6.1.1.3.2.34. linotp.lib.validate module¶
validation processing logic
- class linotp.lib.validate.ValidateToken(token, user=None, context=None)[source]¶
Bases: object
class to manage the validation of a token
- ValidateToken.checkToken(passw, user, options=None)[source]¶
validate a token against the provided pass
Raises : “challenge not found”, if a state is given and no challenge is found for this challenge id
Parameters: - passw – the password, which could either be a pin, a pin+otp or otp
- user – the user which the token belongs to
- options – dict with additional request parameters
Returns: tuple of otpcounter and potential reply
- ValidateToken.check_challenges(challenges, user, passw, options=None)[source]¶
This function checks, if the given response (passw) matches any of the open challenges
to prevent the token author to deal with the database layer, the token.checkResponse4Challenge will recieve only the dictionary of the challenge data
Parameters: - challenges – the list of database challenges
- user – the requesting use
- passw – the to password of the request, which must be pin+otp
- options – the addtional request parameters
Returns: tuple of otpcount (as result of an internal token.checkOtp) and additional optional reply
- ValidateToken.check_standard(passw, user, options=None)[source]¶
do a standard verification, as we are not in a challengeResponse mode
the upper interfaces expect in the success the otp counter or at least 0 if we have a success. A -1 identifies an error
Parameters: - passw – the password, which should be checked
- options – dict with additional request parameters
Returns: tuple of matching otpcounter and a potential reply
- ValidateToken.delete_challenges(challenges)[source]¶
delete challenges, which match those listed ones
Parameters: challenges – list of (dict|int|str) challenges Returns: result of the delete operation
- ValidateToken.get_challenges(options=None)[source]¶
get all challenges, defined either by the option=state or identified by the token serial reference
Parameters: options – the request options Returns: a list of challenges
- ValidateToken.get_verification_result()[source]¶
return the internal result representation of the token verification which are a set of list, which stand for the challenge, pinMatching or invalid or valid token list
- the lists are returned as they easily could be joined into the final token list, independent of they are empty or contain a token obj
Returns: tuple of token lists
- linotp.lib.validate.check_otp(token, otpval, options=None)[source]¶
check the otp value
Parameters: - otpval – the to be checked otp value
- options – the additional request parameters
Returns: result of the otp check, which is the matching otpcounter or -1 if not valid
- linotp.lib.validate.check_pin(token, passw, user=None, options=None)[source]¶
check the provided pin w.r.t. the policy definition
Parameters: - passw – the to be checked pass
- user – if otppin==1, this is the user, which resolver should be checked
- options – the optional request parameters
Returns: boolean, if pin matched True
- linotp.lib.validate.create_challenge(token, options=None)[source]¶
dedicated method to create a challenge to support the implementation of challenge policies in future
Parameters: options – optional parameters for token specific tokens eg. request a signed challenge Returns: a tuple of (boolean, and a dict, which contains the {‘challenge’ : challenge} description)
- linotp.lib.validate.get_challenges(serial=None, transid=None)[source]¶
get_challenges - give all challenges for a given token
Parameters: - serial – serial of the token
- transid – transaction id, if None, all will be retrieved
Returns: return a list of challenge dict
- linotp.lib.validate.split_pin_otp(token, passw, user=None, options=None)[source]¶
split the pin and the otp fron the given password
Parameters: - passw – the to be splitted password
- options – currently not used, but might be forwarded to the token.splitPinPass
Returns: tuple of (split status, pin and otpval)