – the id of the new challenge
• options – the request parameters

Returns:

tuple of success - bool transactionid_to_use - the best transaction id for this request context message - which is shown to the user attributes - further info (dict) shown to the user

is_challenge_response(passw, user, options=None, challenges=None)

Checks if the request is a challenge response.

With the e-mail token every request has to be either a challenge request or a challenge response.

Normally the client is unable to generate OTP values for this token himself (because the seed is generated on the server and not published) and has to wait to get it by e-mail. Therefore he either makes a challenge-request (triggering the e-mail) or he makes a challenge- response (sending the OTP value he received).

Returns:Is this a challenge response? Return type:bool

update(param, reset_failcount=True)

update - process initialization parameters

Parameters:param (dict) – dict of initialization parameters Returns:nothing