linotp.lib.openid module

This is the logic for the openid service

class linotp.lib.openid.HandlesTable(handler='', secret_b64='', assoc_type='', private=False)[source]

Bases: object

assoc_type
handler
private
secret
class linotp.lib.openid.IdResMessage(storage, host, expires_in=3600, **params)[source]

Bases: dict

get_url()[source]
get_user_detail()[source]

get detail info about openid cookie owner

Returns:tuple of (email,firstname,lastname,fullname)
sign()[source]

Signs the message - calculate and add signature to self dict entry: ‘openid.sig’

Returns:
  • nothing -
store_redirect()[source]
store_site()[source]
class linotp.lib.openid.RedirectsTable(token='', url='', site='', handle='')[source]

Bases: object

handle
site
token
url
class linotp.lib.openid.SQLStorage[source]

Bases: object

add_association(handler, secret_b64, assoc_type, private=False, expires_in=None)[source]
add_redirect(url, site, handle)[source]
add_site(site, handle)[source]
add_trusted_root(user, site)[source]
check_auth(handle, site)[source]
del_association(handler)[source]
get_association(handler)[source]
classmethod get_name()[source]
get_redirect(redirect_token)[source]
get_sites(handle)[source]
get_trusted_roots(user)[source]
get_user_by_token(token)[source]
get_user_token(user)[source]
set_user_token(user, expire=3600)[source]

This function sets the token of the user. This is the token, that is also stored in the cookie

Parameters:
  • user – the username
  • expire – the time in seconds, how long this token is valid. This corresponds to the cookie lifetime.
class linotp.lib.openid.SitesTable(handle='', site='')[source]

Bases: object

handle
id
site
class linotp.lib.openid.TrustedRootTable(user, site)[source]

Bases: object

id
site
user
class linotp.lib.openid.UserTable(user, token, expire)[source]

Bases: object

expire
token
user
linotp.lib.openid.and_(*clauses)

Produce a conjunction of expressions joined by AND.

E.g.:

from sqlalchemy import and_

stmt = select([users_table]).where(
                and_(
                    users_table.c.name == 'wendy',
                    users_table.c.enrolled == True
                )
            )

The and_() conjunction is also available using the Python & operator (though note that compound expressions need to be parenthesized in order to function with Python operator precedence behavior):

stmt = select([users_table]).where(
                (users_table.c.name == 'wendy') &
                (users_table.c.enrolled == True)
            )

The and_() operation is also implicit in some cases; the Select.where() method for example can be invoked multiple times against a statement, which will have the effect of each clause being combined using and_():

stmt = select([users_table]).\
            where(users_table.c.name == 'wendy').\
            where(users_table.c.enrolled == True)

See also

or_()

linotp.lib.openid.btwoc(value)[source]
linotp.lib.openid.check_authentication(**params)[source]
linotp.lib.openid.create_association(storage, expires_in=3600, **params)[source]
linotp.lib.openid.create_handle(assoc_type)[source]

Creates an association handle.

Args:
assoc_type: HMAC-SHA1 or HMAC-SHA256
Returns:
secret_b64, association handle
linotp.lib.openid.get_dh_key(pubkey, session_type, secret_b64, gen=None, mod=None)[source]

Returns a Diffie-Hellman encoded key

Args:
  • the public key of the other side
  • session_type: DH-SHA1 or DH-SHA256
  • secret_b64: the shared secret, base 64 encoded
  • gen: generator. default to 2
  • mod: modulus, default to the default openid prime

Return: base64(crypted(pubkey) xor mac_key), btwoc(pub)

linotp.lib.openid.get_nonce()[source]
linotp.lib.openid.randchar()[source]
linotp.lib.openid.unbtwoc(value)[source]
linotp.lib.openid.xor(x, y)[source]