linotp.lib.tokens.emailtoken module

This file contains the e-mail token implementation:
  • EmailTokenClass (HOTP)
class linotp.lib.tokens.emailtoken.EmailTokenClass(aToken)[source]

Bases: linotp.lib.tokens.hmactoken.HmacTokenClass

E-mail token (similar to SMS token)

DEFAULT_EMAIL_PROVIDER = 'linotp.provider.emailprovider.SMTPEmailProvider'
EMAIL_ADDRESS_KEY = 'email_address'
authenticate(passw, user, options=None)[source]

The e-mail token only supports challenge response mode therefore when a ‘normal’ authenticate’ request arrives we return false.

Returns:pin_match, otp_counter, reply
Return type:bool, int, string
checkResponse4Challenge(user, passw, options=None, challenges=None)[source]

verify the response of a previous challenge

There are two possible cases:

  1. The ‘transaction_id’ (also know as ‘state’, which has the same value) is available in options
  2. No ‘transaction_id’

In the first case we can safely assume that the passw only contains the OTP (no pin). In the second case passw will contain both and we split to get the OTP.

  • user – the requesting user
  • passw – the to be checked pass (pin+otp)
  • options – options an additional argument, which could be token specific
  • challenges – the list of challenges, where each challenge is described as dict

tuple of (otpcounter and the list of matching challenges)

createChallenge(transactionid, options=None)[source]

create a challenge, which is submitted to the user

  • transactionid – the id of this challenge
  • options – the request context parameters / data

tuple of (bool, message, data and attributes) bool, if submit was successful message is status-info submitted to the user data is preserved in the challenge attributes - additional attributes, which are displayed in the


Return type:

bool, string, dict, dict

classmethod getClassInfo(key=None, ret='all')[source]

getClassInfo - returns a subtree of the token definition

  • key (string) – subsection identifier
  • ret (user defined) – default return value, if nothing is found

subsection if key exists or user defined

Return type:


classmethod getClassPrefix()[source]
classmethod getClassType()[source]
getInitDetail(params, user=None)[source]

to complete the token normalisation, the response of the initialiastion should be build by the token specific method, the getInitDetails

initChallenge(transactionid, challenges=None, options=None)[source]

initialize the challenge - This method checks if the creation of a new challenge (identified by transactionid) should proceed or if an old challenge should be used instead.

  • transactionid – the id of the new challenge
  • options – the request parameters

tuple of success - bool transactionid_to_use - the best transaction id for this

request context

message - which is shown to the user attributes - further info (dict) shown to the user

is_challenge_response(passw, user, options=None, challenges=None)[source]

Checks if the request is a challenge response.

With the e-mail token every request has to be either a challenge request or a challenge response.

Normally the client is unable to generate OTP values for this token himself (because the seed is generated on the server and not published) and has to wait to get it by e-mail. Therefore he either makes a challenge-request (triggering the e-mail) or he makes a challenge- response (sending the OTP value he received).

Returns:Is this a challenge response?
Return type:bool
update(param, reset_failcount=True)[source]

update - process initialization parameters

Parameters:param (dict) – dict of initialization parameters

this function checks the policy scope=selfservice, action=edit_email This is a int policy, while the ‘0’ is a deny