linotp.useridresolver.SQLIdResolver module

This module implements the communication and data mapping to SQL servers. The LinOTP server imports this module to use SQL databases as a userstore.

Dependencies: UserIdResolver

class linotp.useridresolver.SQLIdResolver.IdResolver

Bases: UserIdResolver

A resolver class for userIds

Attributes

managed: means it uses the linotp DB [session] for storing and retrieving user information.

checkMapping()

check the given sql field map against the sql table definition

Returns:

checkPass(uid, password)

checkPass - checks the password for a given uid.

Parameters:

  • uid (string) – userid to be checked

  • password (string) – user password

:return : true in case of success, false if password does not match :rtype : boolean

Todo:

extend to support htpasswd passwords: http://httpd.apache.org/docs/2.2/misc/password_encryptions.html

close()

close the db connection - will be called at the end of the request

connect(sqlConnect=None)

create a db connection and preserve session in self.dbObj

Parameters:

sqlConnect – the sql connection string

critical_parameters: List[str] = ['Driver', 'Server', 'Port', 'Database', 'User', 'Table']
crypted_parameters: List[str] = ['Password']
db_prefix = 'useridresolver.SQLIdResolver.IdResolver'
classmethod getResolverClassDescriptor()

return the descriptor of the resolver, which is - the class name and - the config description

Returns:

resolver description dict

Return type:

dict

classmethod getResolverClassType()

provide the resolver type for registration

getResolverDescriptor()

return the descriptor of the resolver, which is - the class name and - the config description

Returns:

resolver description dict

Return type:

dict

getResolverId()

getResolverId - provide the resolver identifier

Returns:

returns the resolver identifier string or empty string if not exist

:rtype : string

getResolverType()

getResolverType - return the type of the resolver

Returns:

returns the string ‘sqlresolver’

Return type:

string

getSearchFields()

return all fields on which a search could be made

Returns:

dictionary of the search fields and their types

Return type:

dict

getUserId(loginName)

return the userId which mappes to a loginname

Parameters:

loginName (string) – login name of the user

Returns:

userid - unique idenitfier for this unser

Return type:

string

getUserInfo(userId, suppress_password=True)

return all user related information

@param userId: specified user @type userId: string @return: dictionary, containing all user related info @rtype: dict

getUserList(searchDict)

retrieve a list of users

Parameters:

searchDict (dict) – dictionary of the search criteria

Returns:

list of user descriptions (as dict)

getUsername(userId)

get the loginname from the given userid

Parameters:

userId (string) – userid descriptor

Returns:

loginname

Return type:

string

loadConfig(config, conf='')

loadConfig - load the config for the resolver

Parameters:

  • config (dict) – configuration for the sqlresolver

  • conf (string) – configuration postfix

classmethod primary_key_changed(new_params, previous_params)

check if during the parameter update the primary key has changed

Parameters:

  • new_params – the set of new parameters

  • previous_params – the set of previous parameters

Returns:

boolean

resolver_parameters: Dict[str, Tuple[bool, Optional[Union[str, bool, int]], Callable[[Any], Any]]] = {'Connect': (False, '', <class 'str'>), 'Database': (False, '', <class 'str'>), 'Driver': (False, None, <class 'str'>), 'Encoding': (False, 'utf-8', <class 'str'>), 'Limit': (False, '1000', <class 'int'>), 'Map': (False, '', <class 'str'>), 'Password': (True, '', <function encrypted_data>), 'Port': (False, '', <class 'str'>), 'Server': (False, '', <class 'str'>), 'Table': (False, '', <class 'str'>), 'User': (False, '', <class 'str'>), 'Where': (False, '', <class 'str'>), 'conParams': (False, '', <class 'str'>), 'readonly': (False, False, <function boolean>)}
classmethod setup(config=None, cache_dir=None)

this setup hook is triggered, when the server starts to serve the first request

Parameters:

config (the linotp config dict) – the linotp config

classmethod testconnection(parameters)

This is used to test if the given parameter set will do a successful SQL connection and return the number of found users params are:

  • Driver

  • Server

  • Port

  • Database

  • User

  • Password

  • Table

linotp.useridresolver.SQLIdResolver.build_simple_connect(driver, user=None, pass_=None, server=None, port=None, db=None, conParams=None)

build from the parameters the sql connect url

Parameters:

  • driver – the url protocol / prefix

  • user – the database accessing user

  • pass – the password of database accessing user

  • server – the hostname for the server could be empty

  • port – the port on th server host, could be empty

  • db – the database on the server

  • conParams – additional and optional database parameter

return the connection string

linotp.useridresolver.SQLIdResolver.call_on_connect(dbapi_con, connection_record)
linotp.useridresolver.SQLIdResolver.check_password(password, crypted_password, salt=None)

check the crypted password and the optional salt for various password schemes defining a passlib crypto context

  • {id}pwdata - LDAP format

  • $id$pwdata - modular crypt format

  • other format like the Atlassian or PHP passwords

  • support db format

  • support for archaic formats like Des

the definitions of the crypto context is made above in the schema lists

the algorithm iterates over the crypto contexts to identify the type of the password and, if salt is provided, tries to verify with or without salt.

Parameters:

  • password – plaintext password

  • crypted_password – the crypted password

  • salt – optional

Returns:

boolean

class linotp.useridresolver.SQLIdResolver.dbObject

Bases: object

close()
connect(sqlConnect, db=None, timeout=5)

create a db session with the sqlConnect string or with the flask sqlalchemy db object

Parameters:

  • sqlConnect – sql url for the connection

  • db – the configured flask-sqlalchemy db object (this overrides the sqlConnect parameter)

count(table, where='')
getTable(tableName)
query(select)
linotp.useridresolver.SQLIdResolver.make_connect(driver, user, pass_, server, port, db, conParams='')

create a connect string from separate parts - to build a SQLAlchemy Uri

Parameters:

  • driver (string) – mysql, postgres, …

  • user (string) – database connection user

  • pass (string) – password of the database user

  • server (string) – servername

  • port (string or int) – database connection port

  • db (string) – database name

  • conParams (string) – additional connection parameters

linotp.useridresolver.SQLIdResolver.testconnection(params)

provide the old interface for backward compatibility