linotp.tokens.spasstoken module

This file containes the dynamic SPass token implementation: - SpassTokenClass

class linotp.tokens.spasstoken.SpassTokenClass(aToken)

Bases: TokenClass

This is a simple pass token. It does have no OTP component. The OTP checking will always succeed. Of course, an OTP PIN can be used.

authenticate(passw, user, options=None)

in case of a wrong passw, we return a bad matching pin, so the result will be an invalid token

classmethod getClassInfo(key=None, ret='all')

getClassInfo - returns a subtree of the token definition

Parameters

  • key (string) – subsection identifier

  • ret (user defined) – default return value, if nothing is found

Returns

subsection if key exists or user defined

Return type

s.o.

classmethod getClassPrefix()
classmethod getClassType()
is_challenge_request(passw, user, options=None)

This method checks, if this is a request, that triggers a challenge.

The default behaviour to trigger a challenge is, if the passw parameter only contains the correct token pin and the request contains a data or a challenge key i.e. if the options parameter contains a key data or challenge.

Each token type can decide on its own under which condition a challenge is triggered by overwriting this method.

please note: in case of pin policy == 2 (no pin is required) the check_pin would always return true! Thus each request containing a data or challenge would trigger a challenge!

Parameters

  • passw (string) – password, which might be pin or pin+otp

  • user (User object) – The user from the authentication request

  • options (dict) – dictionary of additional request parameters

Returns

true or false

is_challenge_response(passw, user, options=None, challenges=None)

This method checks, if this is a request, that is the response to a previously sent challenge.

The default behaviour to check if this is the response to a previous challenge is simply by checking if the request contains a parameter state or transactionid i.e. checking if the options parameter contains a key state or transactionid.

This method does not try to verify the response itself! It only determines, if this is a response for a challenge or not.

Parameters

  • passw (string) – password, which might be pin or pin+otp

  • user (User object) – the requesting user

  • options ((dict)) – dictionary of additional request parameters

  • challenges – A list of challenges for this token. These challenges may be used, to identify if this request is a response for a challenge.

Returns

true or false

update(param)