linotp.controllers.ocra module

ocra controller - Interface for the Challenge Response Token (OCRA)

class linotp.controllers.ocra.OcraController(*args, **kw)[source]

Bases: linotp.lib.base.BaseController

The OcraController implements challenges/response tokens according to RFC 6287

calculateOtp()[source]
check_t()[source]
method:
ocra/check_t
description:
verify the response of the ocra token
arguments:
  • transactionid: (required - string)

    Dies ist eine Transaktions-ID, die bei der Challenge ausgegeben wurde.

  • pass: (required - string)

    die response, die der OCRA Token auf Grund der Challenge berechnet hat

returns:

A JSON response:

{
 "version": "LinOTP 2.4",
 "jsonrpc": "2.0",
 "result": {
     "status": true,
     "value": {
         "failcount" : 3,
         "result": false
        }
    },
 "id": 0
}

exception:

checkstatus()[source]
method:
ocra/checkstatus
description:
Methode zur assynchronen Ueberpruefungen eines Challenge Response Valiadation requests

arguments:

  • transactionid: (required one of - string - (hex))

    Dies ist eine Transaktions-ID, die bei der Challenge ausgegeben wurde.

  • serial: (required one of - string)

    die Serien Nummer des OCRA Token

  • user: (required one of - string)

    die Benutzer eines Tokens

required is one of (user,serial,transactionid)

returns:

A JSON response:

{
 "version": "LinOTP 2.4",
 "jsonrpc": "2.0",
 "result": {
     "status": true,
     "value": [
             {
             "serial": SERIENNUMMER1,
             "transactionid": TRANSACTIONID1,
             "received_tan": true,
             "valid_tan": true,
             "failcount": 0
             },
             {
             "serial": SERIENNUMMER1,
             "transactionid": TRANSACTIONID2,
             "received_tan": false,
             "valid_tan": false,
             "failcount": 0
             },
             {
             "serial": SERIENNUMMER2,
             "transactionid": TRANSACTIONID3,
             "received_tan": true,
             "valid_tan": false,
             "failcount": 2
             },
         ]
     },
 "id": 0
 }

exception:

getActivationCode()[source]
method:
ocra/getActivationCode
description:
returns an valid example activcation code
arguments:
./.
returns:
JSON with “activationcode”: “JZXW4ZI=2A”
request()[source]
method:
ocra/request
description:
request a challenge for a user or for a serial number (token).
arguments:
  • serial: (required - string) Serial number of the token, for which a challenge should be generated (either serial or user is required)
  • user: (required - string) The user for whose token a challenge should be generated If the user has more than one token, an error is returend. (either serial or user is required)
  • data: (required - String: URLendoced) These are the display data, that can be used to generate the challenge
remark:

the app will report a wrong qrcode, if the policy:

{'authentication' : qrtanurl=https://localhost }

is not defined !!

returns:

A JSON respone:

{
    "version": "LinOTP 2.4",
    "jsonrpc": "2.0",
    "result": {
        "status": true,
        "value": false,
    },
    "detail": {
            "transactionid" : TRANSAKTIONSID,
            "data" : DATAOBJECT,
    }
}
  • transactionid: This is the transaction ID, that is used later for verifying the Return code /TAN.
  • data: This is an object (URL) which can be used to generate a QR-Code to be displayed to the QRTAN App