linotp.tokens.emailtoken module¶
- This file contains the e-mail token implementation:
EmailTokenClass (HOTP)
- class linotp.tokens.emailtoken.EmailTokenClass(aToken)¶
Bases:
HmacTokenClassE-mail token (similar to SMS token)
- DEFAULT_EMAIL_BLOCKING_TIMEOUT = 120¶
- DEFAULT_EMAIL_PROVIDER = 'linotp.provider.emailprovider.SMTPEmailProvider'¶
- EMAIL_ADDRESS_KEY = 'email_address'¶
- authenticate(passw, user, options=None)¶
The e-mail token only supports challenge response mode therefore when a ‘normal’ authenticate’ request arrives we return false.
- Returns:
pin_match, otp_counter, reply
- Return type:
bool, int, string
- checkResponse4Challenge(user, passw, options=None, challenges=None)¶
verify the response of a previous challenge
There are two possible cases:
The ‘transaction_id’ (also know as ‘state’, which has the same value) is available in options
No ‘transaction_id’
In the first case we can safely assume that the passw only contains the OTP (no pin). In the second case passw will contain both and we split to get the OTP.
- Parameters:
user – the requesting user
passw – the to be checked pass (pin+otp)
options – options an additional argument, which could be token specific
challenges – the list of challenges, where each challenge is described as dict
- Returns:
tuple of (otpcounter and the list of matching challenges)
- createChallenge(transactionid, options=None)¶
create a challenge, which is submitted to the user
- Parameters:
transactionid – the id of this challenge
options – the request context parameters / data
- Returns:
tuple of (bool, message, data and attributes) bool, if submit was successful message is status-info submitted to the user data is preserved in the challenge attributes - additional attributes, which are displayed in the
output
- Return type:
bool, string, dict, dict
- Raises:
Exceptions will not be catched therefore any exception will be passed
to the upper calling method
- classmethod getClassInfo(key=None, ret='all')¶
getClassInfo - returns a subtree of the token definition
- Parameters:
key (string) – subsection identifier
ret (user defined) – default return value, if nothing is found
- Returns:
subsection if key exists or user defined
- Return type:
s.o.
- classmethod getClassPrefix()¶
- classmethod getClassType()¶
getClassType - return the token type shortname
- Returns:
‘hmac’
- Return type:
string
- getInitDetail(params, user=None)¶
to complete the token normalisation, the response of the initialiastion should be build by the token specific method, the getInitDetails
- initChallenge(transactionid, challenges=None, options=None)¶
initialize the challenge - This method checks if the creation of a new challenge (identified by transactionid) should proceed or if an old challenge should be used instead.
- Parameters:
transactionid – the id of the new challenge
options – the request parameters
- Returns:
tuple of success - bool transactionid_to_use - the best transaction id for this
request context
message - which is shown to the user attributes - further info (dict) shown to the user
- is_challenge_response(passw, user, options=None, challenges=None)¶
Checks if the request is a challenge response.
With the e-mail token every request has to be either a challenge request or a challenge response.
Normally the client is unable to generate OTP values for this token himself (because the seed is generated on the server and not published) and has to wait to get it by e-mail. Therefore he either makes a challenge-request (triggering the e-mail) or he makes a challenge- response (sending the OTP value he received).
- Returns:
Is this a challenge response?
- Return type:
bool
- update(param, reset_failcount=True)¶
update - process initialization parameters
- Parameters:
param (dict) – dict of initialization parameters
- Returns:
nothing
- linotp.tokens.emailtoken.is_email_editable(user='')¶
this function checks the policy scope=selfservice, action=edit_email This is a int policy, while the ‘0’ is a deny