6.1.1.3.1.5.1.2. linotp.lib.tokens.hmactoken module

This file containes the dynamic hmac token implementation: - HmacTokenClas (HOTP)

class linotp.lib.tokens.hmactoken.HmacTokenClass(a_token)

Bases: linotp.lib.tokenclass.TokenClass

hotp token class implementation

autosync(hmac2Otp, anOtpVal)

auto - sync the token based on two otp values - internal method to realize the autosync within the checkOtp method

Parameters:

• hmac2Otp (hmac object) – the hmac object (with reference to the token secret)
• anOtpVal (string) – the actual otp value

Returns:

counter or -1 if otp does not exist

Return type:

int

checkOtp(anOtpVal, counter, window, options=None)

checkOtp - validate the token otp against a given otpvalue

Parameters:

• anOtpVal (string) – the to be verified otpvalue
• counter (int) – the counter state, that should be verified
• window (int) – the counter +window, which should be checked
• options (dict) – the dict, which could contain token specific info

Returns:

the counter state or -1

Return type:

int

checkResponse4Challenge(user, passw, options=None, challenges=None)

verify the response of a previous challenge

Parameters:

• user – the requesting user
• passw – the to be checked pass (pin+otp)
• options – options an additional argument, which could be token specific
• challenges – the list of challenges, where each challenge is described as dict

Returns:

tuple of (otpcounter and the list of matching challenges)

check_otp_exist(otp, window=10)

checks if the given OTP value is/are values of this very token. This is used to autoassign and to determine the serial number of a token.

Parameters:

• otp (string) – the to be verified otp value
• window (int) – the lookahead window for the counter

Returns:

counter or -1 if otp does not exist

Return type:

int

createChallenge(state, options=None)

create a challenge, which is submitted to the user

Parameters:

• state – the state/transaction id
• options – the request context parameters / data

Returns:

tuple of (bool, message and data) message is submitted to the user data is preserved in the challenge attributes are additional attributes, which could be returned

classmethod getClassInfo(key=None, ret='all')

getClassInfo - returns a subtree of the token definition

Parameters:

• key (string) – subsection identifier
• ret (user defined) – default return value, if nothing is found

Returns:

subsection if key exists or user defined

Return type:

s.o.

classmethod getClassPrefix()

classmethod getClassType()

getClassType - return the token type shortname

Returns:‘hmac’ Return type:string

getOtp(curTime=None)

get the next OTP value

Returns:next otp value Return type:string

getSyncTimeOut()

get the token sync timeout value

Returns:timeout value in seconds Return type:int

get_multi_otp(count=0, epoch_start=0, epoch_end=0, curTime=None)

return a dictionary of multiple future OTP values of the HOTP/HMAC token

Parameters:count (int) – how many otp values should be returned Returns:tuple of status: boolean, error: text and the OTP dictionary

is_challenge_request(passw, user, options=None)

check, if the request would start a challenge

• default: if the passw contains only the pin, this request would

trigger a challenge

• in this place as well the policy for a token is checked

Parameters:

• passw – password, which might be pin or pin+otp
• options – dictionary of additional request parameters

Returns:

returns true or false

resync(otp1, otp2, options=None)

resync the token based on two otp values - external method to do the resync of the token

Parameters:

• otp1 (string) – the first otp value
• otp2 (string) – the second otp value
• options (dict or None) – optional token specific parameters

Returns:

counter or -1 if otp does not exist

Return type:

int

update(param, reset_failcount=True)

update - process the initialization parameters

Parameters:param (dict) – dict of initialization parameters Returns:nothing