6.1.1.3.1.5.1.2. linotp.lib.tokens.hmactoken module¶
This file containes the dynamic hmac token implementation: - HmacTokenClas (HOTP)
- class linotp.lib.tokens.hmactoken.HmacTokenClass(a_token)[source]¶
Bases: linotp.lib.tokenclass.TokenClass
hotp token class implementation
- autosync(hmac2Otp, anOtpVal)[source]¶
auto - sync the token based on two otp values - internal method to realize the autosync within the checkOtp method
Parameters: - hmac2Otp (hmac object) – the hmac object (with reference to the token secret)
- anOtpVal (string) – the actual otp value
Returns: counter or -1 if otp does not exist
Return type: int
- checkOtp(anOtpVal, counter, window, options=None)[source]¶
checkOtp - validate the token otp against a given otpvalue
Parameters: - anOtpVal (string) – the to be verified otpvalue
- counter (int) – the counter state, that should be verified
- window (int) – the counter +window, which should be checked
- options (dict) – the dict, which could contain token specific info
Returns: the counter state or -1
Return type: int
- checkResponse4Challenge(user, passw, options=None, challenges=None)[source]¶
verify the response of a previous challenge
Parameters: - user – the requesting user
- passw – the to be checked pass (pin+otp)
- options – options an additional argument, which could be token specific
- challenges – the list of challenges, where each challenge is described as dict
Returns: tuple of (otpcounter and the list of matching challenges)
- check_otp_exist(otp, window=10)[source]¶
checks if the given OTP value is/are values of this very token. This is used to autoassign and to determine the serial number of a token.
Parameters: - otp (string) – the to be verified otp value
- window (int) – the lookahead window for the counter
Returns: counter or -1 if otp does not exist
Return type: int
- createChallenge(state, options=None)[source]¶
create a challenge, which is submitted to the user
Parameters: - state – the state/transaction id
- options – the request context parameters / data
Returns: tuple of (bool, message and data) message is submitted to the user data is preserved in the challenge attributes are additional attributes, which could be returned
- classmethod getClassInfo(key=None, ret='all')[source]¶
getClassInfo - returns a subtree of the token definition
Parameters: - key (string) – subsection identifier
- ret (user defined) – default return value, if nothing is found
Returns: subsection if key exists or user defined
Return type: s.o.
- classmethod getClassType()[source]¶
getClassType - return the token type shortname
Returns: ‘hmac’ Return type: string
- getSyncTimeOut()[source]¶
get the token sync timeout value
Returns: timeout value in seconds Return type: int
- get_multi_otp(count=0, epoch_start=0, epoch_end=0, curTime=None)[source]¶
return a dictionary of multiple future OTP values of the HOTP/HMAC token
Parameters: count (int) – how many otp values should be returned Returns: tuple of status: boolean, error: text and the OTP dictionary
- is_challenge_request(passw, user, options=None)[source]¶
check, if the request would start a challenge
- default: if the passw contains only the pin, this request would
trigger a challenge
- in this place as well the policy for a token is checked
Parameters: - passw – password, which might be pin or pin+otp
- options – dictionary of additional request parameters
Returns: returns true or false
- resync(otp1, otp2, options=None)[source]¶
resync the token based on two otp values - external method to do the resync of the token
Parameters: - otp1 (string) – the first otp value
- otp2 (string) – the second otp value
- options (dict or None) – optional token specific parameters
Returns: counter or -1 if otp does not exist
Return type: int